Mastercard keeps detailed records of the spending habits of its credit card holders, which it then sells to third-party companies — often without customers’ knowledge.
That’s according to a report published Thursday by the U.S. Public Interest Research Group (PIRG), which says that Mastercard has built a separate division dedicated to the selling of customer transaction data which has become a huge revenue stream for the global payments technology company.
The problem is that most consumers are not aware of the degree to which their data is being tracked and sold or that the sale of such personal data exposes them to identity theft and scams, in addition to “creepily invasive” advertising, the consumer advocacy group warns.
“Mastercard is so opaque about its data sales it’s almost certain most cardholders don’t realize what the company is doing with their data,” R.J. Cross, policy analyst for U.S. PIRG, told CBS MoneyWatch.
The data Mastercard sells is “aggregated and anonymized,” meaning third-parties don’t have customers’ individual information, according to the PIRG report. While that mitigates some of the consumer risks that come with data monetization, it does not prevent companies from “reaching people on an individual level based on data” or being bombarded with annoying ads, according to the consumer agency.
With that in mind, consumer advocates from nine organizations, including the American Civil Liberties Union and the Center for Digital Democracy, sent a letter to Mastercard CEO Michael Miebach this week asking him to stop selling customers’ data.
Mastercard, the nation’s second largest credit card issuer, didn’t immediately respond to a request for comment from MoneyWatch Thursday.
Rise of data brokers
In the past decade, U.S. companies have come to realize there are big bucks in storing and selling the spending habits of customers. Companies involved in this practice have become known as data brokers.
Data brokers sell consumer information they’ve collected to third-party marketers who then use the intelligence to build and push targeted ads to individuals based on their race, geography, age, education or other demographics.
The data-broker industry, which is expected to reach $462 billion by 2031, has come under increased scrutiny from Congress and regulators in recent years. Lawmakers have , as well as smaller data brokers, for information about their handling of consumers’ location data from mobile phones, and the steps they have taken to protect the privacy rights of individuals.
From card companies to car companies
To be sure, Mastercard isn’t the only credit card company engaging in the practice. American Express sells data through third-party analytics company, Wiland, according to news site Marketing Brew. Visa, the nation’s largest credit card issuer, sold its cardholder data for a period, but shut down its private data selling operation in 2021, Marketing Brew reported.
Cellphone companies also sell data that customers generate from using apps.
Automakers are also steeped in consumer data, Cross said. “Cars collect so much personal information it’s shocking — and they are no stranger to data breaches, too,” she said.
Advanced features on cars such as touch sensors, cameras and GPS, collect data from drivers and passengers that is often stored by the car company, according to Mozilla. Car manufacturers sell personal data that they’re willing to share with government agencies or law enforcement without a court order, a Mozilla Foundation study published this month found.
In 2022, Google agreed to pay awith 40 states in connection with an investigation by state attorneys general into how the company tracked users’ locations. The investigation by the states found that Google continued to track people’s location data even after they selected a privacy setting to block the company from doing so.
Cross said she recently applied for a Mastercard to see if the company gives customers the option to opt out of having their data sold to third parties.
“In all the materials I saw, none of them clearly stated what’s happening and I never was given a box to check saying ‘Yes, I consent to Mastercard selling my data,'” she said. In other words, “By default, just by having a Mastercard, your data is being sold,” Cross said.