If someone pays by credit card for an online order, do vendors normally disclose the customer's email address to the bank (who might then share it with the credit bureaus)? I think my credit report only shows email addresses that I've directly given to banks.
@mupan I do something similar. I use a forwarding acct. Some forwarding accounts us on-the-fly address generation, and some use manually generated ones. On-the-fly addresses are the most convenient, but they always show a username either to the left or right of the "@". Spam control is decent, but the username exposure means anyone with access to my credit file can reach me by email.
@mupan And when they do, they could change the keyword so that I wouldn't know if it was the credit bureau who leaked it. I like knowing who leaks my address. So I supply banks with a manually generated address. It's more work but I know they will share it. But I prefer not to do that for every shop, so I use on-the-fly addresses for shops, hoping that they won't share with the banks.
@mupan Hence my question. I think they only share with banks information that is used for verification, which I believe is just shipping address.
@resist1984 correction of course: ... my bank confirms to the _vendor_ ...
@resist1984 I wouldn't feel too secure thinking that.
Corporate databases are an incestuous web - many monetize them and sell info to each other if they can.
I 'make up' valid email addresses and it's often interesting to see how far they get before I blackhole them.
If I see an email adressed to e.g. walmart@mydomain coming from sales@fordmotor.com, I know they sold me out.
@gemlog The 1st question is whether the merchant shares the email address with the bank in the course of a purchase transaction, which would perhaps make the data reliable for the bank to share it with a credit bureau. If the data takes another path, like being sold to data miners, then the bank doesn't even matter (the credit bureau can buy it directly)
@gemlog but then the question is, would the credit bureau buy possibly unreliable data like that and add to consumer files for reporting?
@resist1984 I watched the phone company hand out my address, so I'm guessing the credit bureau might trust them as a 'partner'? I used to put non-existent apt numbers with my house address.
I don't know all the webs that exist between corporations, but I do know that the 'lists' don't get any more credible as they get sold on and neither do those trying to use them for marketing.
@gemlog Part of the problem is that all US credit bureaus are currently violating the FCRA law which requires them to disclose the sources of info they obtain. They comply w.r.t. account history, but they never tell consumers where they got the contact info. The penalty is $1k, but no one has been able to successfully sue the credit bureaus b/c plaintiffs still must prove damages.
@resist1984 You could just wait for Equifax to leak it? JK :-)
Seriously, I don't even know the rules for canada, never mind the usa, but I don't doubt that they are skirted and ignored.
@resist1984 The vendors I buy from could only transfer the special mail address I created for them, which states the vendor in the user part (while the domain part is all mine). So if they do and I receive spam, I can set my mail provider to delete every mail to that address. Profiling is harder that way. But if offered, I use Giropay which I'm afraid again is a European specialty: Vendor directs me to my bank, I login, order the transfer, and my bank confirms to the bank that the order has been submitted successfully and will be executed. No login data, no password, no check code or any personal or secret data is transferred between vendor and bank.