In the end, he felt that this intruision was a feature and touted it to me as a great reason to get an Amex card. All these guys are out there protecting you.
Privacy advocates might have a different opinion.
This topic came up in a side conversation at the Internet Mercantile Protocols BOF at the last IETF. We asked ourselves why credit card companies, banks, supermarkets, etc. were so keen on selling information about us. Not surprisingly, it came down to money. The AmEx example is a great one. By noticing patterns in my purchasing, they can try to notice a stolen card via a change in purchasing patterns. In the long run, this reduces my costs as an AmEx cardholder (or increases their profits). If I told them not to keep my spending patterns, they might not notice if my card was stolen and used. The law says my personal liability is limited, but AmEx has to cover its costs somehow, through their commission or yearly fee or whatever. Same goes for the supermarket reselling my buying patterns. If they can sell information about me, my groceries are cheaper (or they make money). Selling personal information is a competitive advantage. For most people, this is more important than privacy. People here have advocated setting up a Privacy Credit Union. I think this would be a great idea, but I think that its costs would be higher than its competitors. When it comes right down to it, privacy costs money. And, as antithetical as this may seem to us, many people will opt for more money in their pocket than more privacy. Cypherpunks will bank at Privacy Trust, use their Privacy Visa card, and make transactions via anonymous digital cash whenever they can. But other people, maybe even most people, will choose the higher interest rate or the cheaper credit card. We can create technologies, and maybe even infrastructure. But we can't make people use it. My rant for the day :-) Marc