The short answer to this question is clearly, “a lot.” Credit card issuers are the keepers of a vast amount of personal information, including data on:
- Their customers’ identities
- Their credit histories
- Their spending habits
- And much more
Much of that information is regulated, so the issuers have to follow protocols ensuring that your information is protected while still being able to responsibly disclose data to 3rd parties.
Sharing Information With The Credit Reporting Agencies
When a consumer opens a credit card account the card issuer sends information about the consumer and his new account to the three major credit-reporting agencies: Equifax, TransUnion, and Experian.
Sensitive personal information is shared between a consumer’s creditors (aka “data furnishers”) and the credit reporting agencies, such as:
- Account number
- Balance information
- Payment history
- Social security number
This information is updated and sent to the credit reporting agencies every month.
Sharing Information With Advertisers
In recent years the credit card issuers have found a way to leverage transactional information for additional profits. In other words, credit card brands such as American Express and MasterCard, among others, are selling data about the spending habits of their customers to advertisers looking to target ads to specific groups of consumers. This target marketing allows advertisers to make more relevant offers to consumers.
Naturally there are privacy concerns anytime a company shares the personal information of their customers, especially when credit card data is involved. There has certainly been no shortage of highly publicized data breaches, all of which involved an exposure of sensitive consumer information. Thankfully a variety of Federal statutes help to minimize our financial risk in the event of data breaches.
What Can Happen To Information During A Data Breach?
Data breaches have occurred on a large scale dozens of times in the past year. Many customers of Target, Home Depot and JPMorgan Chase have been exposed to at least the possibility of having their personal and/or account information stolen.
A data breach begins when a database is hacked either internally by someone pretending to have a valid reason to access the data, or externally via malware or unauthorized access to the data. Depending on the type of information compromised during a breach, consumers could see their account numbers, email addresses, and even their identifying information in the hands of thieves.
You’ve probably never heard the term “enhancement services.” This describes the practice whereby credit card issuers allow 3rd party service providers to market products and services to their cardholders. You’ve probably received phone calls or statement stuffers from companies trying to sell you things like payment protection, identity protection services, and other forms of insurance.
The word “enhancement” is meant to describe the potential for the sale of these services to enhance the bottom line of the credit card issuers. Some card issuers have found themselves on the wrong side of CFPB (Consumer Financial Protection Bureau) fines because of overly aggressive marketing by these 3rd party service providers, and several have been fined hundreds of millions of dollars, being forced to pay back their cardholders for money spent on services that they either didn’t need or didn’t want.