1 Does my bank know everything I buy?
When paying by card, the bank records “payment data”: the amount of the transaction, the date and time of payment, the identity of the merchant, etc.
On the other hand, it does not have access to the details of the products purchased, known as “purchase data”.
When paying online, things get complicated because purchase data can be disseminated among many players, “including banks,” explains Aymeric Pontvien, a finance and innovation advisor at the National Commission on Information Technology and Freedoms (Cnil) to AFP.
“But they don’t bother making history with this data,” he thinks, because their customers expect strict banking service and they “will definitely react badly” to see their bank track their purchases.
Sophie Heller, Head of Banking, Commercial and Retail Banking at BNP Paribas asserts, “Trusting banks to manage data is huge capital, and we have no desire to play with it.”
In addition, traders are jealous of their customers’ purchase data because sharing it with banks will give a lot of indication of their performance.
Aymeric Pontvianne believes that data sharing can take place between the distributor and the bank player in a specific case: the case of loyalty cards that also function as a payment card. Generally, distributors, to operate this type of card, must have an affiliate of the bank with which they can share data without fear because they are part of the same pool.
However, the consumer must give their consent first, as required by the General Data Protection Regulation (GDPR).
And beware of those who are not clear on the subject: Carrefour and its banking branch notably in 2020 were fined €3 million by Cnil for failing to fulfill their duty to provide information on the pass. However, conditional statements indicated that the group had made “significant efforts” to achieve compliance.
2 In what can this data be used?
Historically, banks have had access to payment data to allow their customers to assess and advise their spending and for anti-money laundering purposes. This data is protected by banking secrecy.
Subject to specific consent from their customers, they can also use it for marketing purposes.
In this case, the bank can analyze the customer’s payment data to promote certain services of its affiliates in a targeted way. For example, if a person spends a lot of money on insurance or fuel, they can offer them their own insurance or their own electric car rental.
The bank does not have the right to create a “profile” of its customers from their data which may risk depriving them of certain rights: for example, refusing credit or insurance because the customer regularly makes purchases in the pharmacy and is therefore likely to be affected by an illness.
3 Are banks the only ones who can know this information?
Banks aren’t the only ones with information about our habits because payment methods have doubled in recent years and digital purchases have created “more and more unpredictable data movements,” Emeric Pontvian notes.
Some startups, bank account aggregators or major digital platforms developing payment methods can access a large amount of data, sometimes without being transparent about it.
For Cnil, the only solution to maintaining anonymity in its payments is cash, which is used less and less on a daily basis and instead for small purchases.