With common terms such as "banking secret" one should be able to trust a bank, right?
In this article, I am investigating whether banking secrecy is still as it used to be. What does my bank know about me and which external stakeholders might be involved?
Did the cool fintechs of today really just cut the paperwork - or are there any pitfalls? We are going to find out 🙂.
N26 as a fintech startup grew very fast. At the same time, the bank started offering plenty of additional services, such as insurances, where the actual contract is made with an external provider.
The overall appearance of these external services however is smoothly integrated in the app and might suggest, the user is still dealing with trusted services by the bank itself.
Regarding privacy, I consider this to be somewhat concerning, as the contract closing phase is kept very short, without the user is likely of doing any further research on the services of this external provider. At the same time however it is one more company that with one click receives personal data and solvency information of an individual. A process, where back in the days, pen, paper and a more extensive thinking process was involved.
- N26 Bank GmbH and its subsidiaries
- Alphabet Inc. (Google)
- Clark Germany GmbH (“Clark”)
- Raisin GmbH, MHB Bank AG
- SCHUFA AG (Credit score)
- CASH26 Supermarkets (Penny, Real, REWE, BUDNI, Ludwig, ON Express, Eckert, Adam’s, Barbarino and Mobilcom Debitel)
- In co-operation with TransferWise Ltd., 6th Floor, The Tea Building, 56 Shoreditch High Street, London E1 6JJ, Great Britain (hereinafter: “TransferWise”), we offer “international transfers”
- AWP P&C S.A. (branch for the Netherlands, which operates as Allianz Global Assistance Europe and is a member of Allianz Group
- N26 Invest, N26 Bank collaborates with vaamo Finanz AG, Mainzer Landstrasse 250, 60326 Frankfurt am Main (hereinafter: "vaamo") and with FIL Fondsbank GmbH
- [...] to use the Stripe Top Up Feature (“Top Up Feature”), account information is transferred to our processor Stripe Payments Europe Ltd. (“Stripe”), The One Building, 1 Grand Canal Street Lower, Dublin 2, Ireland
The actual danger of what could happen became clear to me, when I signed up for yet another "partner service" with just one click of a button. A few months later, a big data breach of MasterCards Loyalty program happened.
Mastercard Breach Affected 90K Germans' Data | PYMNTS.com
Belgian and German data protection regulators were notified by Mastercard of a possible data breach, Bloomberg reported on Friday (Aug. 23). The breach was first noticed on Aug. 19 and "affected a large number of data subjects," the Belgian watchdog said in a statement. The leak involved 90,000 customers' names, addresses and credit card numbers.
Although I briefly checked whether my card number was affected by the breach and made sure it wasn't, someone apparently gained access to that data and was able to execute two transactions on my name.
This showed me, how dangerous every stakeholder more in the chain potentially is.
Automated scoring proceses algorithms always appeared problematically to me. Especially considering that in Germany, for the scoring of individuals, one particular agency is hired by major companies. The "Schufa" is a credit bureau supported by creditors. The algorithm however is kept secret and thus there are movements like OpenSchufa who are pledging for a more open scoring system .
For now however, whenever someone needs to close a contract, the Schufa is the single entity that is going to decide, whether a debitor can take the offer of not. A single point of failure. An organization created to create trust between companies and customers - while being a mysterious unloved blackbox for the public.
There are however other, more transparent, decentralized models with the potency of higher privacy upcoming - so I am rather optimistic here.
Proof of Solvency: Technical Overview
We ran the same procedure for all the assets on the ICONOMI platform and built a tree for every asset to get multiple root nodes. These root nodes are extremely important because they show the liabilities we have for each asset.
The banking app implemented certain measures to make the user itself feel safe and prevent from actions he might regret.
Screenshots in the banking app are disabled by default. Yet even when the user decides to enable it, he can still hide the numbers associated to an account / transactions.
Less paperwork does not always result in more transparency and privacy - it might just be hidden in a more elegant way.
How dark patterns mislead internet users - VoxEurop (English)
It happens to everyone: you discover you've subscribed to some newsletter you've never heard of, or you knowingly subscribe because it's the only way to access a specific website or app. Like this: @darkpatterns On log in, you either accept marketing emails or cancel which logs you out.
Yelp, Duolingo, other apps send personal data to Facebook without consent
A new collection of apps have been exposed as sending sensitive user data to Facebook. This data transfer occurs regardless of whether or not the user has an active Facebook profile. Three major apps caught in this scandal are Yelp, Duolingo, and Indeed.
36C3 ChaosWest: NOTH1NG T0 HID3: go out and fix privacy!
https://media.ccc.de/v/36c3-78-noth1ng-t0-hid3-go-out-and-fix-privacy- None After the highly-successful presentation "Toll of personal privacy in 2018" at Ch...
Chinese primary school halts trial of device that monitors pupils' brainwaves
A trial that involved primary school pupils wearing a head-mounted device that monitored their attention spans has been halted in China amid parents' privacy concerns and fears they could be used to control the children, local media have reported.
Which privacy - enhancing technologies are you using already? E.g. self hosted open source software Nextcloud, decentralized Messengers such as "Element", Browsers like Tor or Brave who are blocking trackers by design?
More content? Check out the entire blog 😎