cross-posted from: https://links.hackliberty.org/post/125466

My credit card issuer apparently never gets to know what I purchased at stores, cafes, & restaurants – and rightfully so. The statement just shows the shop name, location, and amount.

Exceptionally, if I purchase airfare the bank statement reveals disclosures:

  • airline who sold the ticket
  • carrier
  • passenger name
  • ticket number
  • city pairs

So that’s a disturbing over-share. In some cases the airline is a European flag carrier, so IIUC the GDPR applies, correct? Doesn’t this violate the data minimization principle?

Airlines no longer accept cash, which is also quite disturbing (and illegal in jurisdictions where legal tender must be accepted when presented for PoS transactions).

Has anyone switched to using a travel agent just to be able to pay cash for airfare?

UPDATE

A relatively convincing theory has been suggested in this other cross-posted community:

https://links.hackliberty.org/comment/414338

Apparently it’s because credit cards offer travel insurance & airlines have incentive to have another insurer involved. Would be useful if this were documented somewhere in a less refutable form.

    • soloActivistOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      See below. It was suggested, but does not actually make sense.

  • cmysmiaczxotoy@lemm.ee
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Yea, fuck that. Maybe they do it to avoid automatically blocking your card when being used outside of country?

    • soloActivistOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 year ago

      That was suggested in the parent thread, but seems unlikely. Feeding an AI bot unreliable info is a recipe for disaster (think 1-way tickets bought using different cards). The travel notice is either a manual procedure or the bank does not use travel notices at all. And if it doesn’t use travel notices at all, then all your banks would have to share all travel ticket purchases with all your other banks for that to work. The ones that do not require travel notices apparently have an anti-fraud algo that does not rely on travel notices of any form.

      This itinerary sharing has been going on as long as I remember - I think over 20 years. But travel notices are a more recent development. I did not have to give travel notices to any of my banks ~15 or so years ago. It seems like a new trend. They want to pass it off as “anti-fraud”, but IMO it’s just another profitable bit of info they can collect and monetize.

      What’s disturbing is there is no info on this. No investigative journalists have looked into it, no articles on what info payment processors feed back to the banks. It’s a big hole that lacks transparency.