Visa Prohibits ‘Data Pass’ to Protect Consumer Security

Visa has taken another step in an ongoing effort to protect consumer security and confidence in the payment system by prohibiting web merchants from providing cardholder information to other companies without the consumer’s knowledge or active consent.

The misleading practice, called ‘data pass’, usually involves a consumer shopping at a familiar retailer. At checkout, the consumer receives an offer for a discount or reward and does not realise it is from a different merchant and comes with unexpected monthly membership fees or recurring charges. Such deceptive marketing can result in high levels of consumer disputes and degrades the efficiency, reliability and security of the payment system. According to a 2009 US Senate Commerce Committee staff report, 35 million consumers have paid US$1.4bn for ‘data pass’ marketing offers.

“Visa’s priority is protecting our cardholders and the integrity of the electronic payments system. Consumers who shop online using their Visa cards should be confident that they will only be charged for the products and services they legitimately intend to purchase – not those that are foisted on them through deceptive data pass schemes,” said Martin Elliott, senior business leader, US payment system risk, Visa.

Visa’s rules already prohibit merchants from sharing a cardholder’s account number and other Visa transaction information with any entity that is not directly involved in completing the transaction, preventing fraud, or as required by law. To address the data pass practice, merchants will now have to prompt consumers to re-enter their card information to accept a subsequent offer from a third-party merchant. This provides a clear signal to cardholders that a second purchase is being initiated and protects them from questionable marketing practices.


Related reading