from Hacker News

Ask HN: Since when can merchants correlate card transactions?

by zvolsky on 11/1/23, 7:54 PM with 4 comments

I recently paid with my MasterCard debit card in a store run by Amazon, and Amazon correlated this transaction with a card in my online account to send me an email with the receipt.

I'd always assumed that the only party who can correlate transactions made with the same card is the card issuer.

Is this capability a feature introduced by EMVCo tokenization, or is it made possible by some earlier protocol?

by DamonHD on 11/1/23, 8:07 PM
If you showed the same card to two different tenticles of Amazon, why would you not expect it to look up that unique identifier centrally?
(This may be of dubious legality under GDPR.)