Loyalty card wallet apps – convenient or thinly disguised data stealers (safety)

17/02/2025
By Ray Shaw
In Consumer Advice Featured

Loyalty card wallet apps abound, offering to store your loyalty and credit cards in an electronic wallet and keep them out of your physical wallet. But there is a dirty little secret: They ‘sell’ access to you, and some even steal your data.

Reader Steve wrote, “I have been using the Stocard app for a while now, so I don’t have to carry physical loyalty cards. However, the app is now owned by Klarna and wants my mobile number, which tells me I will be getting various offers”.

Note: The Stocard app is now discontinued, and you must use the Klarna app. This appears quite aggressive in wanting to know more about you. This article is about loyalty card wallets in general.

Well, Steve, you are right. Be prepared to be flooded with unwanted advertising, special offers, location-based offers, and things you may have mentioned on social media.

Let’s start with the old and true adage

If the product is free, the product is you!
I smell bacon!

There are hundreds of loyalty card wallet apps, and they all work on the same model. They collect masses of data and offer their business clients the ability to use your data to interact with you via relevant and personalised offers, location-based advertising, and client swaps to gain new business from participating businesses.

Terry White Chemmart says, “Distributing our offers on Stocard has driven a substantial increase in incremental footfall and sales to our store network and helped convert the shopper once in-store”.

Dan Murphys says, “It enables us to precisely determine when, where and how we interact with our most valuable customers”.

You might ask what’s wrong with that if it saves you money. The answer is that you stop comparing competitors’ offers and prices and become mindless sheep waiting for the next personalised offer.

What data does a loyalty card wallet collect?

The majority require a lot of data – far more than to provide the service.

Registration data: Full name, email address, phone number, gender, and age group.
If you sign in with social media like Facebook, Apple or Google, it can access your profile.
Loyalty card numbers and expiry: This also tells the apps which cards you use or don’t use. For example, if you don’t have a Chemist card, it can channel your chemist offers.
Most apps support barcode types QR, PDF417, Datamatrix & Code_128 or manual entry.
Loyalty card registration data: This data is compared to the data held by the loyalty card issuer.
Transaction data: Card use, time and location. Some cards also collect detailed receipts for what you bought.
Web tracking data: Mini or transparent pixels that track total web use and capture searches and visited pages.
Interface data: What device did you use? What is the IP address, Mac address, Advertising ID, location, and carrier?
Interaction data: How you use the offers and how long you spend reading them.
User analytics: User profiles allow for highly targeted customised advertising.
The app requires internet access.
By registering, you absolve the app vendor of any responsibility for data loss, hack attacks or even wrongdoing.
Most have the applicable law in another country, so you cannot sue them.
All have an ‘all bets’ are off in the event of a sale to another company.

Here is an article on how most work.

How do loyalty card wallet apps make money?

Registration/setup fee from a loyalty card provider
Percentage of sales and often the credit card gateway
Overrides for performance in converting click-through to sales
Advertising campaign charges
Testing consumer loyalty through competitive offers
Sale of data (whether anonymised or not)
Introducing new services, including push notifications and SMS to phones.

Alternatives

These trusted apps support NFC, which should work if you are offline (transaction limits may apply).

Apple users can use Apple Wallet. It supports many loyalty cards and tries to get you to use Apple Pay. A list of banks is here. The only real benefit is that you probably trust Apple more than a Loyalty Card wallet app.

Our strongest recommendation is that Apple users use the Barcodes app. It stores all information on the phone (in the on-device vault and in your iCloud sync). It can add any barcodes (Aztec, PDF417 or QR), loyalty cards, reward cards, gym membership tags, and even screenshots of cards in one place.

The app has no privacy policy, as it does not collect any data and only needs camera access to scan cards. While it has no tracking, it integrates with Apple Pay and Wallet and warns that Apple/Siri knows all! A perpetual license costs US$14.99.

Google Android users can use Google Wallet, which is similar to Apple Wallet. Like Apple, Google knows what you do, but that is far safer than an unknown app. The bank list is here.

Samsung users can use Samsung Wallet. It works with Samsung Pay, which is not as broadly featured as Google Pay.

We cannot recommend ANY other Android wallet apps as they mostly seem to be from Asia and have poor privacy policies. If you go this route, please use a PAID app, not a free one.

CyberShack’s view: Are Loyalty Card wallet apps safe?

Apart from the above, absolutely, positively, not if you have even a skerrick of respect for your privacy. For starters, you give your information twice. First, to the merchant you likely trust. Second to a ‘faceless’ loyalty card wallet app that you have no clue about its pedigree or what it does with your data.

These are as bad as using price comparison websites like Compare the Market – Meerkats are clever marking, but that’s all, and Members-only pricing may not be illegal, but it is damned irritating.

I have two loyalty cards – Flybuys and Everyday Rewards. I get mercilessly spammed with food, drink, travel, insurance, marketplace, health and other offers. To escape the tsunami I use a junk email account, and you should too. Older membership/points cards like Qantas, Virgin, Myer and David Jones were purely store cards in their day but have morphed into loyalty cards and become bloody annoying.

My wife has about 10 store loyalty cards and receives an average of between 30-50 emails and SMS a week!

Yet my friends have dozens, if not hundreds, of loyalty cards from chemists, fast food, fashion, and more that generate electronic hectares of spam. Some of those cards gamify the loyalty experience so that the more you use them, the more you get special offers, a.k.a., the more food the pig eats, the fatter it gets!!!