Thursday, November 8, 2007

What If Your Financial Accounts Were Public?

What's the worst-case scenario if your financial data were publicly available? I don't mean your login credentials or other personal information necessary to access your financial accounts; obviously that's inviting identify theft and stolen money. I just mean your accounts, balances, and transactions.

Is there any security risk associated with that data? I suppose if you're worth a lot of money, maybe the worry is that you could become a target for having your money stolen. But I wonder how much is perceived risk, versus actual risk.

The other concerns I can think of all seem to be social: Embarrassment at purchases made or amounts spent. Awkwardness at having more money than friends, or having less, or being better or worse at managing what you do have. Indignance — the "what business is it of yours?" response.

I ask because I'm considering the security risks of downloading all my financial data from Yodlee into my own database, so I can run whatever analysis I want on it. I want to imagine the worst-case scenario: that my machine is not secure, and some hackers are able to read all my financial data. What mischief could they do with it? Brainstorming in comments and by email welcome!


John Cowan said...

The obvious objection is that people who wield force, legitimately or not, can use open financial transaction data to help target their victims. Have you bought porn from suspicious places? Have you purchased a yarmulke (or a burqa) lately? Do you patronize a bookstore that sells "subversive" materials?

"The right of the people to be secure in their persons, houses, papers, and effects [emphasis added] against unreasonable searches and seizures shall not be violated [...].

Giynlith said...

If people know what you're buying, where you've been, how much money you have, etc., they can make assumptions about your living conditions and such. The less scrupulous drugs of society could use that information to track/stalk you and decide if kidnap or blackmail would yield better results.

But maybe I'm just pessimistic.

pirate said...

If I were to see, oh maybe, a $25 purchase at Joann's, I might think you got me a gift card. And when no such gift card was forthcoming, I might be sad. :-)

Jerry said...

It doesn't sound much different from having a bunch of data in Quicken or GnuCash, and having that data get stolen as well. It's probably less bad than if someone were to acquire your SSH keys, and unless you just spent a bunch of money on really weird porn, probably less embarrassing than IMs or emails being made public.