Card payments: type of purchase, personal data … what do the banks know about us?

It’s a small rectangle of plastic that knows us by heart: the bank card records a lot of data about our buying habits or our movements, which can be reused by banks or other players.

When paying by card, the bank registers “payment data”: transaction amount, date and time of payment, business identity, etc.

Does my bank know everything I buy?

On the other hand, it does not have access to the details of the purchased products, known as “purchase data”.

When paying online, things get complicated because purchasing data can be spread between many players, “including banks,” Aymeric Pontvianne explains to AFP, finance and innovation adviser at the National Commission on Information Technology and Freedoms (Cnil).

“But they have no interest in making the history of this data,” he believes, because their customers expect a strict banking service and “would probably react very badly” to see their bank track their purchases. .

“Trust in data management banks is a huge capital, we do not want to play with it”, confirms Sophie Heller, Head of Commercial, Retail Banking and Services division at BNP Paribas.

When do resellers share data?

In addition, merchants are jealous of their customers’ purchase data because sharing them with banks would give too many indications of their performance.

Sir. Pontvianne believes that data sharing can occur between a distributor and a bank player in a specific case: loyalty cards that also act as payment cards. In general, to operate this type of card, distributors have a bank subsidiary with which they can share data without fear, as it is part of the same group.

The consumer must nevertheless give his consent first, as required by the General Data Protection Regulation (GDPR).

And beware of those who are unclear on the subject: Carrefour and its bank subsidiary, especially in 2020, were fined € 3 million by Cnil for failing to fulfill their duty to provide information on the Passport. However, the data constable indicated that the group had subsequently made “significant efforts” to bring itself into line.

What can this data be used for?

Historically, banks have access to payment data to allow their customers to assess their expenses, advise them and for the purpose of combating money laundering. This data is protected by banking secrecy.

Subject to the specific consent of their customers, they may also use them for marketing purposes.

In this case, a bank may analyze a customer’s payment data in order to promote certain services from its subsidiaries to them in a targeted manner. For example, if a person spends a lot of money on insurance or fuel, he can offer him his own insurance or his electric car rental.

The bank does not have the right to create a “profile” of its customers based on their data, which would risk depriving them of certain rights: for example, refusing credit or insurance because a customer regularly makes purchases at the pharmacy and therefore could potentially be affected of a disease.

Are the banks the only ones who can know this information?

Banks are not the only ones who have information about our habits because the means of payment have multiplied in recent years, and digital purchases have created “more data movements that are less expected”, notes Aymeric Pontvianne.

Thus, some start-ups, bank account aggregators, or larger digital platforms that develop means of payment may have access to a large amount of data, sometimes without being transparent on the subject.

For Cnil, the only solution to maintain the anonymity of its payments is cash, which is used less and less on a daily basis and rather for small purchases.

Leave a Comment