Visa, MasterCard and Amex Privacy

One of the aspects of my everyday work is to consider privacy implications of things our business implements as part of our service. We are very privacy focused and like to advise our customers accordingly.

In the area of payments, it is my current understanding that Visa and MasterCard don’t actually have the details of who is using their cards as those details are with the issuing bank. I don’t see a reason why the issuing bank would be providing those details to Visa or MasterCard, at least not on a routine basis anyway.

The contrast here would be American Express where they are the card issuer and the payment network and know exactly who you are shopping with.

Is my understanding correct? In the opinion of anyone who would like to express an opinion :slight_smile: does the disconnect between Visa and MasterCard and the actual card user represent a useful privacy “feature” (for want of a better word)?

3 Likes

Based on this article https://www.finextra.com/newsarticle/32595/google-bought-mastercard-data-to-link-ads-with-in-store-purchases

Seems like MasterCard must known who the cardholders are

Perhaps someone from Monzo could comment on whether they pass customer details to MasterCard?

1 Like

MasterCard must have cardholder info as if you call their emergency lines abroad they have cardholder details and can issue you an emergency replacement card without you evening taking to your bank (although MasterCard does get authorization from the bank first).

Disappointing to hear that - I would have expected them to lookup the card number and then get the issuing bank on a conference call: I see no reason why the card networks need to know which card number is issued to a person. (“Fraud?” - MC has practically no risk factor: it’s the individual banks who decide who to signup and bare the risk of fraudulent transactions - that’s if the merchant doesn’t lose out which tends to be the case/“Bank/issue closed”: block the card if MC can verify recent transactions and send a message to the bank).

Hmm, Mastercard Global Privacy Notice has pointed me to https://www.mastercard.co.uk/public/my-data/gdp-public/index.html … could be interesting… [well, it would be interesting apart from the fact the Recaptcha key is invalid for that site so you can’t actually register… Erm, have they actually tested/used it themselves?]

Mastercard International Incorporated and its affiliates (collectively, “Mastercard”) processes various types of Personal Information, as a data controller, to protect you against fraud. If you are located in the EEA or Switzerland, Mastercard Europe SA is the entity responsible for the processing of your Personal Information. “Personal Information” means any information relating to an identified or identifiable individual. This may include:

  • Transaction data, fraud and authentication scores, transaction risk factors, location data, merchant details, items purchased, information about disputed transactions and confirmed fraudulent activity.
  • Certain information about you collected via automated means such as cookies and web beacons when you interact with our ads, mobile apps, or visit our websites, pages or other digital assets, such as IP address, browser type, operating system, mobile device unique identifier, geographical area, referring URLs and information on actions taken or interaction with our digital assets.
  • Some of our online products and services also include advanced fraud prevention technology using behavioral-based data, such as keystroke timing, scroll position and mouse-location.

We obtain the above categories of Personal Information from various sources: from financial institutions and merchants, directly from you, from third parties as detailed below or from your interaction with our digital assets.

I wonder if someone from Monzo can comment on this? Maybe @simonb could ask for us :slight_smile:

The information is public.

Mastercard collect the information, which means the bank tells them. Not sure what is actually so confusing about that.

Mastercard has to collect certain information for fraud prevention the same as a bank does.

Monzo state they may share your information.

We may share your personal information with:

  • Any organisation which supports any of our services you use, when they need it to offer those services. That includes:
    • Card producers and networks.
  • Certain authorities that detect and prevent terrorism (including authorities outside the UK if one of your payments is processed through a worldwide payment system).

The fact I’ve been told by a bank that MasterCard do not by default know who cardholders are. So yes, they “may” share the information when there is a reason to, but do they do it by default for all cardholders?

No the Mastercard rules state there is no requirement for a card issuer to provide the information automatically, however it has to make it available when requested.

I don’t have the exact answer here unfortunately but it’s important to remember that Mastercard US Credit Cards and Mastercard Europe Debit Cards are entirely different operations. :slightly_smiling_face:

1 Like

The actual rules with regards to privacy and data are https://www.mastercard.us/content/dam/mccom/en-us/documents/mastercard-bcrs-february-2017.pdf