Mastercard, don’t sell my data

Mastercard sees how much you spend, where and on what days - and it sells that information to companies you’ve never heard of.

Pixabay |
How people spend money is personal.

Take Action

Almost every company we interact with collects some amount of data on us. Often it’s more information than they really need – and it’s often used for secondary purposes that have nothing to do with delivering the service we’re expecting to get. 

When companies gather excessive amounts of data, it increases the risks we face as consumers – especially when companies sell it to other entities.

Mastercard collects data about its cardholders – like how much they spend, where and on what day. It makes sense Mastercard uses this information to complete transactions. What doesn’t make sense is that Mastercard then uses that data for purposes that have nothing to do with being a credit card – like selling it to data brokers, advertisers and other third parties. It doesn’t need to sell our data to be a credit card – but it’s profitable for it to do so.

We’re asking Mastercard to commit to using the transaction data it collects for what we’re expecting – being a safe, secure credit card, and nothing else.

What data does Mastercard collect?

Mastercard collects transaction data – like where people shop, how much they spend and the day and time they spend it. It also collects if those purchases are happening online or in brick and mortar stores, and the location of the physical stores.

Mastercard needs a lot of that information to complete transactions and prevent fraud – services consumers are expecting to get. But Mastercard does a lot more with that information that many would be surprised to learn.

What does Mastercard do with my data?

Mastercard has a lots of ways it makes money off people’s data.

For example, Mastercard sells bundles of cardholder transaction history to third party companies on large online data marketplaces. Here, third parties can pay money to access data about people’s lives for highly-targeted advertising, among other things.

Mastercard has even spun up its own in-house data sales division. Here Mastercard advertises that companies can access databases made up of billions of credit card transactions made on Mastercard’s payment network. 

What really matters about Mastercard selling transaction data is that it’s contributing to the data selling marketplace that can be harmful for the consumers whose data is being sold.

Why is it bad that Mastercard and other companies sell my data?

Companies have gotten carried away with collecting as much data as possible about consumers and selling it to whomever is looking to buy. Not because it’s necessary for the service customers are paying for – but because they can make even more money if they sell data. Our data can end up in a lot of places – like with identity thieves, scammers, tech companies or advertisers. 

These actors can only access our data because the companies who have our data choose to sell it. Mastercard’s monetization of our data doesn’t directly cause all of the harms we list below. But all of the harms rely on companies like Mastercard choosing to participate in data sales.

This system is dangerous for consumers. 

Data security

When companies sell our data to other companies, they put our personal security at risk. The more companies that hold data about us, the more likely it is our information will end up exposed in a breach or a hack. Once our information is exposed, we’re much more likely to become the victim of identity theft and fraud. This is especially true when leaked information includes our names and contact info, ID info like driver’s licenses and SSNs, or credit card numbers.


Scams these days are getting more sophisticated. A big reason is because using data makes scams more personally targeted. For example, data brokers have bought health information that they turn around and sell to scammers. In a series of scams busted by the Department of Justice, major data brokers targeted people with dementia with mailers for fake lottery winnings, promising a check in the mail if the victim pays a $30 processing fee. The winnings aren’t real, but victims pay a very real $30. That health info could have come from lots of places, including family member’s web searches.

Annoying and invasive targeted advertising

Today we’re inundated with ads in ways we’ve never been before. In the 1970s, the average American saw between 500-1,600 ads a day; today, powered by data-driven targeted advertising, it’s now estimated at 5,000 ads daily. That may sound like a lot, but between traditional ads on TV, radio, billboards, and the digital ads we see every time we visit a website, open our inbox, listen to a podcast or scroll on social media, they really add up.

We’re constantly bombarded with appeals to spend more money on more stuff we likely don’t need and didn’t ask to see – and there’s no way to escape it. We can protect our mailbox from junk mail, and we can protect our phones from junk calls, but as long as our data is collected and sold to the targeted advertising industry, there’s little we can do to protect our screens from annoying, distracting and unnecessary ads. 

Given all these risks, one of the best ways to stop these harms is to cut off the companies that are selling our data in the first place.

Mastercard should use our data for being a credit card – and nothing else

The collection and sale of people’s data is almost entirely unregulated, and companies have taken things too far. Growing its profit margin is not a compelling reason for Mastercard contribute to the massive marketplaces for personal data. 

Mastercard should commit to an internal policy of limited data use – committing to using cardholder transaction data only for the purposes of being a secure credit card.

PIRG has launched a coalition of advocates calling on Mastercard to do just that – and citizens can play a part.

What can I do to protect myself?

There are steps you can take to limit Mastercard’s sharing of your data – our tips guide will walk you through. It’s unclear to what extent Mastercard even allows you to opt out, but we encourage you to take advantage of as many of the options we list in the guide as you can.

But it’s not enough. Mastercard shouldn’t be selling data in the first place – you shouldn’t have to submit a special request asking it to.

You can take action in other ways. Sign our petition to let Mastercard know its data sales need to stop. You can also email Mastercard’s privacy complaints email ([email protected]) and send them the clear message: stop selling my data.


R.J. Cross

Director, Don't Sell My Data Campaign, U.S. PIRG Education Fund

R.J. focuses on data privacy issues and the commercialization of personal data in the digital age. Her work ranges from consumer harms like scams and data breaches, to manipulative targeted advertising, to keeping kids safe online. In her work at Frontier Group, she has authored research reports on government transparency, predatory auto lending and consumer debt. Her work has appeared in WIRED magazine, CBS Mornings and USA Today, among other outlets. When she’s not protecting the public interest, she is an avid reader, fiction writer and birder.