What data does a retailer get about you when you pay with your debit/credit card? Can they identify you and track your purchases over time with it? Are they even allowed to use that payment data for tracking and advertising purposes?
I often see cash promoted as the most private payment option, but my threat model doesn’t include protecting myself from my bank or credit card issuer seeing my transactions. I just want to protect myself from stores logging everything I purchase and tying it to my identity.
The problem here is that banks will share or “sell” this data with others. Believe me, I once professionally worked on a B2B product where analyzing banking transactions was needed for the product and the bank in question sold this data to my employer who was an analytics company.
Yeah, then you need to transact in cash as much as possible.
To to answer your first couple of question - yes. Anything you imagine that can be done, is more likely than not being done to track and keep records for your transactions to be used to continue to be monetized. Yes, they are allowed to because banks have all sorts of clauses you “agree” to when you sign up with them for your accounts.
The retailers likely don’t get much at all from our credit/debit cards. Why else would they push customer rewards cards/accounts that we have to present to get a sale price or deal?
Retailers can also push us to use their own credit accounts that earn points or have sale perks and such.
Check out some of the discourse under this thread, which is so useful that it’s one of my few bookmarked discussions
TL;DR: if you have a Visa or MasterCard, your name is almost never validated, nor oftentimes is your address outside the numeric digits. This allows you to use fake information to poison any analytics, trusting retailers with very little PII that can get linked back to you without bank cooperation
This is more applicable for online purchases. I do not know what information is encoded on standard NFC/tap or swipe transactions in-store