Visa has taken a new step to protect consumer security and confidence in the payment system by prohibiting web merchants from providing cardholder information to other companies without the consumer's knowledge or active consent, as part its ongoing effort to stop deceptive marketing practices.

The misleading practice, called ‘data pass’, usually involves a consumer shopping at a familiar retailer. At checkout, the consumer receives an offer for a discount or reward and does not realize it is from a different merchant and comes with unexpected monthly membership fees or recurring charges. Such deceptive marketing can result in high levels of consumer disputes and degrades the efficiency, reliability and security of the payment system.

Visa’s rules already prohibit merchants from sharing a cardholder’s account number and other Visa transaction information with any entity that is not directly involved in completing the transaction, preventing fraud, or as required by law.

To address the data pass practice, merchants will now have to prompt consumers to re-enter their card information to accept a subsequent offer from a third-party merchant. This provides a clear signal to cardholders that a second purchase is being initiated and protects them from questionable marketing practices.

Visa credit and debit cardholders in the US are protected by Visa’s Zero Liability Policy, which protects them from any financial liability in the event of an unauthorized purchase. Visa cardholders also have the right to dispute purchases.

Martin Elliott, senior business leader in US payment system risk at Visa, said: “Visa’s priority is protecting our cardholders and the integrity of the electronic payments system. Consumers who shop online using their Visa cards should be confident that they will only be charged for the products and services they legitimately intend to purchase – not those that are foisted on them through deceptive data pass schemes.”