The ability to provide offers or ads targeted to the right person at the right place and at the right time may get a little easier.  Not content with simply being a brand behind payments, MasterCard and Visa are pushing into the targeted ads and offers business.  Such marketing tactics require careful structuring in order to comply with consumer privacy protections under the Gramm-Leach-Bliley Act (“GLBA”) and the Fair Credit Reporting Act (“FCRA”).

A recent Wall Street Journal article (subscription required) discusses the companies’ plans to build service offerings to link the vast amounts of payment card transaction data they have with other personal data points of the cardholder, such as Internet browsing habits, social network websites, credit bureaus, insurance claims, and even DNA databanks.  Such information is generally not collected in a single database and the technology needed to correlate the disparate data points is still in development.

Visa’s plans are detailed in several patent applications that were recently published (see links below).  The patent applications lay out a blueprint for using payment card transaction data to target digital ads and personalize other content, such as search results, loyalty programs, and offers.  The applications also describe the ability to track whether or not a person ends up buying the product included in the advertisement or the offer.  There is also an embodiment discussed where the cardholder’s profile can be used to prioritize the search-engine results.

MasterCard’s plans were shared with several advertising firms earlier this year in a presentation (entitled “MasterCard Advisors Targeted Advertising Services”) that outlines its business proposal to link information about a cardholder’s purchases to other demographic and lifestyle information to assist marketers understand consumer behaviors, target ads and measure the effectiveness of ad campaigns.  MasterCard has since rethought its plans due to restrictions on the use of customer data and the company is now pursuing plans to sell marketers an analysis of anonymous, aggregated data sorted into marketing segments.

Under GLBA, however, Visa and MasterCard may not be able to share such data with non-affiliated companies for marketing purposes – for example, if they received the data in connection with processing a transaction requested by a consumer.  On the other hand, if all the data involve their own transactions, they may be able to communicate it without transforming themselves into consumer reporting agencies under the FCRA.

Visa and MasterCard are presumably proposing to use de-identified data to avail themselves of exceptions to GLBA sharing restrictions for aggregate and anonymous information.  But it appears Visa’s plans, and possibly MasterCard’s plans, may re-identify individuals by combining transaction data with outside data points.  Matching such data points is technically complex but if the companies are able to accomplish it, they could be back under the sharing restrictions imposed by GLBA.  Indeed, GLBA sharing restrictions probably caused MasterCard to “put aside” an initial proposal to link de-identified data back to individuals, and motivated it to focus on preliminary plans to sell aggregated, anonymous data in segments to marketers.  Visa’s preliminary plans to use anonymous cardholder buying histories, combined with credit bureaus and data collected from cookies may run into similar privacy problems if it identifies individual consumers.

Here are links to Visa’s patent applications: