Is the NSA Looking at Your Bank and Credit-Card Records, Too?

An employee rings up a credit card purchase at a store in Berlin, Germany Photograph by Adam Berry/Bloomberg

They can read your e-mail and listen to your phone calls—but could the National Security Agency also be snooping into your finances? The German magazine Spiegel, citing new details from the Edward Snowden files,
reports today that an NSA program called Follow the Money tracks records of international payments, banking, and credit-card transactions.

NSA analysts said at an internal conference in 2010 that they had successfully searched Visa’s credit-card transaction network to target customers in Europe, the Middle East, and Africa, Spiegel reported. Their goal was “to collect, parse, and ingest transactional data for priority credit-card associations, focusing on priority geographic regions,” the magazine said, quoting what it said was an NSA document from 2010.

Records of credit-card transactions flowed into an NSA database, called Tracfin, that also contains data on interbank transfers handled by Swift, the Brussels-based Society for Worldwide Interbank Financial Telecommunication, Spiegel said. The magazine said NSA documents showed that the agency was able to access “SWIFT printer traffic from numerous banks.”

Mike Fish, Swift’s chief information officer, said at a conference in Dubai today that the interbank group had “no evidence to suggest that there has ever been any unauthorized access to our network or our data. We constantly monitor cyber-security threats, and whenever we believe there is any risk to the security of our services, you can be sure we investigate very thoroughly,” Fish said, according to a copy of his remarks furnished to Bloomberg Businessweek by Swift.

Visa, in a statement furnished to Bloomberg Businessweek, said that it was “not aware of any unauthorized access into our network. Visa takes data security seriously and, in response to any attempted intrusion, we would pursue all available remedies to the fullest extent of the law. Further, it’s Visa policy to only provide transaction information in response to a subpoena or other valid legal process,” the statement said.

Spiegel said that the NSA’s Tracfin database in 2011 contained 180 million records, of which 84 percent were credit-card transactions.

Britain’s communications-intelligence agency, known as GCHQ, privately expressed concerns about the effort, the magazine said. Quoting a GCHQ report on the legal implications of collecting, storing, and sharing large quantities of financial data, it said the British agency considered those actions a deep invasion of privacy involving “rich personal information,” much of which “is not about our targets.”

    Before it's here, it's on the Bloomberg Terminal.