Advertisement

Companies are secretly scoring you, but good luck getting your data

Business Credit Score Gauge Concept, Excellent Grade.
Business Credit Score Gauge Concept, Excellent Grade.

About a month ago, I read Kashmir Hill’s piece in the New York Times about “secret consumer scores” that companies give to people.

Essentially, these hidden dossiers rate and describe our behavior as consumers, from how we use customer service, what we buy, how much we spend, how often we return stuff we buy, and how much money we probably make.

Consumer scores can contain Airbnb messages to hosts, delivery orders from apps like GrubHub, metadata and logs from how often an app is opened. (If you’re curious about whether a service you use is involved, it’s probably in the privacy policy you don’t read.)

ADVERTISEMENT

These scores are similar to credit scores in some ways. Though they may not affect our abilities to get a loan, for example, they help companies understand consumers to target them more efficiently, and they might result in preferential treatment for those with high scores.

A story last year from the Wall Street Journal found that a “consumer’s lifetime value” score, one of the secret scores, could mean that one consumer waits on hold for a company’s customer service rep for 45 minutes, while another waits just a few seconds. The Journal also reported that a better score could give you a better shot at an airline upgrade.

But there is one crucial difference: the scores are really hard to get and aren’t regulated. Credit reporting, on the other hand is run by the three major credit reporting agencies and is generally accessible if you ask for it. The agencies are federally required to operate annualcreditreport.com, where consumers can pull their credit report from each bureau for free every year.

Hill’s piece in the Times describes jumping through hoops to get her score. “I got access to my secret consumer score,” she wrote. “Now you can get yours, too.”

However, I tried and so far, have failed.

These scores of the public are not meant for public

In early November, I tried Hill’s strategy and emailed two of the companies that would most likely have files on me, Sift and Zeta Global.

BRAZIL - 2019/07/01: In this photo illustration the DoorDash logo is seen displayed on a smartphone. (Photo Illustration by Rafael Henrique/SOPA Images/LightRocket via Getty Images)
(Photo Illustration by Rafael Henrique/SOPA Images/LightRocket via Getty Images)

These data collection companies work with many consumer-facing businesses, providing them with services like fraud prevention, targeting, and other analysis and learnings from consumer data that is shared with them. For example, Sift works with OpenTable, Twitter, Zillow, Jet, ChowNow, Wayfair, Harry’s, SeatGeek, Doordash, according to its website.

I emailed privacy@sift.com and asked for my information.The same day, I got an automated email back that said “Due to recent press coverage, we are experiencing a high volume of data access requests. We are scaling our operations to accommodate all requests and appreciate your patience.”

A little over a week later I got a message from the support team thanking me for my patience and asking me to use a link from “Berbix” to verify myself. I had never heard of Berbix, and I didn’t really feel like sending them a picture of my government-issued ID and a photo of myself, but after a little digging I decided that Berbix looked legit enough.

I uploaded a picture of my ID; then the app asked me to take a picture of myself. I took the picture, but then Berbix rejected that picture and asked me to take another one where I “look surprised or shocked.” Why did they want a weird picture of me? I took a few more until it stopped asking me. (I emailed Berbix to ask why, and its co-founder Steve Kirkham explained that it’s a way to authenticate myself by showing I’m a real person capable of reacting in realtime to a request to make a weird face.)

I was shocked and surprised to see this without explanation on an authentication service.
I was shocked and surprised to see this without explanation on an authentication service.

I haven’t heard back from Sift, more than two weeks later.

I tried the same thing from Zeta Global, which lets you request your data with an online form. Soon after, I got an email back asking me to confirm my email and upload a copy of my ID to authenticate myself. I did so, and that was the end of that, apparently. Weeks later, I’m still waiting, like any other consumer who might want to know.

This seems to be consistent with people’s experiences for the most part. But that could change. In 2020, Californians will get more leverage via the California Consumer Privacy Act, which lets consumers have access to and control over aspects of their own data. Companies will be required to honor these for Californians, but other states could follow — and companies could take a proactive approach and hand in the files.

Judging from the current relatively informal, un-scaled processes of requesting, there’s probably not a lot of people asking for their secret scores.

Updated 12/6: Comment from Berbix added.

-

Ethan Wolff-Mann is a writer at Yahoo Finance focusing on consumer issues, personal finance, retail, airlines, and more. Follow him on Twitter @ewolffmann.

This is the worst deal on Cyber Monday

57% of boomers who manage their own money should rebalance their portfolios: Fidelity

'Snake oil salesmen': Two neurologists respond to the CBD craze

The ski industry is going through a tech transformation

9 tips for not getting spied on while traveling

Large-scale credit card hackers back for the holiday season, ex-FBI investigator says

Read the latest financial and business news from Yahoo Finance

Follow Yahoo Finance on Twitter, Facebook, Instagram, Flipboard, LinkedIn, YouTube, and reddit.