I get asked by a lot of people why Credit cards are not used as loyalty cards by local businesses? The rationale is simple, customers tend to use the same credit card most of the times at a given place, and local businesses already have the swipe data. So why not just use that data to develop loyalty programs?
The answer is in PCI DSS or Plastic Card Industry Data Security Standards (link).
PCI DSS are a set of audited standards laid down by SSC. These guidelines enforce a stringent guidelines for using, managing and purging credit card data, essentially prohibiting the loyalty program type of use-case of credit card data for merchants. All of this is backed by audits that cut the merchant off the network if they fail to comply.
Isn’t it good to know that industry has serious programs in place to protect customers privacy and financial data?