Get access to your 'secret consumer score'—yes, you have one

We have all been rated by companies based on our past activity, and this score determines where we're pushed in a queue, and what sort of service we are meted out. Your file could be 400 pages long, and here's how to retrieve it

By Kashmir Hill
Published: Nov 5, 2019

g_123111_secret_score_280x210.jpgAs consumers, we all have "secret scores": hidden ratings that determine how long each of us waits on hold when calling a business, whether we can return items at a store, and what type of service we receive. A low score sends you to the back of the queue; high scores get you elite treatment. (Adam McCauley/The New York Times)


As consumers, we all have “secret scores”: hidden ratings that determine how long each of us waits on hold when calling a business, whether we can return items at a store, and what type of service we receive. A low score sends you to the back of the queue; high scores get you elite treatment.

Every so often, journalists lament these systems’ inaccessibility. They’re “largely invisible to the public,” The New York Times wrote in 2012. “Most people have no inkling they even exist,” The Wall Street Journal said in 2018. Most recently, in April, The Wall Street Journal’s Christopher Mims looked at a company called Sift, whose proprietary scoring system tracks 16,000 factors for companies like Airbnb and OkCupid. “Sift judges whether or not you can be trusted,” he wrote, “yet there’s no file with your name that it can produce upon request.”

As of this summer, though, Sift does have a file on you, which it can produce upon request. I got mine and I found it shocking: More than 400 pages long, it contained all the messages I’d ever sent to hosts on Airbnb; years of Yelp delivery orders; a log of every time I’d opened the Coinbase app on my iPhone. Many entries included detailed information about the device I used to do these things, including my IP address at the time.

Sift knew, for example, that I’d used my iPhone to order chicken tikka masala, vegetable samosas and garlic naan on a Saturday night in April three years ago. It knew I used my Apple laptop to sign into Coinbase in January 2017 to change my password. Sift knew about a nightmare Thanksgiving I had in California’s wine country, as captured in my messages to the Airbnb host of a rental called “Cloud 9.”

“The heater in the room with the big couch has been running since we got here and we’re not sure how to turn it off,” I wrote on Wednesday afternoon.

“The air in the main house is really musty, like maybe there’s a mildew or mold issue,” I wrote on Thursday, then added apologetically, “Sorry to be bothering you on Thanksgiving!”

“The bathroom flooded during the rain storm. The carpet outside the bathroom is very wet,” I wrote on Friday. “Ants are coming in from the interior wall of the house.”

This may sound somewhat comical, but the companies gathering and paying for this data find it extremely valuable for rooting out fraud and increasing the revenue they can collect from big spenders. Sift has this data because the company has been hired by Airbnb, Yelp and Coinbase to identify stolen credit cards and help spot identity thieves and abusive behavior. Still, the fact that obscure companies are accumulating information about years of our online and offline behavior is unsettling, and at a minimum it creates the potential for abuse or discrimination — particularly when those companies decide we don’t stack up.

How to get your data
There are many companies in the business of scoring consumers. The challenge is to identify them. Once you do, the instructions on getting your data will probably be buried in their privacy policies. Ctrl-F “request” is a good way to find it. Most of these companies will also require you to send a photo of your driver’s license to verify your identity. Here are five that say they’ll share the data they have on you.

— Sift, which determines consumer trustworthiness, asks you to email privacy@sift.com. You’ll then have to fill out a Google form.

— Zeta Global, which identifies people with a lot of money to spend, lets you request your data via an online form.

— Retail Equation, which helps companies such as Best Buy and Sephora decide whether to accept or reject a product return, will send you a report if you email returnactivityreport@theretailequation.com.

— Riskified, which develops fraud scores, will tell you what data it has gathered on your possible crookedness if you contact privacy@riskified.com.

— Kustomer, a database company that provides what it calls “unprecedented insight into a customer’s past experiences and current sentiment,” tells people to email privacy@kustomer.com.

Just because the companies say they’ll provide your data doesn’t mean they actually will.

Thanks, California
Most of the companies only recently started honoring these requests in response to the California Consumer Privacy Act. Set to go into effect in 2020, the law will grant Californians the right to see what data a company holds on them. It follows a 2018 European privacy law, called General Data Protection Regulation, that lets Europeans gain access to and delete their online data. Some companies have decided to honor the laws’ transparency requirements even for those of us who are not lucky enough to live in Europe or the Golden State.

“We expect these are the first of many laws,” said Jason Tan, chief executive of Sift. The company, founded in 2011, started making files available to “all end users” this June, even where not legally required to do so — such as in New York, where I live. “We’re trying to be more privacy conscious. We want to be good citizens and stewards of the internet. That includes transparency.”

‘It’s incredible what machines can do when they can look under every stone’

My Sift file didn’t come with a credit-score-type number at the top, but many of the entries included a percentage rating as to whether the behavior was “abuse” or “not abuse,” “normal” or “fraud” or “account takeover” versus “not account takeover.”

When I told Tan that I was alarmed to see my Airbnb messages and Yelp orders in the hands of a company I’d never heard of before, he responded by saying that Sift doesn’t sell or share any of the data it has with third parties.

“We are in the business of predicting risks for particular events at particular times, for particular fraud,” he said. Sift is looking at all my online activity to make sure it’s me, and not someone trying to impersonate or hack me.

“Behind the scenes, we’re trying to create connections between fraudulent accounts,” Tan said. To score risk, the more data Sift has, the better. It’s able to use what it knows across the accounts of all its clients, so if a certain device has been used to make an order on Yelp with a stolen credit card, Sift can flag that device when it shows up on Airbnb.

“We’re not looking at the data. It’s just machines and algorithms doing this work,” Tan said. “But it’s incredible what machines can do when they can look under every stone.”

©2019 New York Times News Service

Show More
Post Your Comment
Required
Required, will not be published
All comments are moderated
Researchers can hack Alexa, Google Home, Siri—with laser light
Pollution solutions: Don't choke on your carrots, Delhi