Research and Statistics

What electronic payments reveal about you to lenders


Credit card issuers have access to a wealth of information about where you shop, how much you spend and how often. Increasingly, they use that data to change your access to credit.

The content on this page is accurate as of the posting date; however, some of our partner offers may have expired. Please review our list of best credit cards, or use our CardMatch™ tool to find cards matched to your needs.

Editor’s note: See updated version of this article: What you buy, where you shop can affect your credit

Think of it as an electronic bug in your wallet.

Every time you make a purchase on a credit card or debit card, a record of that transaction is logged into a database of information collected by your credit card issuer.

In exchange for the convenience of using plastic, you also give up something some people hold dear — privacy. Many privacy experts warn that consumers should be mindful of what they buy with plastic.

How much do credit card issuers know about your purchases? What can they legally do with the information?

Privacy questions

“Obviously that is something that most credit cardholders are not going to think about,” says Paul Stephens, director of policy and advocacy for the Privacy Rights Clearinghouse, a San Diego-based privacy rights groups.

“They’ve obtained a credit card and think they can go out and use it in any way they like.”

Have you used your credit card at merchants specializing in secondhand clothing, retread tires, bail bond services, massages, casino gambling or betting? Your credit card issuer may be taking note — and making decisions about your creditworthiness based on your purchasing behavior.

The reason: Buying used clothing or retread tires may be an indication of financial distress and a preamble to missed credit card payments or defaults.

Increasingly, issuers tightening lending standards are using purchasing data as a basis for increasing interest rates, reducing credit limit or both on customers considered more risky by virtue of where they shop or what types of goods and services they buy.

Experts say cardholders concerned about keeping purchasing habits private or avoiding credit score dings should consider using cash or gift, stored value or prepaid debit cards.

Shopping at large supermarkets or wholesale clubs — which offer a variety of product lines — may also keep some purchases private.

Other tips: Spread purchases that may indicate risky behavior over several credit cards to avoid triggering an alert for a single issuer.

“Cash is the ultimate privacy protector,” says Stephens. “It’s kind of hard to trace. Most other payment mechanisms there is going to be a trail.”

But avoiding credit cards for the sake of privacy may present a quandary for some users: If they had the cash to pay for an item, they wouldn’t need a credit card.

For others, the convenience of using a credit card over other payment methods far outweighs the potential privacy concerns.

Mining for data

Known by a number of terms in the industry, including behavioral modeling, data mining and psychographic behavior analysis, the practice of mining internal credit card issuer databases for customer spending trends and other patterns is not new. Issuers have been analyzing data perhaps since the first credit cards were issued.

Representatives from the four top credit card issuers — Bank of America, Citi, Chase and Wells Fargo — declined to discuss details of how they use purchasing data internally. Many consider this highly proprietary information.

A spokeswoman from a banking industry trade group acknowledged that the practice is common.

Tracking credit card purchases with merchant category codes (MCC)
  • Here’s a sample of the electronic payment tracking codes assigned to different types of merchants:
  • 4900  Bail and bond payments
  • 5300  Wholesale clubs (Costco, Sams, etc.)
  • 5411  Grocery supermarkets
  • 5532  Automotive stores
  • 5698  Wig and toupee stores
  • 5813  Drinking places (bars, nightclubs)
  • 5814  Fast-food restaurants
  • 5912  Drugstores and pharmacies
  • 5921  Packaged beer, wine and liquor stores
  • 5931  Used and secondhand stores
  • 5933  Pawnshops
  • 5944  Jewelry, watches, clocks and silverware stores
  • 7251  Shoe repair shops
  • 7273  Dating/escort services
  • 7277  Counseling services (debt, marriage, personal)
  • 7297  Massage parlors
  • 7393  Detective agencies
  • 7534  Tire retreading and tire repair
  • 7995  Betting/casino gambling establishments
  • 8011  Doctors
  • 8062  Hospitals
  • 8099  Medical services
  • 8351  Child care services
  • 8651  Political organizations
  • 9211  Court costs (child support and alimony payments)
  • A complete MCC list can be found on the IRS website.

“The issuing bank has the date of transaction, name of the merchant and the amount of the transaction that allows them to process that transaction,” says Nessa Feddis, senior counsel and vice president of the American Bankers Association.

She says specific information about items purchased (that you bought a gallon of milk, for example) is not included in the data transferred from the merchant.

“As a general rule, the specific transaction information is not transmitted to the issuing bank. They are going to know where the person used the card.”

Keeping track

Tracking is conducted for four primary reasons:

  • Marketing.
    Issuers use past purchasing patterns as a basis for offering additional products.Someone purchasing airline tickets with their credit card may get offers of airline rewards credit cards or travel-related services from the issuer or an affiliate.
  • Fraud detection.
    Credit card companies monitor spending to detect unusual purchasing habits that could be red flags for fraud.
  • Risk management.
    Card users who continually go over their credit limits or exhibit unusual spending habits — such as charging large amounts of merchandise on a card they had previously rarely used — may be at greater risk of not paying their bills or filing for bankruptcy.
  • Law enforcement.
    Remember that TV crime show where police tracked a missing person and a killer using credit card transaction data?Law enforcement agencies can subpoena records from both the credit card issuer and the merchant to find out the time, date and place of a credit card purchase — information that may be helpful in determining the last known location of a crime victim or suspect.The Department of Homeland Security also tracks terrorist activity by monitoring certain purchases.

Massive databases of information

Millions of credit card users receive monthly statements detailing their spending during the billing cycle: The standard information provided includes the date of a purchase, the place of the purchase, including the name of the merchant, city, state, amount of the purchase and a transaction reference number.

Every transaction processed by the card networks (Visa and MasterCard) is assigned a merchant category code (MCC), a four-digit number that denotes the type of business providing a service or selling merchandise.

The MCC for pawnshops, for example, is 5933. For dating and escort services, it’s 7273, and for massage parlors, it’s 7297. (SeeMCC list).

The MCC is used, for example, to restrict health care spending on health care-related credit and debit cards. Some health care flexible spending accounts allow users to make purchases only at pharmacies or merchants with medical-related services. Small business owners also use the codes to prevent employee abuse of company credit cards.

The MCCs, along with the name of the merchant, give credit card issuers a spyglass into cardholders’ spending.

‘A pretty clear picture’

Stephens says the database’s purchasing information can provide a pretty clear picture of credit card users. “What do they know about you? Depending on how extensively you use your credit card, they conceivably have a very clear, distinct picture of an individual.

“It’s not only your retail purchases, but your online purchases. It can really paint a very complete picture. The stores that you shop at can paint a picture. You also may use it at a doctor’s office if you pay for care with a credit card. Some people pay for their utilities with credit cards.”

Federal financial privacy laws (Regulation P) prohibit credit card issuers from sharing your personal and payment information with third parties not affiliated with the issuer (except under court order or when fraud is involved). Banks must send annual copies of their privacy policies to cardholders, but the law does not govern what the issuer does with payment information internally.

It is a common industry practice to analyze the data for trends.

Several issuers offer cardholders annual summaries of their spending that categorize purchasing by type of merchant and amounts spent. This information can be a handy tool to help families budget for the coming year and determine where they can cut back in spending.

What they track
Credit card issuers must state their privacy policies regarding personal information of customers. Here’s what a few of the major credit card issuers say about tracking purchases:

Bank of America’s policy discloses that it collects information about “account usage.”

Chase reveals, “Once you have been issued a card, we get information about you from the ways in which you use your card.”

According to Citi’s policy, personal information it collects and may disclose includes “information about your transactions, such as your account balances, payment history, and account activity.”

“Once you use your credit card at a store, that code is tracked,” says Steve Shaw, a strategic marketing manager for Fiserv, a company that develops online banking software to help financial institutions manage customer accounts.

Shaw says banks are developing programs to track customer transactions and activities. The information is used to help make customer-specific offers of services. “A lot of financial institutions are trying to find more ways to generate revenue.”

A rare glimpse into the details of behavioral modeling was revealed in a federal lawsuit filed by the Federal Trade Commission in June 2008 against subprime credit card marketer CompuCredit Corp.

According to the lawsuit, CompuCredit used an undisclosed behavioral scoring model to track customer purchases. The company lowered credit limits on cardholders who shopped at certain establishments or used certain services, including pawnshops, massage parlors, tire retread shops, marriage counselors and bars and nightclubs.

CompuCredit agreed to a settlement that included crediting $114 million to the accounts of affected cardholders and paying a $2.4 million penalty. The company did not admit any wrongdoing in the settlement.

Risky behavior?

The recent credit crunch has placed greater emphasis on using the data to predict who may be a higher credit risk.

Credit card issuers have said people living in states hard hit by foreclosures, such as Florida, Nevada and California (referred to as “the sand states”) may be considered increased risks by virtue of the fact that they live there.

People who shop at the same establishments where subprime borrowers shop also may be considered higher risk.

Feddis, the ABA spokeswoman, says decisions to cut credit limits based on customer behavior are based on evidence. “They don’t want to risk a bad judgment that’s going to lose a good customer. It’s too hard to get a good customer,” Feddis says.

“They must have some sort of statistics that would demonstrate it’s predictive — to show that people who shop at pawnshops within six months stop paying their credit card bills.”

Shopping and credit cards
Shopping and credit cards

Don’t allow a convenience to become a curse. If you frequently purchase with plastic, offers useful tips to help you become a savvier shopper.

Stephens, the privacy expert, warns of the potential fallout of using purchasing data. “One of the dangers of data mining is you’re getting a little snippet of information that doesn’t portray the full picture,” he says. Does one purchase at a pawnshop signal a pattern of credit trouble? How many purchases qualify?

Stephens says issuers should make clear disclosures about how they use purchasing data: “We recognize that most consumers don’t read privacy policies, but nonetheless, a company that is utilizing data in this fashion ought to make it quite clear that the purchase transaction history is being utilized for purposes other than billing … that they are using it to make re-pricing decisions as well as credit line adjustment decisions.”

To comment on this article, write to:

See related: What you buy, where you shop can affect your credit, Interactive: Shopping your way to good credit, FTC: ubprime credit card marketer must repay $114 million, Fed report: Banks continue to tighten lending standards, The credit card-terrorism connection, Comparing health care credit options

Editorial Disclaimer

The editorial content on this page is based solely on the objective assessment of our writers and is not driven by advertising dollars. It has not been provided or commissioned by the credit card issuers. However, we may receive compensation when you click on links to products from our partners.

What’s up next?

In Research and Statistics

Regulators finalize sweeping credit card rule reforms

Federal regulators approved the most sweeping credit card industry reforms in nearly three decades, limiting interest rate hikes on existing credit card balances

See more stories
Credit Card Rate Report
Cash Back

Questions or comments?

Contact us

Editorial corrections policies

Learn more