CBA’s Kaching app raises privacy concerns


news One of Australia’s leading privacy advocates has raised concerns about the Commonwealth Bank’s new mobile, social and near field communications payments application, highlighting the fact that it has the potential to eliminate much of the anonymity offered by paying for goods and services through cash.

The app, unveiled yesterday for Apple iPhones and coming soon to the Android platform, allows customers to make payments from their mobile phone to anyone with an email address, phone number or Facebook friendship, as well as to merchants via the near field communications standard. It represents the latest in a wave of such apps, with similar platforms including ANZ Bank’s goMoney system and the Pollenizer-backed Pygg, which focuses on Twitter payments.

However, speaking via email yesterday, Australian Privacy Foundation chair Roger Clarke pointed out that many people didn’t necessarily want a complete payments trail collected by their financial institutions. “Examples of such people,” Clarke said, referring to a paper he wrote as early as 1999 on the issue, “include VIPs, celebrities, notorieties, different-thinkers, victims of domestic violence, people in sensitive occupations such as prison management and psychiatric health care, protected witnesses, and undercover law enforcement and security operatives”.

It is believed that financial institutions can be forced to divulge aspects of their customers’ financial records through certain legal processes. The ISP industry is already facing a similar issue, with organisations such as Movie Rights Group using the courts to seek customer information relating to Australians who have allegedly illegally downloaded copyrighted films online.

Clarke said a topical example of someone who might not want all of their financial data tracked might be a protestor at a political gathering such as the current Commonwealth Heads of Government Meeting in Perth, “who is very well-advised not to generate high-intensity trails of location data”.

Location data in general, Clarke wrote in his 1999 paper, could be used by governments and the private sector in order to generate behavioural patterns against individuals, allowing the public sector to generate “suspicion” against individuals matching certain patterns, and the private sector to “classify the individual into micro-markets and thereby to manipulate consumer behaviour”. In addition, Clarke warned at the time that such data could lead to a substantially enhanced scope for politically damaging and personally embarrassing diclosures, blackmail and extortion, as well as “a vast increase” in so-called circumstantial evidence in criminal cases.

“The focus of public concerns is usually exercise of power by the State, but these technologies also greatly empower corporations,” the privacy advocate wrote. “The capability will be useful in dealing with troublesome opponents, such as competitors, regulators and lobbyists, but also employees, whistleblowers, consumer activists, customers and suppliers.”

As an alternative to transactions linked to individuals’ bank accounts, some cards are available in countries like France (the Mon€o card), which allow users to make anonymous transactions for small amounts, as an alternative to using cash.

Clarke said anyone would need some form of anonymous payments system who didn’t want to gift location and tracking information to their financial institutions, as well as a whole host of organisations associated with them — such as their financial institutions’ non-banking divisions, strategic partners, law enforcement and security organisations and so on. “In an era of ‘strategic partnerships’, customer confidentiality is increasingly under threat, as data exchange with other corporations offers the prospect of enhanced revenue and customer leverage, i.e. power,” he wrote in his 1999 paper.

The key issue, he said, was the need for payment systems which were designed without intermediaries such as banks — so that only the payer and payees were in position to keep records of transactions.

“If each transaction involves an intermediary, then that other organisation is in a position to record it, and may collude with other such intermediaries to consolidate a substantial trail,” he noted. If Kaching did in fact represent such as intermediary system, then Clarke recommended not using the platform.

In his paper, Clarke also pointed out that since the end of the 1970’s, when ATM machines became popular for cash withdrawals and credit cards popular for payments (as well as debit cards from the 1990’s), “an increasingly intensive trail of transactions has become available to financial services organisations”. In these cases, he wrote, “a degree of substitution has occurred, whereby hitherto unrecorded and/or anonymous transactions have been converted into recorded, identified transactions” — and organisations such as banks had increasingly sought to leverage the collected data.

All this sounds a bit sinister, but Clarke has a point. The Commonwealth Bank is trying to make consumers’ lives easier, it’s true, but it’s also attempting to bring a vast swathe of new data into its systems which will give it a huge amount of extra insight into what Australians buy, where and when they buy it, and from who.

Tracking transactions to social network connections such as Facebook friends will allow the bank to map our real-life social networks without getting the keys to our online accounts, and replacing that $3.50 coffee cash buy (or $4.50 if you’re in the Sydney CBD) with a NFC swipe will give the bank a complete map of where you go for your caffeine hit — and when.

To say that information would be useful in consumer behaviour projections, or to law enforcement, or even to the Australian Taxation Office (for example, when conducting audits), is an understatement. Do you really want to hand over all of that data to your bank? I’m not sure just yet … the cash system we currently have is useful for a reason, and I’d like to see some anonymised, non-record-keeping alternatives to Kaching before I simply sign my transactional life away.

On the other side of the coin … we already give so much of this information away anyway. I tend to pay for every cost for my own small business through my credit card or bank account, to make it easier for my accountant to track expenses at the end of every quarter. On a personal front, I make dozens of micro-transactions each month through platforms such as Amazon, Steam and iTunes as well, buying books, movies, apps, games and so on, and the rate at which that data is being centralised is only increasing. I even buy groceries online through Woolworths.

If you had access to my bank accounts, you would already know many, many things about me. And I’m not personally sure how much more invasive adding low-end cash transactions to that list will be. Does the convenience of modern transaction systems such as Kaching trump security and privacy? Only time will tell.

Image credit: Mateusz Stachowski, royalty free


  1. I pay with EFTPOS and credit card already. The powers that be already know what I buy and where I buy it from. Why is this any different?

    Don’t want to be tracked? Pay in cash. Shop doesn’t allow you to pay in cash? Buy a pre-paid credit card.

    Why is this monkey even getting a story out of this rubbish?

    Why am I even bothering to comment on this post?

    Where did all my coffee go? I really could do with one of those Kachinger thingamadoos right now cos I have no cash on me to buy another cuppa…

  2. Most of my transactions are already electronically recorded, and I don’t see a problem with 99% of them being that way – it’s not like banks are trying to monetise on this hoard of info like Google. I’d have thought there’d be more issue with customer/user responsibility/liability, and poor personal security practices of the lay person.

      • The same argument could be made for Governments and the records kept on births, deaths and marriages.

  3. As others have pointed out, electronic transactions already hold a significant amount of ‘location’ data, but you need to ‘mine’ it to refine it to a specific location

    What these style of platforms allow however is to use (where available) much more accurate location services to derive a location (that can be directly and easily mapped) – its not delivering anything new so to speak, just providing that data faster, without the need to mine.

    Yes there are disadvantages to this, but I potentially see one advantage – fraud prevention and tracking – you have the ability to compare the customers physical location to the location of the transaction.

Comments are closed.