Thursday, September 4, 2008

When it Comes to Your Credit Card Company's Web Site, You're Not Anonymous

As I was surfing around American Express's Web site recently -- checking my morning balance -- it hit me. Even though I am aware of it, you may not be aware that your credit-card company keeps track of your every Web site move.

That's right. If there is a link for a platinum card upgrade, as there is on my "summary of accounts" page on American Express's site, and you click it, rest assured that American Express has a record of your interest in the card. Credit-card companies are methodical. They're data hounds. If it can be tracked, they're tracking it. Indeed, it wouldn't surprise me if my clicks generate targeted offers -- both online and off.

Still, in addition to monitoring my innocuous moves, card companies are also monitoring things that have a direct impact on how they may view me as a customer. And that's what you may not realize. Which is why I am writing today.

Rather than use someone else to make my point (there's always someone to choose from), I figured that I'd use an example from my own "experience box." Last summer, right before the credit climate got really tough, I was making my credit-limit-increase rounds. Like clockwork, I was hitting the "love" button on my credit-card companies' sites. The love button, for those of you who don't know, is the credit-line-increase-request link that can be found on many credit-card sites. Well, let's just say that I hit one too many buttons. Clank. Bang. Slam.

That's the sound of my USAA accounts getting suspended. I didn't know they were suspended until I tried to make a purchase with one of the cards (a phone call would have been nice). Declined. Declined? I called to find out what was going on with the card. Turns out that I was declined because USAA wanted to find out a few things. One, it wanted to know what my income was. Two, it wanted to know why I had requested a credit-line increase so regularly on the account (about once a month). And, three, it wanted to know why my limits at USAA were so dang high! Where was all of this coming from? USAA told me that it monitors online requests for credit-line increases. My request triggered the suspension. Who knew.

I disclosed my income. I didn't have a good excuse for the frequency of my credit-line-increase requests (because the button was there? Hehe). And I blamed USAA for the high limits on my cards (their underwriting allowed those high limits). Anyhow, the bottom line is that my accounts likely would not have been suspended if not for me playing around with the credit-line-increase link so often. I blame myself for that. USAA knew to the exact click how many times I had requested an increase. I was surprised. I've hit the button just once since then.

To be sure, USAA is not alone. Citibank also monitors credit-line-increase requests through its Web site. If you're hitting that request button at Citibank's site on a regular basis, you should realize that Citi is keeping track of those clicks. I imagine that all of my credit card companies monitor this particular metric. Since my experience with USAA, I've laid off the buttons -- with all of my creditors.

For those of you wondering, USAA and Citibank both allow credit-line increases -- through their Web sites -- without a hard inquiry. The only time that Citibank does a hard pull is when you get the online form and fill it out. Otherwise, the increase is granted without a hard inquiry showing up on your credit report. Because there is no hard pull, one can see why it's so tempting to abuse the credit-line-increase button on a regular basis. There's no harm in trying when there's no impact to your score, right? That's what I used to think. Now I know better.

Like Citibank and USAA, Bank of America, American Express, and many other credit card companies also allow credit-line increases through their Web sites -- all without hard pulls (Chase is a rare exception; it requires a hard pull for any credit-line-increase request). I imagine that quite a few of my readers are hitting those love buttons on a regular basis (at least once a month). I'm all for credit-line increases, but, especially in this credit environment, you should do it on a less-frequent basis.

And for those of you wondering: USAA ultimately cut my limits by about 70 percent. That's the price I paid for hitting the button one too many times. Therefore, do yourself a favor. Temper your enthusiasm when it comes to your credit-card company's love button.

You should assume that your credit-card companies are watching (and counting) your every click.


  1. Dang!


  2. I figured as much as well.

    Most customers have no idea they are being monitored in that way - great for the bank as they can get further insight if the customer is credit hungry or not.

    The banks knows that a decent amount of their customers are educated enough to realize that there is no hard pull by simply clicking the button but they also realize that many probably are not aware that the actual request to simply *check* if they have the ability for a "no hard increase" is ALSO being recorded.

    Maybe I should pursue risk analysis/modeling as a career, it's actually quite intriguing.

  3. Dang! Right back at ya.

    By the way, I have missed you over at CB.

  4. Josh, it would be a great job. And you could come back here and spill the beans!

  5. Josh, are you on my mailing list? How did you get to this column so quick?

    That goes for you, too, Bob. You getting my column alert via email?

  6. I bet I would have to sign an insanely strict NDA but *I* don't have to disclose the data, someone "else" can ;)

    I'd love to work for Amex, can you imagine if all the intricate algorithms that make up their "Acquisition" and "Risk Score" was heaven :-) and I bet you would be all over it ready to be their finest customer.

  7. Via email, 12:04 AM EST received and I was already on the blog as I love it so much ;)

  8. Josh, I am drooling (about Amex). Big grin, pal.

    And we should get you your own little corner here at CM. Nice to see you spending so much time here. It's gets lonely around these parts.

    Glad to have you as a regular reader. And thanks for helping me with the Web hosting stuff behind the scenes.

    Much appreciated.

  9. Technology is not that hard for targeted info

    Make sense to target customers..
    IP's are also tracked...especially if you attempt to access your own accts outside the US..

  10. I was really trying to highlight the fact that card companies are watching. Some of these things we do -- like hit the CLI button once every other week -- can be seen as risky behavior by creditors.

    Not something we want to be seen as.

    Thanks for the comment, Anon.

  11. I agree..anything you can do to NOT draw attention to yourself or be seen as risky behaviour..

  12. WOW! Good article CM!

    Well, I use Adaware (free), and SpySweeper ($19.99) for eliminating web traces and tracking devices from my hard drive.

    As for IP address tracking specificly, I recommend www.anonymizer dot com (no direct links since I haven't CM's permission).

    Although, it should be noted, that the tracking and web traces that these credit card/bank companies use can be to our benefit. Clean the computer regularly with Adaware, and Spysweeper. Then when your credit score and limited inquiries on your credit report permit, you can first visit macy's website, then frontgate, saks fifth avenue, land rover, united airlines, and norweigian cruise lines.
    After that, visit the credit card/bank of your choice and log on. Click around the site, and specify certain cards, or banking pacages your interested in.
    Then log off your account.
    Clean your computer again with Adaware, and Spysweeper, and wait to see if any offers come in.
    It would be interesting if they hit you with high end offers since that is what they saw in your web history.

    Good read CM.

    Robert, Detroit/Windsor border guy.

    P.S. It's Thursday, September 4 2008. JUDGEMENT DAY FOR MAYOR KWAME KILPATRICK! Time to go Kwame, time to go you text messaging, lying, filandering, "Hip Hop Mayor."

    P.S.S. Kwame's text messaging scandel could read into what not to do with city owned (tax payer funded) PDA's. Now that's tracking and tracing on a high level!

  13. It only makes good business sense. In a general sense, one should never assume they are surfing anonymously.

    I would imagine that they also take the metrics one step further. Let's say each time you ask for a CLI, you make a major purchase, keeping your utilization at a steady X%. I am sure they have risk analysis for this type of behavior, much in the same way USAA probably wondered why you were asking for CLI, but not (presumably) using them (maintaining X% as a function of utilization).

    As for the email alerts, I know when you're working too late, my blackberry notifies me! ;)

  14. Robert, even if your computer is completely clean, the card company will know when you've hit that CLI button. The only way to stay off the radar is to refrain from hitting it.

    And, Jen, what worries me most about hitting that CLI button is that the card company could see it as risky behavior. I think the frequency would be a trigger.

  15. Nice article as always--I've been conscious of the ability for that to be tracked, but didn't realize that USAA had owned up to it. Doesn't affect me because there I don't have a love button at USAA :). But Bank of America's HAL loves me on one card but if I go for an increase on the other the same day, a human underwriter will do it by taking CL from the first for a net gain of zero on the second push of the button. So now I know to avoid doing that. (I'm probably not going to rattle B of A's cage for awhile anyway since they now host my highest reporting limit.)

    @anonymous: I highly caution against using anonymizer or TOR or other proxies to access your accounts online. If anyone's paying attention at the banks, that's a huge fraud red flag. Not a bank, but I logged into eBay once via TOR and the next day was forced through a password change. They wouldn't tell me why, but I'd lay odds that was it.

    Of course, now that we know they're watching thanks to credit_matters, we can act like good little credit citizens in much the same way we slow to the speed limit when we see a state trooper in the median and not only not get zapped by the creditor radar gun, but be rewarded for our exemplary credit behavior.

  16. DM, my USAA button is gone now as well. Been gone for about six months.

    And you are so right. Now that some of my readers know about this, they can walk around the site acting like perfect credit citizens.

    If they want to play the game, we'll play it, too.

  17. Oops.

    Ever since I saw on that clicking the love button on Citi didn't do anything unless you filled out the form, I've been clicking it every day.

  18. FLT, you're probably not alone. I imagine a lot of people hit the button on a regular basis.

    At least you now know that Citi keeps a record of your clicks.

  19. I agree CM, people should refrain from hitting the credit line increase request too much.

    Howvever, I think my point was missed. If Credit Card companies and banks are using cookies or other methods too see where we have been on the web, we can use it to our benefit.

    Don't request increases of a credit line more than once every 3-4 months. Clean the computer with Adaware, and Spysweeper. Go to the websites of Macy's, Frontgate, Saks, United Airlines, and Norweigin Cruise Lines. Then hop onto the credit card company/bank which you are affiliated and log on. Click the card/packages your interested in, then after brwsing, log off.

    See what happens. Maybe some high end offers will come. If so, then you know they have seen where you've been.

    Can't hurt to use what they use to our gain.

    Robert, Detroit/Windsor border guy.
    P.S. YES! I WOKE UP FROM MY SLEEP AND KWAME IS GONE! Bye bye "hip hop mayor!" A new day for Detroit.

  20. I see what you're saying, Robert.

    Hey, it can't hurt!!

  21. Anonymous, banks don't sniff out your browsing history. It's totally against their privacy policies and probably violates several laws. I would smell a HUGE lawsuit if they were monitoring which websites you were viewing OUTSIDE of the bank's website.

    For them to even pull it off they would need either access to your ISP records(which requires a subpoena) or the bank or whomever would need you to download sniffing software clearly explaining that all your browsing history will be revealed, highly unlikely ;).

  22. I wonder if they view hitting the balance request button just as risky.

    I know I hit those every other day to see if there is a good percentage offer.

  23. Concerned, not sure how they view you hitting the balance transfer button, but I would imagine they do monitor that button -- along with the rest of them.

  24. Nice article! Just curious, but when you say don't hit the luv button too often, what time frame does that mean? What is a good length of time between CLI request attempts? Thanks.

  25. How often? Probably about every four to six months in this environment. I've never seen anything like this credit climate.

    Tight, tight, tight. You have to claw to keep every limit you have.

    I'm not even seeking credit limit increases these days. Just sitting back and waiting for the smoke to clear.

  26. I'm totally paranoid about tracking, I clear my cookies and history every time I leave any of my cc (or credit monitoring) sites. We had an "issue" at work where an online mailing we did had online tracking stuff embedded in it (i.e. kind of like referral links). Tech-savvy folks blew their tops at us, rightly so.

    Thanks, as always CB, and a *wave* to Bob Wang - come back to Creditboards, Bob!

  27. One of the major banks shut down all of my cards (not suspended) due to frequency of hitting the button online. For what it's worth, I was hitting one every 2-12 weeks and not hitting on all 4 accounts. I hit the button on one of my newer accounts and within days all 4 accounts were closed (nearly 15 year relationship). It can an will happen. Great article, CM.

  28. Anon, thanks for the comment. Sorry that your credit card company shut you down. But I do appreciate the anecdote because it makes my story a little less theoretical.

    This stuff does happen.

    Thanks for sharing.

  29. From what I read I figured out the frequency part, 4 to 6 month or even longer based on individual goals and the market etc...

    But based on your experience CM what would be the % you asked for and got approved every time?
    As an example you discussed city either being a soft and you get approved on the spot, or fill out the form. So what % were you asking that you got approved each time? can you perhaps give some numerical examples.
    e.g. $5k ask for $6k? or 7.5k? etc...

    Again I know there are different factors and creditors etc... but I'm sure you can answer this question to some extant as I can too. I know for a fact I would never ask a $5k account to go to $25 :P

  30. Hk, I don't have a set number or set percentage. It's really probably more of an art. But one thing I ALWAYS do is point to my high limits elsewhere. I'm merely trying to get my creditors to play "tag." I've found that most creditors will get close to your highest-limit card if you ask. Of course, if you had a $25K card and the rest of them were at $5K, it likely would not work.

    I would likely move up in steps. I'd probably ask my card company to double me if I was at $5K. If I was at $10K I would not hesitate to ask for $20K. I would NOT ask to go from $25K to $50K. But I would ask to go from $25K to $35K or $40K. Given this credit environment, though, I am being very cautious and very conservative. I would not be asking for huge CLIs.

    Read my story on Monday. You'll see how I am handling the situation.

  31. Exactly what I was looking for and was even better then my % question, I just wasn't sure how to word it. But chasing your highest limit while not over doing it makes alot of sense.

  32. Hk, that's how I have historically done it. But given recent events, I have really clamped down. I'm laying low.

Add comment
Load more...