Banks and financial apps in South Africa are sharing your personal information - here’s how to stop them
- Banks have been selling data about their customers for years.
- The information is gold for advertisers who are desperate to target you with relevant online advertisements.
- Every purchase you make on a debit or credit card allows the banks to learn a bit more about you.
- For more visit Business Insider South Africa.
South African banks are collecting a wide range of data about you. They know your age, where you live, what you earn, and what your credit score is.
And if you use a debit or credit card, they’re collecting data about what products and services you buy, and where you buy them from.
This information is gold for advertisers who are desperate to target you with relevant online advertisements.
And while personal information, such as your name and address, linked to your financial history, is widely considered off-limits to third-party vendors, so-called anonymous and aggregated data is largely fair game in the financial world. Which may be one reason why the adverts you see on social media continue to eerily coincide with your lifestyle habits.
Every purchase you make on a debit or credit card allows the banks to learn a bit more about you. And the more they know about you, the better they can refine their own products and services.
But for some time, banks have been using this data for more than just internal improvement and up-selling— some are profiting by allowing third party partners, and even data brokers, to use this information to target you with advertisements.
Banks around the world have been selling data for years
It’s now widely accepted that our personal data is sold and bought several times over. And in the United States, credit card companies have been selling data about purchasers to advertisers for several years already.
Previously, the data that banks sold was fairly broad. Companies like Mastercard would track purchases by area code, establish trends on common purchases in these regions, and then sell this on to the highest bidder, who’d then launch targeted advertising campaigns.
But with the rise of highly targeted online advertising on the likes of Facebook and Google, this data is becoming increasingly more specialised and detailed - and it’s lead to the rise of multi-million dollar companies who trade in it.
For example, American company Acxiom has detailed information on 500 million consumers around the world. For each of these consumers, they have up to 3,000 attributes - identifiers such as race, age, sex, health concerns, and spending habits.
Companies like Acxiom gather these data points from several sources - including online surveys, browsing habits, and national databases. But there are few organisations, apart from Facebook and Google, that have as comprehensive pictures of our personal lives than financial institutions - which represents a significant new revenue stream.
Although banks are unlikely to share identifiable personal data with companies like Acxiom, many around the world do share what’s loosely called “aggregated and anonymised” data. In other words, data that’s not directly identifiable to you, but is still able to deliver targeted advertisements on your social channels.
South Africa may have stricter legislation than many other countries when it comes to private data and information, and the Protection of Personal Information (POPI) act will further restrict how companies store and use personal data. But, in theory at least, this doesn’t stop financial institutions here from using our spending habits to generate additional income.
Business Insider South Africa reached out to several big banks in South Africa, and dug around in privacy policies, to learn more about what data financial institutions collect and store, and how they use it.
First National Bank
According to First National Bank, it collect your personal information whenever you use its website, complete an application form, contact it electronically, or use one of the services or facilities offered by it, or any affiliate party.
First National Bank’s Chief Data Protection Officer Fernando Moreira said that “FNB processes data in accordance with all applicable privacy and data protection laws. We adopt a multi-layered security approach to safe-guard data. The bank is not able to share propriety information.”
It may also use this data to sell you products it deems may be of interest. And with your consent, it also reserve the right to sell your personal information to third parties, for “independent use”.
Standard Bank collects personal information directly about its clients through direct means, as well as third parties and publicly available sources.
According to Standard Bank’s Ross Linstrom, “Data is one of the core requirements to run any business. Standard Bank’s strategic focus is on putting customers at the centre of everything we do, delivering as far as possible our services and products in a digital way and building universal capabilities. To achieve this requires quality data.”
Linstrom says that where it uses customer data to provide products and services, they “ensure that customers’ consent is obtained or that we are able to process the customer data lawfully. In all our engagements, client confidentially and privacy are guiding principles and we ensure that data sharing is done in a lawful and responsible manner”.
Nedbank uses personal information that it gathers “during the course of our relationship with you as a client, as well as information about your marketing preferences”.
It collects this information in several ways. Either directly from you, when you complete a physical or electronic form such as an application, or indirectly when you interact with the bank electronically and browse their website, and directly from other sources, “such as public databases, data aggregators and third parties”.
Nedbank will use your personal information to, among other things, “provide you with financial products and services”, and although it says the bank “will not sell your information to third parties and will only market to you in accordance with our legal obligations and your marketing preference”, it does work with third-party data providers provided you consent to this.
According to Nedbank’s Head of Marketing and Communications Joanne Isaacs, “At Nedbank we apply market conduct principles in managing our business processes. These include, but are not limited to opt in/out indicators to process client leads and communication, including ‘Do Not Market’ indicators where generic marketing is concerned.”
“We also do not sell client data, and, while the Protection of Personal Information Act, is not yet enforced, we already align with the Act in the protection of our data and when dealing with clients. As far as transmission of data is concerned, clauses for such data transmission, both local and cross-border, are followed.”
Absa collects your personal information directly on forms you submit, but also from things like public records, social media, and credit bureaus.
It also uses this personal information for “for historical, statistical or research purposes where the outcomes will not be published in an identifiable format”.
Visa and MasterCard
Both Visa and MasterCard, the two major bank card providers in South Africa, are open about their data and analytics divisions that sell user data to help advertisers better target new customers.
Visa Advertising Solutions offers “a comprehensive suite of products to help plan, target and measure” digital advertising. Using “de-identified and aggregated spend data”, it allows customers to target people from pre-built audiences defined by “specific spending behaviours”.
Visa also gathers information on customers to identify those who “spend frequently; are known to buy at various times; spend more during major retail holidays; prefer certain types of trips and visit specific destinations; [are] gift shoppers, online shoppers, subscription spenders, affluent spenders and more.”
Mastercard also has a division that collects user data that they sell to third-party companies. On the MasterCard data analytics website, it asks the question “What can 2.4 billion global cards, over 65 billion transactions per year, and analytical platforms mean to you?”
Among other services, it offers “Intelligent Targeting” that they claim will “boost the efficiency, effectiveness and ease of acquisition by leveraging Mastercard insights and expertise to design, execute and optimise acquisition campaigns for high-value customers.”
It also provides anonymised and aggregated “transaction-based insights on a merchant’s sales, customer segment behaviour and overall trends to inform credit decisions”.
Payment and financial apps
Then there are other third-party services, like financial management tool 22Seven, and payment apps like Zapper and Snapscan. These companies have access to a significant amount of data, and follow similar privacy policies to the banks - provided you opt in at some point, they can share personal information with third parties.
It does this “to develop market insights, troubleshoot problems, detect and protect against error, fraud and other criminal activity, identify behaviour and usage patterns, and improve our service generally.”
Payment app SnapScan, owned by Standard Bank, has a clear policy when it comes to data protection. By signing up for the service, you are giving Snapscan express consent to collect and process your personal information to, among other things, “provide any combination of services or analysis linked to the app” as well as to “carry out statistical and other analyses to identify potential markets and trends; and develop new products and services.”
How to stop banks using your data
It’s safe to assume that, with your consent, most financial institutions are using and sharing some of your data in an anonymous and aggregated manner. Some are likely profiting from it, too.
But quite how and where you consent to this usage is unclear. In some cases, it forms part of the application installation process, and in others, it’s likely buried deep in application form terms and conditions, and difficult to separate from the basic account forms.
If you’re opposed to this, there are some steps you can take. Firstly, you can contact your bank directly to find out if you have consented to their data sharing policies. If so, you can request to opt out from their third party data sharing programmes.
According to the Promotion of Access to Information Act, customers can also request a copy of their information that the institution is holding. It’s probably a good idea to request this anyway, and if it makes you uncomfortable, some institutions may agree to remove or update it. Others, however, may say removing this data prevents them from offering the service, in which case you may need to decide which is more important - privacy or the service they’re offering.
Receive a daily update with all our latest news: click here.
Also from Business Insider South Africa:
- Checkers is testing a 1-hour-delivery online shopping service in Sandton and Cape Town – and for now it is free
- TAKE A LOOK: Inside South Africa's biggest mall, where kids have their own cinema with a giant tube slide inside
- Blueberries are now being harvested in the Limpopo bush – and exported across the world
- This aerial photo shows how much of Saxonwold the Guptas owned
- We tried Ricoffy’s new iced coffee – and even the coffee snobs liked it
- Sales of Beacon chocolate shot up thanks to new wrappers