A lot of folks have been playing the manufactured spend game recently. Between Vanilla reloads and PIN-enabled gift cards, it’s not too hard to play for now, though things will undoubtedly change soon, as they always do.
But there’s question we’ve seen pop up frequently in relation to this and other topics: can my credit card company see what I’m doing? Chasing The Points brought this up a few days ago:
I was looking up a vendor for the MCC code in the Visa Supplier Search and noticed the column “Enhanced Data Level” I had to look it up and there are three levels.
According to bluepay.com, the levels of data are:
- Level 1
- Basic data – merchant name, transaction amount, transaction date
- Level 2
- More detailed data – all of the above including tax ID, taxes paid, customer code, merchant postal code, and a couple of others
- Level 3
- Even more detailed data – all of the above including line item transaction like product code and descriptions and quantities, and if shipping, weight, duty, and destination postal code, and other detailed information
I’d be incredibly wary about gift card churning from stores that have Level 2 and above. One vendor that I frequent is on Level 2 and I will not be patronizing them anymore.
We personally wouldn’t sweat it, and we have several reasons why.
First, here’s a quote from a lawyer at the American Bankers Association:
“The issuing bank has the date of transaction, name of the merchant and the amount of the transaction that allows them to process that transaction,” says Nessa Feddis, senior counsel and vice president of the American Bankers Association. She says specific information about items purchased (that you bought a gallon of milk, for example) is not included in the data transferred from the merchant. “As a general rule, the specific transaction information is not transmitted to the issuing bank. They are going to know where the person used the card.”
This meshes with our experience. We’ve seen raw credit card transaction data in our past work at banks, and all we ever saw was the basic information mentioned above: who, where, when, and how much… but no details about what. We do wonder about Discover and Amex, since they have their own processing systems, but even then it’s not a given that the card issuer is looking at individual purchases.
Second, we got to researching this a bit after reading CTP’s post, and as far as we can tell, the level 2 and level 3 processing is done fore large businesses with a need to track purchases more thoroughly, not so that banks can learn more about you. Though if anybody has any deeper knowledge of this, we’re all ears.
Our third point: handling all of this data would be an enormous undertaking with uncertain payoffs. Transaction data is already massive, and all banks are doing is handling the basics. If they were to start looking at individual items purchased within a transactions, they would have to allocate vastly more data storage space, possibly tweak their data architecture, hire more analytics staff, and hire more IT/database staff.
They’d also have to hire more compliance staff to make sure the data is not used in a discriminatory way–large banks are actually pretty careful about not doing that, believe it or not.
All of this would be a huge expense, and what would the benefit be? You could possibly get better at risk management, though as alluded to above compliance would be a big hurdle.
It’s certainly possible for somebody to look at any individual’s credit card purchases and get an idea of what they’re up to… but you have to remember that our entire financial system is set up so that you interact with real, live people as little as possible. You know how hard it is to talk to an actual person in customer service instead of the voice response unit? This is the flip side of that: people seldom, if ever, look at what you’re doing. Nobody cares.
Of course, if you do something unusual, like making 10 consecutive purchases for $505.95, you may attract the attention of the risk or fraud departments. An actual human being looking at your purchases doesn’t need to see a lot of detail to figure out what you’re doing. Whether or not they will care is the question.
Somebody may decide that you’re a credit risk and shut you down, or–less likely, unless you’ve really gone to town–the bank may decide that you are exceptionally unprofitable and fire you as a customer. Which is very rare, but it’s been known to happen. There are some good stories on the Fatwallet blacklisting thread if you’re interested.
Thanks for diving deeper into this! You raise a great point I didn’t think about, the huge overhead about on the IT systems with all the data.