Customers accuse Mastercard of violating their privacy
Mastercard Inc., the global credit card company headquartered in Purchase, has been accused of violating privacy laws by selling customers’ personal information.
Plaintiffs in California, Illinois, Ohio, Puerto Rico and South Dakota are demanding that Mastercard stop selling mailing lists with their names without their permission, in five identical class action lawsuits filed Nov. 30 in U.S. District Court in White Plains.
“Mastercard has sold and rented (and continues to sell and rent) these lists on the open market to anyone willing to pay for them,” the complaints state, including to “data miners, aggregators, appenders, cooperatives and aggressive marketing companies.”
A Mastercard spokesman rebutted the charges in an email response to a request for the company’s side of the story.
“There is no truth to the claims,” said Seth Eisen, senior vice president of communications. “The fact is that we do not share or sell individual transaction data, ever.”
Mastercard is a $316 billion company, by market capitalization, that booked $17.8 billion in revenue in the past year from processing credit card and debit card transactions and from other services.
It sells mailing lists, the complaints state, that contain customers’ names, addresses, age, gender, religion and types of purchases.
The Mastercard Audiences Mailing List has more than 31 million names, according to a promotional flyer included as an exhibit with each complaint. The database includes 12.5 million email addresses and 18.8 million Facebook users and “gives marketers the ability to target any consumer audience via email, Facebook and direct mail.”
The base list sells for $110 per thousand names and the email list sells for $150 per thousand.
For $165 per thousand names, the complaints allege, anyone could buy the names and addresses of Christian women over the age of 50 who live in a specific state, earn more than $100,000 a year, and bought plane tickets with a Mastercard in the past six months.
The mailing lists allegedly violate state and territory right to privacy laws that prohibit the use of a person’s name or likeness without the person’s consent.
“Mastercard profits handsomely from the use of its customers’ names, likenesses and other personal identifying attributes,” the complaints state, “at the expense of its customers’ statutory rights of publicity.”
Eisen responded that Mastercard takes privacy and data responsibilities seriously. It complies with all local regulations, he said, and applies the high standards of the European General Data Protection Regulation to everyone wherever they live.
“And despite any allegations in the filing,” he said, “there is not and never has been a relationship between our company and the list brokers named.”
Violations of state and territory privacy laws can cost from $750 per violation to $100,000, depending on where one lives, according to the complaints.
The plaintiffs are asking the court to certify their complaints as class actions for all Mastercard customers, potentially ranging from tens of thousands of individuals in Puerto Rico to millions in California.
The plaintiffs include: James Sanborn, Tulare County, California; Carol Anderson, McDonough County, Illinois; Shaunna Diedling, Hamilton County, Ohio; Pedro Caro Rivera, Puerto Rico; and Lorraine Kenter, Beadle County, South Dakota.
They are represented by Manhattan attorneys Thomas L. Laughlin and Jonathan M. Zimmerman and Miami attorneys Arun G. Ravindran and Frank S. Hedin.