Mastercard and Google's potential data deal tests privacy policies

Register now

A possible card transaction data sharing agreement between Mastercard and Google is the latest stress that omnichannel payments are placing on privacy protections.

Reports of the Mastercard/Google deal follow quickly on the heels of Facebook’s recent push for banking and payments data and its history with the Cambridge Analytica debacle and Venmo potentially increasing privacy shield transaction data from prying eyes. As the pressure to monetize data in an omnichannel environment increases, so does the fear of misuse.

While online sales attribution to advertisements is rather straightforward, the challenge has become measuring the effectiveness of those ads in delivering customer sales in the physical world. As more advertising goes to the online channel, this ROI tracking challenge becomes more critical for advertisers to be able to answer.
When Google launched its store sales measurement program in 2017 it claimed it was a new product that would be able to measure store sales impact of online advertising automatically, adding its partnerships cover 70% of all credit and debit card transactions in the U.S. Since Google often tracks users’ locations via smartphones it appeared that the company might be able to determine if a banner ad led to a physical store purchase.

While Google has not named any of the partners that provide it with an aggregate total of 70% of all credit and debit card transactions in the U.S., it’s clear that with Mastercard alone as a possible partner, it would need another major network such as Visa to get that level of coverage. “Visa is not a party to the deal in question, nor do we have a similar deal with Google,” said Amanda Pires, vice president of communications at Visa.

Mastercard and Google both have privacy agreements that give consumers the ability to opt-out if they desire greater levels of privacy.

"Before we launched this beta product last year, we built a new, double-blind encryption technology that prevents both Google and our partners from viewing our respective users’ personally identifiable information. We do not have access to any personal information from our partners’ credit and debit cards, nor do we share any personal information with our partners. Google users can opt-out with their Web and App Activity controls, at any time," said a Google spokesperson in an email.

While consumers can opt-out of Google’s services for ad or location tracking, it doesn’t necessarily mean that those services are turned off. According to a recent Associated Press investigation Google tracks users' location even if you location tracking is turned off.

But could Google actually tell an advertiser that an online ad for a sweater actually converted into an offline, store sale for the advertised sweater if it was able to obtain aggregated, anonymized cardholder data? Not likely given how card transaction are processed and the data that is collected.

“I’d quickly note that the premise of what [is being] reported is false. The way our network operates, we do not know the individual items that a consumer purchases in any shopping cart – physical or digital. No individual transaction or personal data is provided. That delivers on the expectation of privacy from both consumers and merchants around the world. In processing a transaction, we see the retailer’s name and the total amount of the consumer’s purchase, but not specific items," said Seth Eisen, senior vice president of communications as Mastercard.

So even if Google had actual cardholder data, which it claims it does not, it still couldn’t tell a retailer that its online sweater ads actually delivered offline sales, since that data is not captured in the card transaction details.

While Mastercard does have a media measurement service to help merchants track the effectiveness of their advertising campaigns, it has its limits based on the restrictions it places on data sharing. “In this service, we only provide merchants and their designated service providers trends based on aggregated and anonymized data, such as the merchant’s average ticket size and sales volumes. We do not provide insights that track, serve up ads to, or even measure ad effectiveness relating to, individual consumers,” noted Eisen.

Finally, should consumers desire to opt out of data sharing agreements due to privacy concerns, this capability already exists. “We have incorporated privacy and security in the design of everything we do. And, our cardholders can opt out of data analytics at any time with a simple online submission,” said Eisen.

For reprint and licensing requests for this article, click here.
Data security E-Commerce Retailers Mastercard Google