Mastercard removes some ads for customer transaction data

Mastercard
Mastercard said that that it does not sell any information that could identify individual cardholders. The company explained its decision to remove certain advertisements by saying that the listings "weren't aligned to our strategic objectives."
Lionel Ng/Bloomberg

Mastercard is removing some of its advertisements for transaction data from certain online data marketplaces.

The elimination of the ads comes amid scrutiny from data-privacy advocates, but Mastercard explained the move as a business decision. The listings, which showcase detailed spending trends derived from the purchases of Mastercard users, "weren't aligned to our strategic objectives," the company said in a statement.

Mastercard is one of many U.S. companies that sell anonymized information about consumers' spending habits. It's also the second-largest payment processor in the world, so its data practices are subject to more scrutiny than those of a smaller business. Mastercard facilitated more than $720 billion of transactions in the U.S. in the third quarter, according to regulatory filings. Worldwide, consumers made more than $2.3 trillion in purchases via Mastercard over the same period.

Mastercard's sale of transaction data recently drew criticism from the U.S. Public Interest Research Group, which advocates for stricter data privacy policies. An analysis by the group found that Mastercard maintained listings on at least seven online data marketplaces in recent months.

For example, the card network placed an advertisement for its "actionable insights" on Snowflake, an online platform for buying and selling data. Those insights come via "Mastercard Audiences," which promises third-party clients information about customer spending patterns down to ZIP code-level data.

Custom datasets advertised by Mastercard on the Snowflake platform offer information about geographic areas and the presence of "affluent shoppers," "big ticket shoppers" and "fast fashion apparel buyers," among other segments.

Mastercard said that it does not sell any information that could identify individual cardholders.

As recently as September, Mastercard was also featured as a partner on Adobe's data marketplace. According to a listing there, Mastercard was providing interested buyers with "real-time transaction data" and relevant audience segments "based on current spending habits."

Mastercard's data practices don't include collecting a purchaser's name or contact information, but the company records the transaction amount, the merchant used, the date and time of purchase and the place of purchase, either online or offline, according to the Adobe listing.

Screen Shot 2023-11-01 at 9.50.15 AM.jpg
A Mastercard ad on Snowflake, an online platform for buying and selling data, touts hundreds of "off-the-shelf audiences based on aggregated and anonymized transaction data across different industries and including seasonal shopping behavior."

Another data solutions company that has partnered with Mastercard is called Lotame. The firm's stated mission is to "help companies drive growth and derive value from customer data" via partnerships with companies that have lots of user data on hand, including Meta, Oracle, and Salesforce. Mastercard was also listed as a partner on the data marketplace  Xander Inc. 

In September, U.S. PIRG sent Mastercard a letter asking the company to stop "collecting, reselling and otherwise monetizing or sharing consumer data." The company uses cardholder data "for purposes well beyond completing cardholders' transactions," the letter said.

Eight other advocacy groups signed on to the letter, including organizations focused on consumer, privacy and technology issues. Mastercard and U.S. PIRG have agreed to an initial meeting next week, according to R.J. Cross, a policy analyst focused on data privacy at U.S. PIRG.

Cross said that U.S. PIRG found Mastercard's practices compelling to analyze because the company is selling data at such a large scale.

"It's clear that they are monetizing transaction data and that they are present on a lot of these really big data marketplaces," Cross said in an interview.

American Banker asked Mastercard about specific data listings that U.S. PIRG flagged. 

Mastercard, headquartered north of New York City in Purchase, New York, said the advertisements in question either had been or would be terminated. Mastercard declined to say when it terminated the ads that it has taken down. Some of the listings noted by U.S. PIRG remain on data marketplaces, though the Mastercard offering on Adobe's data marketplace has been removed since late September.

Mastercard also declined to elaborate on which listings remain active and emphasized that it does not sell cardholders' personal data.

"When we process a card transaction, we do not know who made the purchase or what they bought," the company said in a statement.

But customer names aren't a necessity for buyers of transaction data to derive insights about the way individual consumers spend money, said Cross of U.S. PIRG. She pointed specifically to machine-learning models and other technologies that have aided companies in their pursuit of consumer data in recent years.

"Aggregating and anonymizing customer data helps cut down on some of the risks associated with data monetization, but it does not stop reaching people on an individual level based on data," Cross said in the U.S. PIRG report.

A rule proposed by the Consumer Financial Protection Bureau in October would prohibit companies from "wrongfully monetizing" or "otherwise misusing" sensitive personal financial data.

"Third parties could not collect, use or retain data to advance their own commercial interests through actions like targeted or behavioral advertising," the CFPB said in a statement announcing the proposed rule.

The so-called Personal Financial Data Rights rule would instead limit companies to collecting data that is needed to provide a product or service, the agency said.

In 2019, Mastercard outlined six principles that it said were guiding its data policy: security and privacy, transparency and control, accountability, integrity, innovation and social impact.

"Your data will be kept secure and used responsibly," the company said at the time.

Mastercard doesn't disclose total revenue generated by the sale of aggregated transaction data to third parties. But the card company's services and solutions division, which includes data sales, brought in $2.3 billion in the third quarter, up almost 17% from the same period last year.

The company said in a statement that its insights and analytics service helps commercial customers "measure the impact of their decisions" by "understanding trends and aggregated behaviors."

Last week during the company's quarterly earnings call with analysts, Mastercard CEO Michael Miebach noted "increasing demand for actionable insights."

"Our services, bolstered by our data-driven intelligence, can help customers reduce fraud, grow their portfolios and better engage with their end customers," Miebach said.

For reprint and licensing requests for this article, click here.
Customer data Data privacy Payments
MORE FROM AMERICAN BANKER