Geoffrey A. Fowler, The Washington Post:
Despite a federal privacy law covering cards, I found that six types of businesses could mine and share elements of my purchase, multiplied untold times by other companies they might have passed it to. Credit cards are a spy in your wallet — and it’s time that we add privacy, alongside rewards and rates, to how we evaluate them.
With my banana test — two bananas, one purchased with the popular Chase Amazon Prime Rewards Visa and the other with Apple’s Mastercard — I hoped to uncover the secret life of my credit card data. But in this murky industry, I was only partly successful. Unlike my other recent technology experiments, such as watching what my iPhone does while I sleep, I couldn’t hack into my cards to follow the data.
Instead, I asked insiders and privacy advocates to help identify the types of companies that had given themselves access to my swipe for purposes unrelated to payment and preventing fraud.
The card data business is booming for advertisers, for aiding investors and for helping retailers and banks encourage more spending. And there are many ways a card swipe can be exploited that don’t always require a transaction being “sold” or “shared” in a way that fully identifies you. Data can be aggregated, anonymized, hashed or pseudonymized (given a new name), or used to target you without ever technically changing hands.
What’s the harm? We’re legally protected from fraudulent charges and unfair lending practices. But spending patterns can reveal lots — possibly enough to blackmail you. Anytime data passes to new hands, there’s another chance it could get stolen.
People can have different views on whether it’s worth exchanging data for airline miles or cash back. But how are we supposed to make informed decisions when we don’t know where our data is going?
Let’s unravel the six kinds of companies that sold me out. It’s bananas.