cross-posted from: https://links.hackliberty.org/post/125466
My credit card issuer apparently never gets to know what I purchased at stores, cafes, & restaurants – and rightfully so. The statement just shows the shop name, location, and amount.
Exceptionally, if I purchase airfare the bank statement reveals disclosures:
- airline who sold the ticket
- carrier
- passenger name
- ticket number
- city pairs
So that’s a disturbing over-share. In some cases the airline is a European flag carrier, so IIUC the GDPR applies, correct? Doesn’t this violate the data minimization principle?
Airlines no longer accept cash, which is also quite disturbing (and illegal in jurisdictions where legal tender must be accepted when presented for PoS transactions).
Has anyone switched to using a travel agent just to be able to pay cash for airfare?
UPDATE
A relatively convincing theory has been suggested in this other cross-posted community:
https://links.hackliberty.org/comment/414338
Apparently it’s because credit cards offer travel insurance & airlines have incentive to have another insurer involved. Would be useful if this were documented somewhere in a less refutable form.
I’m gonna guess that it’s part of why you don’t get locked out of your credit cards every single time you fly somewhere
See below. It was suggested, but does not actually make sense.
Yea, fuck that. Maybe they do it to avoid automatically blocking your card when being used outside of country?
That was suggested in the parent thread, but seems unlikely. Feeding an AI bot unreliable info is a recipe for disaster (think 1-way tickets bought using different cards). The travel notice is either a manual procedure or the bank does not use travel notices at all. And if it doesn’t use travel notices at all, then all your banks would have to share all travel ticket purchases with all your other banks for that to work. The ones that do not require travel notices apparently have an anti-fraud algo that does not rely on travel notices of any form.
This itinerary sharing has been going on as long as I remember - I think over 20 years. But travel notices are a more recent development. I did not have to give travel notices to any of my banks ~15 or so years ago. It seems like a new trend. They want to pass it off as “anti-fraud”, but IMO it’s just another profitable bit of info they can collect and monetize.
What’s disturbing is there is no info on this. No investigative journalists have looked into it, no articles on what info payment processors feed back to the banks. It’s a big hole that lacks transparency.