Just four bits of credit card data can identify most anyone (Update)

January 29, 2015, Massachusetts Institute of Technology
Credit: Yves-Alexandre de Montjoye

In this week's issue of the journal Science, MIT researchers report that just four fairly vague pieces of information—the dates and locations of four purchases—are enough to identify 90 percent of the people in a data set recording three months of credit-card transactions by 1.1 million users.

When the researchers also considered coarse-grained information about the prices of purchases, just three data points were enough to identify an even larger percentage of people in the data set. That means that someone with copies of just three of your recent receipts—or one receipt, one Instagram photo of you having coffee with friends, and one tweet about the phone you just bought—would have a 94 percent chance of extracting your credit card records from those of a million other people. This is true, the researchers say, even in cases where no one in the data set is identified by name, address, credit card number, or anything else that we typically think of as personal information.

The paper comes roughly two years after an earlier analysis of mobile-phone records that yielded very similar results.

"If we show it with a couple of data sets, then it's more likely to be true in general," says Yves-Alexandre de Montjoye, an MIT graduate student in media arts and sciences who is first author on both papers. "Honestly, I could imagine reasons why credit-card metadata would differ or would be equivalent to mobility data."

De Montjoye is joined on the new paper by his advisor, Alex "Sandy" Pentland, the Toshiba Professor of Media Arts and Science; Vivek Singh, a former postdoc in Pentland's group who is now an assistant professor at Rutgers University; and Laura Radaelli, a postdoc at Tel Aviv University.

The data set the researchers analyzed included the names and locations of the shops at which purchases took place, the days on which they took place, and the purchase amounts. Purchases made with the same credit card were all tagged with the same random identification number.

For each identification number—each customer in the data set—the researchers selected purchases at random, then determined how many other customers' purchase histories contained the same data points. In separate analyses, the researchers varied the number of data points per customer from two to five. Without price information, two data points were still sufficient to identify more than 40 percent of the people in the data set. At the other extreme, five points with price information was enough to identify almost everyone.

The researchers characterized price very coarsely, treating all prices that fell within a few fixed ranges as functionally equivalent. So, for instance, a purchase of $20 at some store on some day in one person's history would count as a match with a purchase of $40 by someone else at the same store on the same day, since both purchases fell within the range $16 to $49. This was an attempt to represent the uncertainty of someone estimating purchase amounts from secondary information, such as an Instagram photo of the food on someone's plate. The limits of each range were based on a fixed percentage of its median value: The range $16 to $49, for instance, is the median value of purchases ($32.50) plus or minus 50 percent, rounded to the nearest dollar.

Preserving anonymity in large data sets is a pressing concern because public and private entities alike see aggregated digital data as a source of novel insights. Retailers studying anonymized credit-card histories could certainly learn something about the tastes of their customers, but economists might also learn something about the relationship of, say, inflation or consumer spending to other economic factors.

So the MIT researchers also examined the effects of coarsening the data—intentionally making it less precise, in the hope of preserving privacy while still enabling useful analysis. That makes identifying individuals more difficult, but not at a very encouraging rate. Even if the data set characterized each purchase as having taken place sometime in the span of a week at one of 150 stores in the same general areas, four purchases (with 50 percent uncertainty about price) would still be enough to identify more than 70 percent of users.

Nonetheless, de Montjoye and Pentland remain adamant that socially beneficial uses of big data should be pursued. "Sandy and I do really believe that this data has great potential and should be used," de Montjoye says. "We, however, need to be aware and account for the risks of re-identification."

In separate work, de Montjoye, Pentland, and other members of Pentland's group have begun developing a system that would enable people to store the data generated by their mobile devices on secure servers of their own choosing. Researchers looking for useful patterns in aggregate data would send queries through the system, which would return only the pertinent data—such as, for instance, the average amount spent on gasoline during different time periods.

Explore further: It can happen to anyone: Obama's credit card declined

More information: "Unique in the shopping mall: On the reidentifiability of credit card metadata," by Y.-A. de Montjoye et al. Science, www.sciencemag.org/lookup/doi/ … 1126/science.1256297

Related Stories

Ten ways to stay safe while shopping online

November 25, 2014

As the holiday shopping season gets underway, the importance of avoiding hackers, phishing scams and phony websites while buying online becomes increasingly important.

Recommended for you

Coffee-based colloids for direct solar absorption

March 22, 2019

Solar energy is one of the most promising resources to help reduce fossil fuel consumption and mitigate greenhouse gas emissions to power a sustainable future. Devices presently in use to convert solar energy into thermal ...

EPA adviser is promoting harmful ideas, scientists say

March 22, 2019

The Trump administration's reliance on industry-funded environmental specialists is again coming under fire, this time by researchers who say that Louis Anthony "Tony" Cox Jr., who leads a key Environmental Protection Agency ...


Adjust slider to filter visible comments by rank

Display comments: newest first

1 / 5 (2) Jan 29, 2015
I still use cash, hand over no information, and my cell phone spends most of it's time with the battery removed.
5 / 5 (5) Jan 29, 2015
Talking about "bits" of "data" when you actually mean "transaction records", should be a crime of some sort.
not rated yet Jan 29, 2015
I saw the line about "four bits of data" and knew that was impossible since that's only 16 different results. Of course, it was just an extremely poor choice of words.
5 / 5 (3) Jan 30, 2015
I still use cash, hand over no information, and my cell phone spends most of it's time with the battery removed.

Do you use banks? Do you visit stores or shopping areas which employ video surveillance? Do you drive a car with license plates?

Privacy is a comforting illusion. Increasingly sophisticated data mining techniques make it nothing more. The best we can hope for are strong laws that empower us to understand and control the information collected about us.
4.5 / 5 (2) Jan 30, 2015
Do they mean you get one result that is 94% likely to be yours, or do you get a handful of results that contain yours with a probability of 94%?
not rated yet Feb 01, 2015
Do they mean you get one result that is 94% likely to be yours, or do you get a handful of results that contain yours with a probability of 94%?
Read the article. It says "would have a 94 percent chance of extracting your credit card records from those of a million other people"

So, it's one result, and it's right 94 times out of a hundred tries.
not rated yet Feb 04, 2015
So, it's one result, and it's right 94 times out of a hundred tries.


But that's not how probability works though. 94% probability doesn't mean you always get 94 out of a hundred because each case is independent and doesn't change the probability of the rest to ensure that you always get four wrong. For example, you have approximately 0.2% probability of getting 100/100, and an infinitesmal chance that none of the answers you get are correct.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.