An important adage these days is to protect your personal data to keep scammers at bay. A new paper quantified the incidence of financial fraud complaints among app users who followed that advice. The paper, titled “Consumer Surveillance and Financial Fraud,” was co-authored by Wharton professor of finance Juan Tan, finance professor Beau Bian of the University of British Columbia, and Michaela Pagel of Washington University in St. Louis. It is.
The authors focused on Apple’s App Tracking Transparency (ATT) policy, which opts out users on Apple’s iOS platform from having their data shared by default. They found that if the number of iOS users in a particular zip code increased by 10%, financial fraud complaints from that location decreased by 3.21%. The study also found that “the impact was concentrated in complaints about lax data security and privacy.”
The reduction in financial fraud complaints could increase tenfold if strict privacy laws were widely applied. “If the entire population [cell phone] If users of both iOS and Android platforms were covered by policies like ATT, the number of financial fraud complaints should drop to 32%, assuming the effect scales linearly,” Tang said. states.
Apple’s ATT policy, launched in April 2021, requires all app providers to obtain explicit user permission before tracking apps across third-party owned apps or websites. I did. Therefore, without the user’s permission, Apple will not provide the so-called “mobile ID” to these apps or his website.
Although the ATT policy only applies to mobile users, the proliferation of smartphones has implications for commercial surveillance and fraud in the general population, the paper noted. Following the ATT policy, companies with the app were 42% less likely to experience a cyber incident compared to companies without the app, the report added. The document describes the introduction of ATT as “an event that strengthens data security and privacy standards.”
Shocking the data industry
The paper said ATT’s policy had a major impact on the “data industry,” particularly the providers of mobile apps available on the Apple App Store and Google Play Store. According to mobile advertising company Flurry, as of February 2022, 82% of users declined permission to be tracked, or only 18% of app users who were asked for permission allowed tracking.
Tan said Mehta’s Facebook was at the top of ATT’s list of victims. “Facebook is the biggest victim of Apple’s privacy campaign because 98% of Facebook’s revenue comes from targeted advertising,” she said. In February 2022, Facebook stock plummeted a record 26% after the company announced its 2021 fourth-quarter earnings, blaming Apple’s privacy laws and macroeconomic challenges on expected revenue declines in the next quarter. He claimed that. Facebook has warned that Apple’s privacy policies will cost the company $10 billion in 2022. The paper cited a related paper co-authored by Tang on data privacy in mobile apps and noted that the introduction of ATT also caused stock prices to plummet for other companies with active iOS apps.
Mr. Tan explained exactly how much damage ATT has caused Facebook. To target ads to consumers, Facebook uses mobile identifiers that link all of an individual’s mobile devices and link all user selections from different websites to link different websites about the same individual. He explained that data from different sources needs to be linked. But after ATT, Facebook can no longer use mobile identifiers unless iOS users explicitly agree to share their data with third parties, he added.
Facebook’s loss, Apple’s gain
In contrast, Apple benefited because users were satisfied that it was taking steps to protect their privacy, Tan said. “Apple’s privacy campaign is self-serving because it gives tech giants access to the targeted advertising industry,” she continued. “And the biggest enemy other than Google is Facebook. Getting rid of Facebook creates a hole that can be filled.” Incidentally, the French competition authority and the Italian antitrust agency have ruled that Apple is abusing its market dominance. He accused the company of setting unfair conditions.
Tang added that Apple could then intervene with crowd-level targeting, leveraging the aggregate information it has created for specific user communities. Other platforms that want to target Apple users will need to adopt that approach, she explained, allowing for “less sophisticated targeting.” Apple’s Search Ads Guide says, “Targeting specific users will prevent your ads from showing to users who have turned off their personalized ads settings.”
The paper noted that Apple had begun tightening the screws on data privacy more than a year before announcing the ATT policy. In December 2020, Apple introduced the “Nutrition” privacy label. This required all developers to provide information about their data practices in a standardized and easy-to-use format. Developers who did not follow this policy faced the risk of having their future app updates rejected by Apple’s app store.
Google also launched a data safety form on its Google Play platform in July 2022, requiring companies to disclose the type of data they collect from users and how it is used. Google’s data safety form also requires disclosure of its data security practices, including whether user data is encrypted in transit.
How the study tracked financial fraud
The authors first leveraged detailed pedestrian data from Safegraph (a provider of global location datasets) to calculate the zip code-level share of iPhone users among all smartphone users. We then analyzed data from the Consumer Fraud Prevention Bureau (CFPB) and the Federal Trade Commission (FTC) on the number of financial fraud complaints and fraud losses. We then applied ATT’s 82% opt-out rate to arrive at the finding that financial fraud complaints decreased by his 3.21%.
Importantly, this study found that trends in the likelihood and number of financial fraud charges were more pronounced among minorities, women, and young adults, making these groups more susceptible to surveillance and fraud. It suggests that you are vulnerable. These findings will contribute to the process of creating new regulations and rules to strengthen consumer data protection and privacy, the paper says.
To isolate CFPB complaints related to financial fraud caused by lax data security, the authors used keyword searches to look for signs of fraud, fraud, identity theft, and more. They used this in conjunction with machine learning techniques to generate the likelihood of complaints related to financial fraud caused by data security issues.
Main results of the study
— A 10% increase in the number of iOS users in a particular zip code results in a 3.21% decrease in financial fraud complaints from that area.
— Approximately 26% of financial companies listed in the CFPB complaint database have apps, and 11% of those collect user data and share it with third parties such as data brokers, other websites, and ad networks. doing. The impact of ATT on consumer complaints will be more pronounced for companies that operate in app markets, share user data with third parties, or do not encrypt user data in transit. .
— Complaints about financial fraud are more likely to occur in areas like credit reporting and debt collection than in other areas like student loans and mortgages. Specifically, the ATT policy reduced the number of credit reporting and debt collection financial fraud complaints in a ZIP code by 2.48% and 0.61%, respectively, when iOS users were 10% more likely than they were.
— ATT policy reduced losses from all complaints by 4.7%. Of these, ATT policies reduce reported losses due to internet and data security complaints by approximately 40%.
regulatory reform
“Our results provide compelling evidence in support of industry-driven regulation aimed at limiting consumer surveillance practices,” the paper states. Tan recently submitted her findings to the FTC, which she hopes will use her paper’s findings in its efforts to frame future regulations around data privacy and security, she said. Told.
“For its cost-benefit analysis, the FTC was interested in the costs to consumers when companies collect excessive amounts of data, but empirical evidence of this was very difficult to find.” she said. “This is where our paper comes in. We provide point estimates.”
Tan said Apple’s efforts to strengthen data privacy for mobile phone users have advantages over the European Union’s General Data Protection Regulation (GDPR), which was introduced in 2018. She said she finds users have a hard time navigating company privacy notices that pop up. Especially since it’s not standardized and requires multiple clicks before you understand how your data will be used.a CNBC The report refers to such user experiences as “consent fatigue.”
The paper also points to other efforts underway to limit data transfers between companies, such as Google’s plan to phase out third-party cookies in Chrome by 2024. Similar to GDPR, Virginia and Connecticut laws require opt-in consent for the sharing of sensitive personal information, according to a report from OneTrust, a firm that advises companies on issues such as privacy standards. It added that other privacy laws in the state, Colorado and Utah follow opt-out mechanisms that require consent in most places.
[Knowledge at Wharton first published this piece.]
The views expressed in this article are the author’s own and do not necessarily reflect the editorial policy of Fair Observer.