Safeguarding Your Data: The Privacy Wall

by

We deal with a lot of very private data at Wesabe, so security and privacy are our top concerns. One of the ways we protect our users’ privacy is through a technique we’ve dubbed the “privacy wall”. I’ll give a very brief overview of it here, but if you’d like something a bit more technical, along with ways to attack the wall, I’ve posted a longer article over on my personal blog.

The bank and credit card transactions that are uploaded to Wesabe are not directly linked to their owners in our database. A standard database schema would call for having a user_id column in the table holding the bank account information that would link directly to a users table, which would hold your login information, email address, etc. Instead, we use something called a cryptographic hash to link the two tables, so your financial data is only associated with you when you log in. This means that (a) no one at Wesabe can peek at how much you’re spending on shoes, and (b) if our database were to somehow fall into, say, an identity thief’s hands, he would have a hard time getting any information about you other than your email address.

The privacy wall does make support a bit more difficult. If you’re having a problem, we need to get additional information from you so that we can find your data in our system. But that’s a small price to pay to be able to assure our users that their information is completely private.

This technique is general enough that just about any site can use it, so if you have a site that is holding personal data, I’d encourage you to read my more technical post and implement something similar, and let us—and your users!—know about it.

7 Responses to “Safeguarding Your Data: The Privacy Wall”

  1. Rob Rubin Says:

    My company is rolling out a web service (BankSwitcher) to make switching banks easier — we look at your banking activity to identify everything that needs to be “switched” like automatic debits (mortgages, utility bills, etc.), direct deposits and online billpay information. We’ve built a directory of switching instructions and forms for over 1500 billers to produce a personalized switching checklist with everything you need to switch banks (you can go to http://beta.facilitas.com if you want to register to use it for free).

    The most sensitive (dangerous in the wrong hands) personal information we require is usernames and passwords for bank accounts. We do not save these data anywhere (I describe it with the phrase “once you use it, we lose it”). In fact, if we have a failure while our systems are in the process of downloading banking activity, the user will need to start over again. This isn’t the best user experience, but we think it’s a small price to pay for safety.

    We do save users banking activity in encrypted formats using multiple keys to maintain and improve our database of matching patterns (how specific billers are rendered on transaction lines — AMEX, AMEXP, AMERICAN EXPRESS) and to identify billers we don’t have in our database yet. While we DO NOT associate banking activity with users, we still delete it after 7 days because some transaction lines may contain personal information like your name or an account number.

    I’m very impressed with Wesabe’s transparency with regards to privacy and security — we intend to follow suit. Thanks.

  2. Leadhyena Says:

    I bet that makes recovering lost password a real pain. 🙂 Seriously, when you lose your password, does that mean that you lose all your internal data, tags and all? I’d feel more secure that way, but most people would be freaked out too much about losing their Wesabe password, that they’d resort to other security violations to get back to it (writing the password down, storing it in browser, storing it in a spreadsheet, etc.).

  3. Brad Greenlee Says:

    Rob: that sounds like a great idea. I look forward to checking it out.

    Leadhyena: no, we’ve come up with a way to avoid losing all your data when you forget or change your password. In a nutshell, we store a version of the secret hash encrypted with the answers to the user’s security questions. Provided you don’t forget those as well, we can easily recover all your data. I’m glad you brought that up, though–I’ll update my longer post.

  4. Reminders: SXSW and ETech « Wesabe: Your Money. Your Community. Says:

    […] privacy. (Brad wrote up one of those techniques, the “Privacy Wall” technique, earlier.) Also, I’ll be presenting my “Coder to Co-Founder: Entrepreneuring for Geeks” […]

  5. Reminders: SXSW and ETech « Wesabe: Your Money. Your Community. Says:

    […] privacy. (Brad wrote up one of those techniques, the “Privacy Wall” technique, earlier.) Also, I’ll be presenting my “Coder to Co-Founder: Entrepreneuring for Geeks” […]

  6. Pop-ups ads tricking people into monthly charges « Wesabe: Your Money. Your Community. Says:

    […] 17 Wesabe users have charges from Reservation Rewards, totaling $397.00. Because of the way our privacy wall works, we have no way of knowing who those people are, but I’ve written a Wesabe tip pointing […]

  7. One more thing…. Browser Snapshot and file attachments « Wesabe: Your Money. Your Community. Says:

    […] of the way our privacy wall works, attachments are currently stored on disk in unencrypted form. We’re planning an update […]

Comments are closed.


%d bloggers like this: