What you buy, where you shop may affect your credit
New credit card law requires probe of issuers' use of purchasing data
What you buy and where you shop may affect your credit score.
As credit card companies continue to tighten their lending standards on card users, some are using purchasing data -- gleaned from millions of card transactions processed daily -- to weed out who may or may not be good credit risks.
|Shop until you drop ... your credit score?|
Our interactive guide "Shopping your way to a better credit score" lets you drop items into a shopping cart and see whether they may raise or lower your score.
Have you used your credit card at merchants specializing in secondhand clothing, retread tires, bail bond services, massages, casino gambling or betting? Your credit card issuer may be taking note -- and making decisions about your creditworthiness based on your purchasing behavior. The reason: Buying used clothing or retread tires may be an indication of financial distress and a preamble to missed credit card payments or defaults.
Now, Congress and federal regulators will be probing the extent to which credit card issuers have used information about where a person shops or what they buy as reasons to lower credit limits or increase interest rates. When credit limits are lowered, it can adversely affect utilization ratios, a measure of how much of cardholders' credit limits are used. Lowering the credit limit increases the utilization ratio and can lead to a lower credit score.
New credit card law: Study this practice
The new credit card reform law signed by President Obama in May 2009 includes a provision requiring federal regulators to investigate whether credit card issuers used information about where consumers shopped, what they purchased, the types of merchants they shopped with and their locations, and the mortgage company they borrowed from as bases for increasing interest rates or reducing credit limits.
"Where a person shops, in my opinion, has little bearing on whether they can pay back a credit card balance," Congresswoman Maxine Waters of California said during an April 22, 2009, hearing on credit card reform conducted by the U.S. House Financial Services Committee. "I want this study done because I want to stop some of these outrageous practices in the future."
Where a person shops, in my opinion, has little bearing on whether they can pay back a credit card balance.
|-- Maxine Waters
Study due in 2010
The Federal Reserve, Federal Trade Commission and other banking regulators must report to the U.S. House and Senate financial services and banking committees, respectively, detailing whether card issuers engaged in the practice between May 22, 2006, and May 22, 2009.
Regulators must also determine whether the profiling negatively affected minority and low-income card users. The Fed must make recommendations for any changes to existing rules or laws that may be necessary to curb harmful practices.
Results of the study are due no later than May 22, 2010.
Waters noted American Express has already acknowledged it used information about where customers shopped to lower credit limits. After a firestorm of criticism and outrage earlier this year, AmEx announced it would no longer engage in the practice.
Is it 'redlining'?
"I'm concerned that limiting credit based on where a person shops or the neighborhood they live in could amount to redlining," Waters said, referring to the practice of targeting certain areas or neighborhoods for discriminatory housing, insurance or lending treatment.
With credit card transactions, every time you make a purchase, a record of that sale is logged into a database of information collected by your credit card issuer. Privacy experts warn that consumers should be mindful of what they buy with plastic and what purchasing data credit card issuers may be analyzing.
"Obviously that is something that most credit cardholders are not going to think about," says Paul Stephens, director of policy and advocacy for the Privacy Rights Clearinghouse, a San Diego-based privacy rights groups. "They've obtained a credit card and think they can go out and use it in any way they like."
Experts say cardholders concerned about keeping purchasing habits private or avoiding credit score dings should consider using cash or gift cards, stored value or prepaid debit cards. Shopping at large supermarkets or wholesale clubs -- which offer a variety of product lines -- may also keep some purchases private. Other tips: Spread purchases that may indicate risky behavior over several credit cards to avoid triggering an alert for a single issuer.
"Cash is the ultimate privacy protector," says Stephens. "It's kind of hard to trace. With most other payment mechanisms there is going to be a trail."
But avoiding credit cards for the sake of privacy may present a quandary for some users: If they had the cash to pay for an item, they wouldn't need a credit card. For others, the convenience of using a credit card over other payment methods far outweighs the potential privacy concerns.
Mining for data
Known in the industry by a number of terms, including behavioral modeling, data mining and psychographic behavior analysis, the practice of mining internal credit card issuer databases for customer spending trends and other patterns is not new. Issuers have been analyzing data perhaps since the first credit cards were issued.
Representatives from the four top credit card issuers -- Bank of America, Citi, Chase and Wells Fargo -- declined to discuss details of how they use purchasing data internally. Many consider this highly proprietary information. A spokeswoman from a banking industry trade group acknowledged that the practice is common.
|Tracking credit card purchases with merchant category codes (MCC)|
Here's a sample of the electronic payment tracking codes assigned to different types of merchants:
4900 Bail and bond payments
5300 Wholesale clubs (Costco, Sam's Club, etc.)
5411 Grocery supermarkets
5532 Automotive stores
5698 Wig and toupee stores
5813 Drinking places (bars, nightclubs)
5814 Fast food restaurants
5912 Drug stores and pharmacies
5921 Packaged beer, wine and liquor stores
5931 Used and secondhand stores
5944 Jewelry, watches, clocks and silverware stores
7251 Shoe repair shops
7273 Dating/escort services
7277 Counseling services (debt, marriage, personal)
7297 Massage parlors
7393 Detective agencies
7534 Tire retreading and tire repair
7995 Betting/casino gambling establishments
8099 Medical services
8351 Child care services
8651 Political organizations
9211 Court costs (child support and alimony payments)
A complete MCC list can be found on the IRS website.
"The issuing bank has the date of transaction, name of the merchant and the amount of the transaction that allows them to process that transaction," says Nessa Feddis, senior counsel and vice president of the American Bankers Association. She says specific information about items purchased (that you bought a gallon of milk, for example) is not included in the data transferred from the merchant. "As a general rule, the specific transaction information is not transmitted to the issuing bank. They are going to know where the person used the card."
Tracking is conducted for four primary reasons:
- Marketing. Issuers use past purchasing patterns as a basis for offering additional products. Someone purchasing airline tickets with a credit card may get offers of airline rewards credit cards or travel-related services from the issuer or an affiliate.
- Fraud detection. Credit card companies monitor spending to detect unusual purchasing habits that could be red flags for fraud.
- Risk management. Card users who continually go over their credit limits or exhibit unusual spending habits -- such as charging large amounts of merchandise on a card they had previously rarely used -- may be at greater risk of not paying their bills or filing for bankruptcy.
- Law enforcement. Remember that TV crime show where police tracked a missing person or a killer using credit card transaction data? Law enforcement agencies can subpoena records from both the credit card issuer and the merchant to find out the time, date and place of a credit card purchase -- information that may be helpful in determining the last known location of a crime victim or suspect. The Department of Homeland Security also tracks terrorist activity by monitoring certain purchases.
Massive databases of information
Millions of credit card users receive monthly statements detailing their spending during the billing cycle: The standard information provided includes the date of a purchase, the place of the purchase, including the name of the merchant, city, state, amount of the purchase and a transaction reference number.
Every transaction processed by the card networks (Visa and MasterCard) is assigned a merchant category code (MCC), a four-digit number that denotes the type of business providing a service or selling merchandise. The MCC for pawnshops, for example, is 5933. For dating and escort services, it's 7273, and for massage parlors, it's 7297.
The MCC is used, for example, to restrict health care spending on health care-related credit and debit cards. Some health care flexible spending accounts allow users to make purchases only at pharmacies or merchants with medical-related services. Small business owners also use the codes to prevent employee abuse of company credit cards.
The MCCs, along with the name of the merchant, give credit card issuers a spyglass into cardholder spending.
'A pretty clear picture'
Stephens says the database's purchasing information can provide a pretty clear picture of credit card users. "What do they know about you? Depending on how extensively you use your credit card, they conceivably have a very clear, distinct picture of an individual. It's not only your retail purchases, but your online purchases. It can really paint a very complete picture. The stores that you shop at can paint a picture. You also may use it at a doctor's office if you pay for care with a credit card. Some people pay for their utilities with credit cards."
Depending on how extensively you use your credit card, they conceivably have a very clear, distinct picture of an individual.
|-- Paul Stephens
privacy rights expert
Federal financial privacy laws (Regulation P) prohibit credit card issuers from sharing your personal and payment information with third parties not affiliated with the issuer (except under court order or when fraud is involved). Banks must send annual copies of their privacy policies to cardholders, but the law does not govern what the issuer does with payment information internally.
It is a common industry practice to analyze the data for trends. Several issuers offer cardholders annual summaries of their spending that categorize purchasing by type of merchant and amounts spent. This information can be a handy tool to help families budget for the coming year and determine where they can cut back in spending.
"Once you use your credit card at a store, that code is tracked," says Steve Shaw, a strategic marketing manager for Fiserv, a company that develops online banking software to help financial institutions manage customer accounts. Shaw says banks are developing programs to track customer transactions and activities. The information is used to help make customer-specific offers of services. "A lot of financial institutions are trying to find more ways to generate revenue."
A rare glimpse into the details of behavioral modeling was revealed in a federal lawsuit filed by the Federal Trade Commission in June 2008 against subprime credit card marketer CompuCredit Corp. According to the lawsuit, CompuCredit used an undisclosed behavioral scoring model to track customer purchases. The company lowered credit limits on cardholders who shopped at certain establishments or used certain services, including pawnshops, massage parlors, tire retread shops, marriage counselors and bars and nightclubs.
CompuCredit agreed to a settlement that included crediting $114 million to the accounts of affected cardholders and paying a $2.4 million penalty. The company did not admit any wrongdoing in the settlement.
The recent credit crunch has placed greater emphasis on using the data to predict who may be a higher credit risk. Credit card issuers have said people living in states hard hit by foreclosures, such as Florida, Nevada and California (referred to as the "sand states") may be considered increased risks by virtue of the fact that they live there. People who shop at the same establishments where subprime borrowers shop also may be considered higher risk.
Feddis, the ABA spokeswoman, says decisions to cut credit limits based on customer behavior are based on evidence. "They don't want to risk a bad judgment that's going to lose a good customer. It's too hard to get a good customer," Feddis says. "They must have some sort of statistics that would demonstrate it's predictive -- to show that people who shop at pawnshops within six months stop paying their credit card bills."
Stephens, the privacy expert, warns of the potential fallout of using purchasing data. "One of the dangers of data mining is you're getting a little snippet of information that doesn't portray the full picture," he says. Does one purchase at a pawnshop signal a pattern of credit trouble? How many purchases qualify?
Stephens says issuers should make clear disclosures about how they use purchasing data: "We recognize that most consumers don't read privacy policies, but nonetheless, a company that is utilizing data in this fashion ought to make it quite clear that the purchase transaction history is being utilized for purposes other than billing ... that they are using it to make re-pricing decisions as well as credit line adjustment decisions."
See related: Your credit card is a tattetale
Updated: October 14, 2009
- Revoking automatic debits from your account – Auto payments can be convenient, but you have rights under the law to stop allowing access to your bank accounts if you need to ...
- Making sense of confusing credit card statements – Spotting fraud is hard when so many businesses put unfamiliar, but legitimate, names on your billing statement ...
- Rating fraud: Not all security breaches are equal – Different types of fraud have different risks involved. Knowing those risks might save you a headache ...