« Gas Station Pumps And the 'Clear' Button Email: A Real Solution? | Main | TripAdvisor Data Breach Includes Stolen Email Addresses »

Friday, March 25, 2011


Feed You can follow this conversation by subscribing to the comment feed for this post.

Merchant Services

I am aware that banks collect data from our credit card transactions. It can help them classify the kind of credit card user you are. But didn't know that they actually sell it. I think its really possible and its unethical. But can this be illegal? I mean is there any law regarding this issue?



The Credit Reports section of the August 2010 Customer Agreement, for my Capital One Platinum Visa Card, reads:

"We may provide information about you and the Account to consumer (credit) reporting agencies and others as provided in our Privacy Notice..."

The key word in the above sentence is "others." The Information Sharing section of the Privacy Notice reads:

"We may disclose information that we collect as described above to the following entities:
- other companies in the Capital One family, as described at the end of this notice.
- Financial service providers, such as securities broker-dealers or insurance companies.
- Non-financial companies, such as retailers, data processors, and advertisers.
- Carefully selected business partners (e.g., so they can alert you to their products and services).
- Companies that perform marketing services on our behalf..."

"Data Processors" probably includes companies like Heartland Payment Systems, that process transactions. I wrote about Heartland's massive data breach in this blog. Use the search mechanism in the right column to find blog posts about Heartland.

The above information sharing language seems sufficiently broad for Capital One's benefit. Nowhere does the notice list the other companies by name.

Obviously, you should read the Customer Agreement and Privacy Notice documents your credit card issuers sent to you for the credit cards you use. These legal documents are different than the website Privacy Policy and Terms of Use.

I hope that this helps.


The comments to this entry are closed.


  • Updates via E-mail RSS Feed Updates via Twitter Updates via Facebook


  • Bloggers' Rights at EFF
  • George Jenkins, author of the I've Been Mugged Blog


  • © 2007 - 2017. George Jenkins. All Rights Reserved.


  • <$MTStatsScript$>