Advertisement

The little-known credit card program that lets companies share your information

Credit cards are displayed in Montreal, Wednesday, December 12, 2012. A Winnipeg man is sounding the alarm on a program which lets credit card companies share your credit card information with merchants. THE CANADIAN PRESS/Ryan Remiorz. ryr

A Winnipeg man is sounding the alarm on a little-known program which allows credit card companies to share card information without its holders knowledge.

Larry Wiebe was about to hit the “order” button on Amazon when he realized the credit card number linked to his account weren’t his usual digits.

He was waiting on a replacement card after misplacing his Mastercard, and, when his new plastic came in the mail the next day, he noticed those numbers matched the ones on his Amazon account.

“Amazon had my credit card number before I did,” he told 680 CJOB’S The Start.

The information on Wiebe’s online shopping account didn’t include a CVV or an expiry date so he didn’t feel like he was , but the experience hasn’t sat right with him.

Story continues below advertisement

“It’s a little unnerving, honestly, he said.

Click to play video: 'Tips to avoid credit card scams and fraud this holiday season'
Tips to avoid credit card scams and fraud this holiday season

Mastercard and other major card companies have automatic billing update programs which allow merchants to pull updated account information from cardholders who use their service.

Get the day's top news, political, economic, and current affairs headlines, delivered to your inbox once a day.

Get daily National news

Get the day's top news, political, economic, and current affairs headlines, delivered to your inbox once a day.
By providing your email address, you have read and agree to Global News' Terms and Conditions and Privacy Policy.

Mastercard’s website promotes the program as convenient for customers and a way to avoid missed payments for vendors.

A cybersecurity expert said he’s never seen anything like Wiebe’s situation happen before.

“I’m perplexed here,” said Ritesh Kotak, a tech and cybersecurity strategist.

The only rational explanation Kotak has as to how it could have happened is if Wiebe’s credit card information was used once and stored on a browser, but it still doesn’t explain why a bank would dole out cardholder information with a third party in the first place.

Story continues below advertisement

“Banks should not be sharing your credit card information with any vendor, period.”

Mastercard’s website says they don’t share customer information, but do give merchants access for it if requested through the ABU program.

Kotak said there are checks and balances in place to keep credit card information secure, including the need for companies to be Payment Card Industry compliant to save card numbers and expiry dates.

Yet, the automatic updates without notice don’t sit well with him.

“This should not be happening and if it is, this is extremely problematic,” he said.

When Wiebe contacted his bank about the automatic update, they explained a number of selected vendors have access to replacement card information — but didn’t explain why they allow that.

The experience made the man be a bit more speculative of how sensitive information gets shared online, he said.

“There’s all sorts of information – you know, protect your credit card, and your pin and all that sort of thing.

“But obviously, in the background, there’s more going on than one probably realizes.”

Click to play video: 'Winnipeg man charged in alleged credit card fraud, money laundering scheme'
Winnipeg man charged in alleged credit card fraud, money laundering scheme

Sponsored content

AdChoices