@resist1984 The vendors I buy from could only transfer the special mail address I created for them, which states the vendor in the user part (while the domain part is all mine). So if they do and I receive spam, I can set my mail provider to delete every mail to that address. Profiling is harder that way. But if offered, I use Giropay which I'm afraid again is a European specialty: Vendor directs me to my bank, I login, order the transfer, and my bank confirms to the bank that the order has been submitted successfully and will be executed. No login data, no password, no check code or any personal or secret data is transferred between vendor and bank.
@mupan And when they do, they could change the keyword so that I wouldn't know if it was the credit bureau who leaked it. I like knowing who leaks my address. So I supply banks with a manually generated address. It's more work but I know they will share it. But I prefer not to do that for every shop, so I use on-the-fly addresses for shops, hoping that they won't share with the banks.
@mupan Hence my question. I think they only share with banks information that is used for verification, which I believe is just shipping address.