Card payments: what banks know about you

It is a small rectangle of plastic that we know by heart: the bank card records a lot of data about our purchasing behavior or our movements, which can be reused by banks or other players.

Does my bank know everything I buy?

When paying by card, the bank records “payment details”: amount of the transaction, date and time of payment, identity of the merchant, etc.

On the other hand, it does not have access to the details of the products purchased, the so-called “purchase data”.

When paying online, it gets complicated because the purchase data can be spread over many players, “including banks”explains AFP Aymeric Pontvianne, finance and innovation adviser at the National Commission for Informatics and Freedoms (Cnil).

“But they have no interest in making the history of this data”he believes, because their customers expect strict banking services and “would certainly react very badly” see their bank tracking their purchases.

“Trust in banks for data management is huge capital, we don’t want to play with that”confirms Sophie Heller, Head of Commercial, Retail Banking and Services at BNP Paribas.

In addition, traders are jealous of their customers’ purchase data, as sharing it with banks would give too many indications of their performance.

Mr Pontvianne is of the opinion that in a specific case data sharing can take place between a distributor and a banking player: that of customer cards that also function as payment cards. In general, to exploit this type of card, distributors have a bank branch that allows them to share data without fear as it is part of the same group.

However, the consumer must first give consent, as required by the General Data Protection Regulation (GDPR).

And beware of those who are unclear: Carrefour and its banking subsidiary were, in particular, sentenced in 2020 to a fine of 3 million euros by the Cnil for failing to comply with their information obligation on the Pass card. However, the dataconstable indicated that the group subsequently “considerable effort” to come into agreement.

What can this data be used for?

Historically, banks have had access to payment data to enable their customers to assess their spending, advise them and for anti-money laundering purposes. This data is protected by bank secrecy.

Subject to specific permission from their customers, they may also use them for marketing purposes.

In this case, a bank may analyze a customer’s payment data in order to promote certain services of its subsidiaries to them. For example, if someone spends a lot of money on insurance or fuel, he can offer him his own insurance or his electric car rental service.

The bank does not have the right to draw up a “profile” of its customers based on their data, which runs the risk of depriving them of certain rights: for example, refusing credit or insurance because a customer regularly makes purchases at the pharmacy and may therefore be disadvantaged by a disease.

Are banks the only ones who can know this information?

Banks are not the only ones with information about our habits, as payment methods have multiplied in recent years and digital purchases have led to “more data movements that are less predictable”notes Aymeric Pontvianne.

Some start-ups, bank account aggregators or major digital platforms developing payment methods can thus access a large amount of data, sometimes without being transparent on the subject.

For the Cnil, the only solution to keep the anonymity of its payments is cash, which is used less and less every day and rather for small purchases.


Leave a Comment