Payment network bans internet merchants from passing on customer data
‘Data pass’ practice is prohibited 
Payment card network Visa Inc says it has prohibited web merchants from providing cardholder information to other companies without the consumer’s knowledge or active consent.
Visa says its move will protect consumer security and confidence in the payment system.
The announcement comes after the US Senate Commerce Committee investigation that has highlighted controversial marketing practices by some e-commerce companies that involve transferring consumer credit and debit card information to third-party marketing firms, a process known as “data pass.”
The report by the commerce committee released in late 2009 found that three companies – Affinion, Vertrue, and Webloyalty – had partnered with several well-known e-commerce sites to enroll millions of consumers in discount club memberships using data-pass tactics that brought in over US$1bn in revenues for these firms and their partners. Many consumers were unaware they had signed up for such memberships.
Visa says the data pass practice usually involves a consumer shopping at a familiar retailer. At checkout, the consumer receives an offer for a discount or reward and does not realize it is from a different merchant and comes with unexpected monthly membership fees or recurring charges. Such deceptive marketing can result in high levels of consumer disputes and degrades the efficiency, reliability and security of the payment system. According to a 2009 US Senate Commerce Committee staff report, 35 million consumers have paid US$1.4bn for “data pass” marketing offers.
“Consumers who shop online using their Visa cards should be confident that they will only be charged for the products and services they legitimately intend to purchase – not those that are foisted on them through deceptive data pass schemes,” said Martin Elliott, senior business leader, US payment system risk, Visa Inc.
The network says its rules already prohibit merchants from sharing a cardholder’s account number and other Visa transaction information with any entity that is not directly involved in completing the transaction, preventing fraud, or as required by law. To address the data pass practice, merchants will now have to prompt consumers to re-enter their card information to accept a subsequent offer from a third-party merchant. This provides a clear signal to cardholders that a second purchase is being initiated and protects them from questionable marketing practices.
In 2009, the US Senate Committee on Commerce, Science and Transportation investigated the issue and merchants who use this practice.
The announcement follows Visa’s program launched in December with the US Federal Trade Commission and Better Business Bureau to educate consumers on deceptive marketing practices. Visa continues to aggressively enforce risk programs to identify and address merchants who use bogus marketing tactics to dupe consumers.
Democrat Senate Commerce Chairman John Rockefeller said that, while he is pleased with Visa’s efforts to curb data-pass scams, legislation is still needed to completely ban the malpractices of some ecommerce companies. He added: “In the coming weeks, I intend to introduce legislation that will address the concerns raised by the committee’s e-commerce investigation.”