
How Your Bank is Tracking Your Phone - ggaughan
http://www.wordloosed.com/how-your-bank-is-tracking-your-phone
======
furyg3
This is paranoia.

Much more likely that your card was flagged as bing possibly compromised by
some other factor than your spending behavior.

For example If a a bank sees that many cards used at a particular retailer end
up having fraudulent charges associated with them, they may suspect a problem
with that retailer. They may then re-issue all of the other cards used at that
retailer to be safe.

Also, people assume that because they sometimes get a call/email asking them
if a purchase they made was valid, that they always know about how their
credit card is used. This is not the case. Obvious fraud may be declined on
the spot (think brute-forcing a CVV code, or a brand new retailer in Vietnam
processing 100 cards while your last charge was in Kentucky). Some charges may
go through but be flagged, reviewed, found to be fraud, removed from your
account, and your card re-issued. Both cases are issues between banks and card
processors, and may not necessarily show up on your transaction overview.

The likelihood of this happening is so much higher than the bank tracking your
phone, that I would need a lot more evidence before I'd believe it.

------
300bps
I work at a bank and I can tell you that they will often allow one or two
instances of actual fraudulent card use before issuing a new card. It is
actually very expensive for them to issue a new card and very inconvenient for
the client so most won't do it willy-nilly.

I would also be remiss if I didn't mention the completely clickbait headline
of the article that in no way reflects the actual content of the article. A
more accurate headline might be, "Weird Coincidence Elicits Paranoia About My
Bank".

~~~
alistairjcbrown
I was just thinking this; banks take their time to issue a new card.

What're the odds that a new card was ready to go and posted (and that Royal
Mail delivered it next day?) due to one questionable use?

------
alibarber
I find this hard to believe, if this were so - every time I leave my phone on
my desk and go to lunch across town I'd get a new card.

More likely is that a batch of details went missing from the issuer itself or
a store that the owner had shopped at legitimately any time in the past
reported a loss of data, and the timing was completely coincidental.

~~~
TelmoMenezes
Then you're the sort of person who is not necessarily close to their phone. If
banks are in fact doing this sort of thing, they surely take into account past
behaviour to compute the probability that unexpected behaviour is related to
credit card theft.

Maybe they don't even know that they are doing it. Maybe they just trained
some neural network to attain certain levels of precision/recall. Maybe they
feed the network with all the signals they can put their hands on. Things are
not this simple anymore. Which also means that assuming phone tracking is a
huge jump to conclusions, of course.

------
raverbashing
No, it is not

It may not have been the tire purchase that triggered it, but something else.

------
davb
I don't think that's what's going on.

I think it's more likely a standard multi-factor risk threshold that's been
triggered. A vendor you've never used (or haven't used recently), a vendor
category (auto parts) which you rarely purchase within, a higher risk payment
processing method (perhaps they put through a CNP (cardholder not present)
transaction) in a location (geo or vendor) where use of stolen cards is above
average.

However, that said, many mobile banking applications require coarse (mobile
network) and fine (GPS) location permissions
([https://play.google.com/store/apps/details?id=com.grppl.andr...](https://play.google.com/store/apps/details?id=com.grppl.android.shell.BOS)
and
[https://play.google.com/store/apps/details?id=com.barclays.b...](https://play.google.com/store/apps/details?id=com.barclays.bca)
for example). I highly suspect that this data, along with other information
gathered from your device such as IMEI, is used to assess login risk. If you
look at the markup on a lot of internet banking login pages you'll often find
Javascript and 1px images loaded from unusual subdomains at the bank
(sometimes with "risk" or "security" in the name). A couple of the banks I use
also embed hidden Flash objects, only on the login page, which I suspect are
used for the same purpose.

My understanding is that they pull together data from a number of
sources/signals to calculate a login risk score, in the same way virtually
every bank calculates a transaction risk score when you use your card.

I doubt that this information is tied with physical card transactions,
however.

Edit: I'll add that I'm the most surveillance/tracking conscious person I know
(most just don't care) but this is a little paranoid even for me.

------
cr3ative
This is a heck of a leap of faith and a very clickbaity headline.

------
Jackmc1047
You may find it interesting that BillGuard is developing a new anti-fraud
feature that (I believe) compares your phone's location to where your cards
are used.

------
gondo
what about testing this theory?

------
secrrr
just as easily they could compare the pace/rhythm at which you usually hammer
you pin in or something alike

~~~
davb
I don't think the EMV PED (PIN entry device) standard supports such a thing.
You could certainly verify that by looking up the EMV standards.

