Nice article over on MSN about data mining and analysis of credit card purchases to adjust people’s credit score. In a nutshell, some of the card issuers are looking at specifically what people are purchasing, not just payment history, in determining credit worthiness. Worse, they will adjust the credit score over time. So the FTC has file suit against at least one company, CompuCredit, for ‘deceptive’ marketing practices, which does not really capture the essence of the problem. I am not sure if it can be legally called a privacy violation, but it my mind this is exactly the heart of the issue.

This goes well beyond my typical ‘beef’ with companies that use my personal data to my detriment. Yes, I admit that I do not like the fact that a credit score is a made up number by the credit industry, and the entire credit scoring system is for the credit industry, with nebulous guidelines on how we play this game. But more or less, pay your bill on time, get a decent score. But by examining what we purchase in the context of our credit heavy culture, and then associate a value judgment of that purchase, is a very slippery-slope. Any good data mining software, with access to complete purchase histories, will very quickly come up with a profile of who you are, what your preferences are, and categorize your choices as a risk score. Purchase something a credit agency does not approve of, and pay more for your home loan.

Almost everything that you can buy could have a social value associated with it, and you will be ranked by the preferences and values of the institution who issues the credit. Through this sort of profiling of race, gender, ailments, addictions, affinities and other traits will be identified and penalized, which is the nature of the complaint against CompuCredit. And I would wager that the ability to detect sexual orientation or religious affiliation could be added if they chose to do so. In my mind, this is very much the definition of Redlining, and one of the many tangible examples of why I harp on data privacy so often.

Hopefully the FTA will come down on them hard. And for those of you were not worried about this, I know a few security professionals whos’ week in Vegas will have their FICO skimming in the low 5’s if their purchases are being evaluated.