Does my bank know everything I buy?
When paying by card, the bank records “Payment Data”: the amount of the transaction, the date and time of payment, the identity of the merchant, etc., however, it does not have access to the details of the purchased products, called “data”. Purchases. When paying online, they become Matters are complicated because purchasing data can be disseminated among many players, “including banks,” explains Aymeric Pontvien, finance and innovation advisor at the National Commission on Information Technology and Liberties (CNIL).
“But they don’t bother making history with this data,” he thinks, because their customers expect strict banking service and they “will definitely react badly” to see their bank track their purchases. Sophie Heller, Head of Banking, Commercial and Retail Banking at BNP Paribas asserts, “Trusting banks to manage data is huge capital, and we have no desire to play with it.” In addition, traders are jealous of their customers’ purchase data because sharing it with banks will give a lot of indication of their performance.
Aymeric Pontvianne believes that data sharing can take place between the distributor and the bank player in a specific case: the case of loyalty cards that also function as a payment card. Generally, distributors, to operate this type of card, must have an affiliate of the bank with which they can share data without fear because they are part of the same pool. However, the consumer must give their consent first, as required by the General Data Protection Regulation (GDPR). And beware of those who are not clear on the subject: Carrefour and its banking branch notably in 2020 were fined €3 million by Cnil for failing to fulfill their duty to provide information on the pass. However, conditional statements indicated that the group had made “significant efforts” to achieve compliance.
How can this data be used?
Historically, banks have had access to payment data to allow their customers to assess and advise their spending and for anti-money laundering purposes. This data is protected by banking secrecy. Subject to specific consent from their customers, they can also use it for marketing purposes. In this case, the bank can analyze the customer’s payment data to promote certain services of its affiliates in a targeted way.
For example, if a person spends a lot of money on insurance or fuel, they can offer them their own insurance or their own electric car rental. The bank does not have the right to create a “profile” of its customers from their data which may risk depriving them of certain rights: for example, refusing credit or insurance because the customer regularly makes purchases in the pharmacy and is therefore likely to be affected by an illness.