The form doesn't require any sort of authentication, so I imagine someone could write a script to submit all (or a large portion of) the set of card numbers to this API. Might need to work around rate limiting and so on, but seems feasible?
Here's an equivalent form for MasterCard: <a href="https://www.mastercard.us/en-us/vision/corp-responsibility/commitment-to-privacy/privacy/data-analytics-opt-out.html" rel="nofollow">https://www.mastercard.us/en-us/vision/corp-responsibility/c...</a>
My favorite visa data to sell/buy is airfares. Visa gets the airport code of your departure and arrival, so you can group people into like “visiting Florida during the first week of June”. Or “flys to the Bahamas very often”.<p>Good stuff.
To verify that this is a legit site:<p>Go to: <a href="https://usa.visa.com/legal/global-privacy-notice/additional-privacy-information.html" rel="nofollow">https://usa.visa.com/legal/global-privacy-notice/additional-...</a><p>Then click on: “Visa Products & Services: How does Visa use personal information to benefit consumers and businesses?”<p>Then scroll to the bottom of that section and you’ll see the VAS link: ”U.S. cardholders can opt out of Visa using their card transaction data for VAS.” where you can opt out.<p>iPhones will auto capitalize text in the capatcha box, so make sure the text is all lowercase.
What would be better is if the US had (does it?) a nation-wide law requiring explicit opt-in, as opposed to having to opt out of surveillance. Small steps forward.<p>Also, does this form really amount to anything other than "we promise we won't spy you that much?" Are banks audited in this regard, or are they subject to the same non-existent regulations as the Sillycon Valley surveillance?
Sometimes I wonder how certain deals show up as website advertisements and recommendations. Certain blog posts or forum posts appear magically in my search result knowing what I was planning for. Deals and YouTube recommendations also seemed coincidental. Now I know that my debit card has been also leaking my purchase patterns and location. I better add more hosts to my Raspberry Pi-Hole.
Why does the cert say Cloudflare and not Visa?<p>It says "Verified by: Cloudflare, Inc." AND <i>Organization</i> is also Cloudflare, Inc.<p>Shouldn't the Organization be Visa?<p>How do I know that this is Visa?<p>Genuinely curious since I've not seen certs like this..
> your opt out will be honored for five years. After five years, you will need to resubmit your card number.<p>This requirement seems very easy to abuse. Annoying and inconveniencing users into submission already works wonders, people accept all kinds of EULAs, cookie conditions and privacy policies. I wouldn't want expiring user choices to become another tool in this arsenal.
>U.S cardholders may opt out of Visa<p>So is the rest of the world not covered by this data collection effort or are they just denied the opportunity to opt out at all?
So where do I go to see my profile and data? I got a kick out of requesting my lexis nexis profiles - which eventually resulted in two very large packets of paper (several hundred pages) arriving in the mail.
Pet peeve: Why do they use subdomains (marketingreportoptout.visa.com), thus making it a bit easier for the scammers to register similar domains?<p>marketingreportoptout-visa.com is still available for any scammer to register. It costs Visa (or anyone) less than $200 to register it for 10 years. Can't they at least register these very obvious domains?<p>How difficult is it to use URLs like this?
visa.com/marketingoptout
visa.com/links
This website doesn't seem to be ADA compliant. There's a CAPTCHA, but no audio option. I guess blind people have to stay in that database, whether they want to or not.
It should be illegal for this to use an opt-out approach rather than opt-in. If it's my data, you should be legally required to pay me to use it, at the price I demand, or not use it at all. Only with my consent, and not at the threat of not receiving service should I decline.
Are Visa/MC really able to store and use data for that purpose wrt to e.g the GDPR? Advertising/marketing certainly isn’t necessary for what they are doing so it would be requiring specific consent?
Is it just opt out once forever or do you have to "opt out" each time they update and send you a new card holder agreement? Who has the discipline to read each packet Visa sends you every few months and re-opt out each and every time? Out of pure attrition, I'm guessing 99% of their customers will eventually be "opt-in".<p>Besides, considering that Visa, Mastercard, etc are all headed toward "data and AI" model, it's not going to matter ultimately. The entire business world is going towards collecting data and selling your data.<p>Isn't data the "new oil"?
So all I need to do is provide my full credit card number in this random page and then it'll opt me out?<p>And this was somehow brought to the front page of Hacker News?<p>This is a very low effort scam. At least put in some effort beyond your dozen shadow accounts on HN.