Georgijevic/ E+/ Getty Images

Legal, Regulatory, and Privacy Issues

Credit card issuers watch online how you shop, customize offers


Shopping online for a credit card? Some issuers have begun to use high-tech marketing techniques to vary their offers based on what they think they know about you from your online behavior.

The content on this page is accurate as of the posting date; however, some of our partner offers may have expired. Please review our list of best credit cards, or use our CardMatch™ tool to find cards matched to your needs.

Many of the nation’s top credit card companies are now using high-tech marketing techniques that let them change their online offers on the fly, based on shoppers’ surfing habits.

That means that you and a friend across town, who happen to have identical credit records, might see different offers at the same card site at the same time. Although that might seem odd, card companies say it’s part of a strategy to offer deals better suited to each individual.

Sometimes the discrepancies result from random test marketing. But sometimes the offers are different because the websites are tailoring information based on what they think they know about you.

Like other companies that do business on the Internet, card issuers are trying to strike a balance between personalizing their sites and protecting users’ privacy. On one hand, they want to offer you products that interest you. For instance, they’d like to pitch travel rewards cards to frequent travelers. But at the same time, they say, they don’t want to creep people out by making pitches too personalized, even though technologies are advancing that might help them make educated guesses about your income and interests based on your Internet habits.

“Over the past 12 to 24 months, the infrastructure for tracking on the Internet has gotten way, way more sophisticated,” says Rob Shavell, co-founder of Abine Inc., a Cambridge, Mass., company that develops privacy software.

Some tech companies, he says, now compile databases on individuals’ Internet histories, cross-reference that against other sets of data, then use algorithms to predict what kind of products people might buy. The instant someone visits a Web page, data about the visitor can be quickly exchanged, and the host site could use the information to personalize offers.

At the request of, Abine analyzed 10 of the top U.S. card issuers to see if their websites employed technologies that could be used to acquire detailed information on visitors to those sites. Abine looked for the presence of “cookies,” bits of information a website puts on your computer to remember you in future visits, as well as the use of what are known as “third-party calls” — or the exchange of information about you with an outside website.

The results found that nine of the 10 card companies exchanged information with at least one outside website, and all 10 placed cookies on a visitor’s computer. Discover exchanged information with the most outside sites (11) and placed the most cookies (21).

Discover’s experimentation

Anas Osman, Discover’s vice president of new card member acquisition, acknowledges that visitors to Discover’s site might see different card offers with different rates. Much of that, he says, springs from randomized testing to determine what offers visitors find most appealing.

He says Discover has dabbled with using detailed information compiled by outside companies about potential customers, but that it has abandoned that approach. “We generally found that the data that was being offered was not sufficient to make a good enough prediction” about what offers customers like, he said.

Instead, Discover uses more limited data to tailor its website to you, such as what browser you use and where your computer is. For instance, if you’re using a computer from an .edu domain, you’re more likely to see a student credit card as the main offer on Discover’s site, Osman says.

“Our goal is to make sure the website is as user-friendly as possible,” he says. Regardless of the main offer, all of Discover’s offers are available on its site.

As to why Discover employed the most cookies and checks with outside websites, Osman says those are largely done to track users’ activities on Discover’s site and to trace Discover ads users see on other sites.

Capital One, which Abine said had the second-highest number of checks with outside Web pages, says it, too, is seeking to personalize the experience, and that sometimes results in different lead offers. Spokeswoman Pam Girardo says it’s an extension of what card companies have done over the years with direct mail: They don’t send you a catalog but rather an offer for a particular card based on available information.

“While we suggest products that we believe will be of interest to our visitors, we do not limit their ability to easily explore all products available on our site,” she said in an e-mail.

She says Capital One does not use data captured from other sites in targeting offers.

Like Discover, Capital One makes credit decisions based on traditional methods — application, credit check — not on Internet data, she says. Both companies say they do not use personally identifiable information for marketing and that they comply with banking laws and their own privacy policies.

Same card, different rates first noticed differences in offer rates on cards several months ago, when compiling information for its Weekly Rate Report. The report examines rates on 100 of the most popular credit cards, and nearly every week, researchers double-checking data noticed different rate offers on one or two cards. For instance, researchers one day in mid-December found both a 13.24 percent and a 12.24 percent interest rate on the Chase Sapphire card, depending on who was looking up the rates.

Chase, which ranked No. 2 in Abine’s study for placing cookies on visitors’ computers, declined to discuss the technology it uses. “Because we consider that information to be proprietary, and for competitive reasons, I cannot share details on this topic,” spokeswoman Gail Hurdis said via e-mail.

Julie Conroy McNelley, senior risk and fraud analyst with Aite Group, a research and advisory firm, says card companies are still in the early stages of figuring out how technologies that were developed to fight fraud might be used for marketing.

“Any data is going to be of value,” she said. “The degree to which it is of value is still being tested.”

Device fingerprinting, link analysis

Two of the major technologies, she says, are device fingerprinting, which gives companies information on the computer you’re on, and link analysis, which looks at correlations between you and other people.

Still, card companies are rightfully cautious of acquiring too much personal data, she says.

“If companies start using it for marketing purposes, there is the potential that people will view that as an invasion of privacy, and the companies might start getting regulated,” she says.

Shavell, the privacy software company’s co-founder, says there are two steps people can take to limit what companies know about their habits.

  • First, opt of out targeted ad networks that link ads to your browsing behavior. The biggest of these is at
  • Second, he advises deleting your Internet history and cookies through your browser.

Taking those steps will better safeguard your privacy, though it’s luck of the draw whether clearing your cache will save you some cash by yielding a better offer.

Be aware that if you delete your cookies, sites are less likely to show you material that interests you, and you’ll have to type passwords in manually.

Says Discover’s Osman: “You can use our site without cookies, but it will be a less rich, less rewarding experience.”

How credit card issuers gather, exchange data about you online
Card issuerNumber of outside websites contacted1Number of cookies placed2
Capital One99
American Express73
Bank of America38
Wells Fargo16
U.S. Bank04
1This is the number of third-party websites the card issuer’s main site contacts when you go to that page. That indicates the company is exchanging information about you, which could be used to personalize offers and track advertising.
2This is the number of cookies, or bits of information for future use, placed on your computer when you visit the site. Cookies help sites understand your browsing history and also store passwords for convenience.Source: Abine Inc. for Figures were gathered in early December. 

See related:  Implantable credit card RFID chips: convenient, but creepy, What will credit cards look like in 25, 50 or 100 years?


Editorial Disclaimer

The editorial content on this page is based solely on the objective assessment of our writers and is not driven by advertising dollars. It has not been provided or commissioned by the credit card issuers. However, we may receive compensation when you click on links to products from our partners.

What’s up next?

In Legal, Regulatory, and Privacy Issues

The Magnificent 7: Where state laws get you extra free credit reports

Everyone loves a freebie, so residents of seven states may be happy to know that state law grants them a free extra copy of their credit report every 12 months.

See more stories
Credit Card Rate Report
Cash Back

Questions or comments?

Contact us

Editorial corrections policies

Learn more