Mastercard sells the transaction histories of its cardholders to third parties, allowing them to deliver targeted ads. While this practice is profitable for Mastercard, it puts the privacy of cardholders at risk, the Electronic Frontier Foundation (EFF) said on Tuesday, echoing calls from the U.S. Public Interest Research Group (PIRG) for the company to end this practice.
In a report on Sept. 21, the PIRG criticized Mastercard’s sale of cardholders’ data. “Mastercard has even spun up its own in-house data sales division,” the report said. “Here, Mastercard advertises that companies can access databases made up of billions of credit card transactions made on Mastercard’s payment network.”
While this data may be anonymized, it still contains sensitive information about users that may be used to profile them.
“The more data you have, the harder it is to anonymize — and beyond a certain point, it might be impossible,” Rory Mir, the EFF’s associate director of community organizing, told VPNOverview in an email. “Even if you strip data from personal identifiers, like one’s name or billing address, other patterns can emerge from the data which make them unique to you like a fingerprint,” Mir added. “When and where you get coffee, buy clothes, get gas, go to the gym, etc, all add up to a profile that is uniquely you.”
The Dangers of Selling User Data
Mastercard records data about each transaction, including the date, time, and location where the transaction is made. While this seems innocuous, it can be used to make inferences about the user.
“In some cases, this means predicting who’s a “big spender” or which cardholders Mastercard thinks will be “high value” — predictions used to target certain people and encourage them to spend more money,” the EFF explained.
Mastercard’s decision to sell user data doesn’t just put the privacy of cardholders at risk but also exposes them to invasive targeted advertising and increases the chances they’ll be in the crosshairs of scammers. The trade of stolen data on the dark web fuels scams like identity theft.
“Companies have gotten carried away with collecting as much data as possible about consumers and selling it…Not because it’s necessary for the service customers are paying for – but because they can make even more money if they sell data,” the PIRG said.
The calls for Mastercard to stop selling user data follow news that Visa is discontinuing its Visa Ad Solutions, the platform the company used to sell cardholders’ transaction data.
“We hope companies are recognizing that data is a toxic asset, and invading people’s privacy will sink any goodwill or trust they have from consumers,” Mir said. “That said, we see most of the momentum in remedying these abuses of data coming from new pro-privacy legislation.”
‘Let Mastercard Know its Data Sales Need to Stop’
A 2021 survey by the Bank for International Settlements (BIS) found that people tend to trust traditional financial institutions, such as Mastercard, more than big tech companies, government entities, or fintech firms. In fact, an August study by PrivacyHawk showed that Americans expect financial institutions like banks to protect their privacy.
The PIRG outlines a list of steps for cardholders to take control of their Mastercard data. “But it’s not enough,” the advocacy group says. “Mastercard shouldn’t be selling data in the first place – you shouldn’t have to submit a special request asking it to.”
Meanwhile, the PIRG and nine major groups have also published an open letter to Mastercard’s CEO, Michael Miebach, expressing concern about non-transactional data use and calling on the company to cease the practice.
“Mastercard should use our data for being a credit card – and nothing else,” the PIRG said.
For more news, follow us on X (Twitter), Threads, and Mastodon!
