
Provider of Personal Finance Tools Tracks Cards, Sells Data to Investors (2015) - nstj
http://www.wsj.com/articles/provider-of-personal-finance-tools-tracks-bank-cards-sells-data-to-investors-1438914620
======
caseysoftware
I don't think the most valuable part is trying to re-identify transactions
down to users.. that would probably open a can of worms that has all kinds of
liability involved.

That said, if you could look at it in aggregate, that makes sense and could be
immensely valuable. When a pair of fraud researchers from Capital One made
$2.8M in three years by looking at _aggregate_ data and buying stocks based on
it, I was only surprised it didn't happen earlier:

[https://www.bloomberg.com/view/articles/2015-01-23/capital-o...](https://www.bloomberg.com/view/articles/2015-01-23/capital-
one-fraud-researchers-may-also-have-done-some-fraud)

And then suddenly Yodlee, Mint, and the others made even more sense once they
have scale..

 _(To be clear, this appears to be a form of insider trading and the two guys
were prosecuted so probably not a plan to emulate.)_

------
yladiz
It's worth posting the response that Yodlee made[0], but essentially it says
that Yodlee does give information to a few companies that use it for analytics
purposes, in a form that's "de-identified" and scrubbed of PII. The response
goes to lengths to say that the information has been scrubbed of any PII and
in every point made in the bullet list, it talks about that specific point.
While I don't doubt this, I do doubt that it's not impossible to de-anonymize
the data, which is the more important part; it doesn't matter if a company
hasn't done it or there is no proof that a company doesn't do it, it matters
if it's possible because Yodlee could be breached and that information could
then be used in ways that companies that are legally bound to agreements not
to do it can't/don't. Just because the "good guys" don't do something doesn't
mean it's not possible and that it'll never happen.

On a side note, it feels like the response wasn't proof read very well because
there are quite a few glaring typos and issues. Someone at the company
couldn't have given it a better review before posting, or reviewed it as they
were adding the addendum?

0: [https://www.yodlee.com/yodlee-responds/](https://www.yodlee.com/yodlee-
responds/)

~~~
x0x0
The response in no way addresses why Yodlee is so amazingly duplicitous.

Look at how Yodlee collects the data:

    
    
       Yodlee begins collecting transaction data from bank customers after they 
       sign up to use online tools powered by Yodlee.
       
       Some information also goes to Yodlee through a practice called “screen 
       scraping.” If a person uses a budgeting app created by Yodlee and gives the 
       app permission to access their bank accounts using their username and 
       password, Yodlee can capture the transaction history in those accounts.
    

How much do you want to bet the vast majority of those customers have (1) no
idea Yodlee is doing this, (2) were informed in only the most oblique way
hidden in pages of legal text, and (3) would not be enthused about this if
they knew.

~~~
shostack
Presumably people who want their budgeting app know it needs this data to do
the job. I'm a user of their Money Center product and it is a great way to see
my finances at my finger tips and has way better reporting than Mint who also
presumably does similar things and pushes a ton of affiliate offers.

~~~
x0x0
Right, showing a budget obviously can't be accomplished without reselling the
data to hedge funds, etc.

------
Johnie
This is old news. Channel checks is one use of this data and it's nothing new.

[http://www.integrity-research.com/are-channel-checks-
legit/](http://www.integrity-research.com/are-channel-checks-legit/)

------
davidu
This article is literally a year old, and the response has been posted here
more than once: [https://www.yodlee.com/yodlee-
responds/](https://www.yodlee.com/yodlee-responds/)

------
vonnik
This is a 2015 piece, so old news. Can we note that in the headline?

~~~
nstj
Apologies - I wasn't sure of the standard procedure for adding dates in the
headline (I've seen them added to posts ad-hoc and wasn't sure if they were
added by the mods etc if they made the front page). Would be happy to edit but
I just realised I can't edit the post's title - what would be the best way to
rectify in this situation? Cheers.

