Monday, 22 April 2019

'Is that even legal?': Companies may be sharing new credit or debit card information without you knowing

https://twitter.com/DavidRayAmos/with_replies




Replying to and 47 others
Methinks folks should Google "Harper and Bankers" then say Hey to the banksters for me N'esy Pas?


https://davidraymondamos3.blogspot.com/2019/04/is-that-even-legal-companies-may-be.html






https://www.cbc.ca/news/business/banking-information-shared-with-third-parties-1.5102931




'Is that even legal?': Companies may be sharing new credit or debit card information without you knowing




133 Comments 




David R. Amos 
Methinks folks should Google "Harper and Bankers" then say Hey to the banksters for me N'esy Pas?


Robert Borden
Reply to @David R. Amos: while they are googling that, perhaps they should also google "David Raymond Amos", just to get perspective.


David R. Amos  
Content disabled 
Reply to @Robert Borden: Please do and ethical folks should add Federal Court File No T-1557-15 to their search Correct?


David R. Amos 
Reply to @Robert Borden: "just to get perspective. "

Perhaps you should Google Fundy Royal Debate.


David R. Amos 
Reply to @Robert Borden: Methinks if you are going to attack me in a politcal fashion you should be decent enough to do it with your real name Clearly you cannot be the lawyer Robert Borden who was 8th Prime Minister of Canada N'esy Pas? 


David R. Amos
Reply to @David R. Amos: Methinks somebody just made a major faux pas N'esy Pas?













Daulton Mckitty
I cannot believe what i just read, wow! Our bank? without our consent, other firm and data collection business have all our info, and our banks gave it to them, because how else would they get! This is scary!


David R. Amos 
Reply to @daulton mckitty: Methinks I must ask have you ever heard of FATCA? Trudeau can trust that many banksters and Yankees have N'esy Pas?



'Is that even legal?': Companies may be sharing new credit or debit card information without you knowing

Privacy advocate calls for laws requiring financial institutions to get customers to opt-in to service





Rosa Marchitelli · CBC News · Posted: Apr 21, 2019 8:00 PM ET


Vanessa Acuña is upset that PayPal was given the new expiry date on her Visa debit card without her knowledge. (Richard Grundy/CBC)



A Vancouver woman is sounding the alarm for millions of Canadians who have credit and debit cards, after information about her debit card was shared when it shouldn't have been.

Vanessa Acuña blames an "updating service" that some credit and debit card companies have that allows new account numbers and expiry dates to be shared with merchants customers have dealt with in the past.

Information about the sharing of this kind of information with third party companies is often buried in the fine print of bank and credit card agreements.









She thought the details of her Visa debit card — a debit card that can be used for online purchases — were secure.

"[I thought], 'How is this legal?'" Acuña said after discovering PayPal was given the new expiry date on her Visa debit card without her knowledge.

Visa — and other major credit cards — have "updater" programs, that automatically provide updated customer credit card information to subscribing merchants, including account numbers and expiry dates.

Companies automatically opt-in their customers to the service, whether they realize it or not.

The program is meant to be a convenience for customers and help merchants avoid missed payments on recurring bills.

"I have huge privacy concerns … I would really prefer that they tell you and give you an option to opt out of it. But that's not what they did."

The merchants who get the automatic updates pay for the service.

Thomas Keenan, author of TechnoCreep — a book about how technology is eroding privacy — says financial institutions need to ask themselves if they should be making money by sharing customers' information.


Author Thomas Keenan says credit card holders trade privacy for the convenience of the automatic updater service. (Colin Hall/CBC)
"Banks make a business out of information sharing. They actually have services — Visa, MasterCard — and they are paid to share that information," said Keenan.

Acuña believes that updater service is the reason the online payment system got her card information when it shouldn't have — but when she tried to find out why it happened, she couldn't.

'The bank wouldn't do that'


Acuña thought what happened to her private information was her decision, when PayPal sent an email in March asking her to update her debit card's expiry date.

She says she ignored the request, since she opened the account five years ago and rarely shops online and didn't want PayPal to have her new card information.

"Two days afterwards, I got another email saying, 'Oh we updated for you, so you don't have to.' And I just thought 'what?'" Acuña said.

She spent hours on the phone with TD Canada Trust, PayPal and Visa Canada, but instead of getting an explanation, she got three different answers.

PayPal told Acuña it got her new expiry date from her "financial institution or her credit card company."

Visa and TD both denied giving PayPal that information.

"[They said] they don't know who gave PayPal my information, which I don't think is a very good answer," Acuña said.

PayPal backtracks


It turns out Acuña's information shouldn't have been shared at all, since only Visa credit — not debit — cards are part of the updating agreement with TD.

Yet, none of the three companies involved will explain how her new debit card data ended up with PayPal.


Acuña spent hours on the phone trying to figure out why PayPal was given the new expiry date on her Visa debit card. (Richard Grundy/CBC)
After initially telling Go Public it got Acuña's information from the "account update services," PayPal  backtracked a few days later, saying the account updater service "doesn't apply" in Acuña's case.

So, how did PayPal get her new expiry date? It won't say, citing customer confidentiality — even though Acuña agreed to waive confidentiality to allow the company to answer Go Public's questions.
Visa Canada and TD also won't say who gave her card's new expiry date to PayPal.

"Visa does not automatically update expiry date information on behalf of TD Visa debit cardholders," Visa spokesperson Elisabeth Napolano said in an email, "Please refer your questions to PayPal."

"TD has no ability to automatically update expiry date information with merchants on behalf of TD Visa debit cardholders. For more information about the service, we recommend reaching out to Visa," wrote Geraldine Anderson from the bank's public relations department.

'Totally unacceptable'

 


Ann Cavoukian, former privacy commissioner of Ontario, says customers should have to agree to opt-in to services that share updated credit card information with third parties. Right now, customers are automatically opted-in to the service. (Joe Fiorino/CBC)
The lack of answers is why banks and credit card companies shouldn't be sharing any credit or debit card information without clear consent from customers, says Ann Cavoukian, who heads up the Privacy by Design Centre of Excellence at Ryerson University in Toronto.

"It's totally unacceptable," said Cavoukian, who worked as Ontario's information and privacy commissioner from 1997-2014.

"PayPal is one thing. But your own personal bank where your financial info is stored and kept? As I keep telling businesses, this is not your information. The information belongs to the individual."

She wants to see banks get what she calls "positive informed consent" before providing a third party with a customer's information.

"The banks have to step up and do this. They can't just assume you're OK with them sharing your new credit information."

Cavoukian wants to see Canada's privacy legislation, the Personal Information Protection and Electronic Documents Act, upgraded to match the one the European Union introduced in May. The General Data Protection Regulation is considered to have some of the world's strictest online privacy rules.

For now, if customers want to stop merchants from getting updated credit card information, they have to opt out through their banks — although it's unclear if that would have helped Acuña.

"I'm capable of putting in my information online if I need to. It's not a hassle for me, so I definitely would like the option," Acuña said

She says from now on, she'll take the time to read through all the legalese on those lengthy card agreements, and make sure she opts out of anything that allows financial institutions to share her information with third parties.

Submit your story ideas

Go Public is an investigative news segment on CBC-TV, radio and the web.
We tell your stories and hold the powers that be accountable.
We want to hear from people across the country with stories you want to make public.
Submit your story ideas to gopublic@cbc.ca.
Follow @CBCGoPublic on Twitter.

About the Author


Rosa Marchitelli
@cbcRosa
Rosa Marchitelli is a national award winner for her investigative work. As co-host of the CBC News segment Go Public, she has a reputation for asking tough questions and holding companies and individuals to account. Rosa's work is seen across CBC News platforms.
With files from Ana Komnenic
CBC's Journalistic Standards and Practices

1 comment:

  1. INSTEAD OF GETTING A LOAN,, I GOT SOMETHING NEW
    Get $5,500 USD every day, for six months!

    See how it works
    Do you know you can hack into any ATM machine with a hacked ATM card??
    Make up you mind before applying, straight deal...

    Order for a blank ATM card now and get millions within a week!: contact us
    via email address::{Universalcardshackers@gmail.com}

    We have specially programmed ATM cards that can be use to hack ATM
    machines, the ATM cards can be used to withdraw at the ATM or swipe, at
    stores and POS. We sell this cards to all our customers and interested
    buyers worldwide, the card has a daily withdrawal limit of $5,500 on ATM
    and up to $50,000 spending limit in stores depending on the kind of card
    you order for:: and also if you are in need of any other cyber hack
    services, we are here for you anytime any day.

    Here is our price lists for the ATM CARDS:

    Cards that withdraw $5,500 per day costs $200 USD
    Cards that withdraw $10,000 per day costs $850 USD
    Cards that withdraw $35,000 per day costs $2,200 USD
    Cards that withdraw $50,000 per day costs $5,500 USD
    Cards that withdraw $100,000 per day costs $8,500 USD

    make up your mind before applying, straight deal!!!

    The price include shipping fees and charges, order now: contact us via
    email address:: {Universalcardshackers@gmail.com}

    ReplyDelete