>In an email statement, a spokesperson for Mastercard said the company only uses “anonymized transaction data” to gather data at the postal code level.
There are three datapoints required to reliably de-anonymize someone based on the latest research I've read. Zip code, gender, and date of birth. A payment processor by default must track date of birth. They admit to tracking by zipcode. Gender is heavily implied in this context.
In short, I'd assume that any sufficiently motivated adversary (state or corporate actor) can rip back this cloak of anonymity, but claims that it is preserved to keep you, their desired millieu to control, from getting uppity.
You're not going to pollute VISA/Mastercard without running afoul of identity theft/wire fraud charges in the United States.
Any other datasets are only going to attempt to "enrich" their own datasets with other datasets. This is why Plaid* had such a strong value proposition in spite of their completely unethical business practices.
The other big brokers of datasets out there (LexisNexus, etc...) go to incredible lengths to rake in any possible public record out there.
>In an email statement, a spokesperson for Mastercard said the company only uses “anonymized transaction data” to gather data at the postal code level.
There are three datapoints required to reliably de-anonymize someone based on the latest research I've read. Zip code, gender, and date of birth. A payment processor by default must track date of birth. They admit to tracking by zipcode. Gender is heavily implied in this context.
In short, I'd assume that any sufficiently motivated adversary (state or corporate actor) can rip back this cloak of anonymity, but claims that it is preserved to keep you, their desired millieu to control, from getting uppity.