Home / Markets News & Opinions / Are ‘Pull’ Credit Card Transactions Making You Overly Vulnerable?

Are ‘Pull’ Credit Card Transactions Making You Overly Vulnerable?

Last Updated March 4, 2021 4:42 PM
Valerie Love
Last Updated March 4, 2021 4:42 PM

Credit cardsWhat happens, behind the scenes, when you swipe your credit or debit card? And the bigger question: can you trust all the parties involved?

When you swipe your credit card at a retailer, potentially hundreds, if not thousands, of people could be involved in that transaction. How is that possible? Isn’t money moving directly from your account to the merchant’s account?

Identity + Access = Vulnerability

Not only is the answer to that question a resounding NO, most would be mildly uneasy to discover the number of people who get access to both identifying information and bank accounts whenever a transaction is processed; a vulnerability we’ve been willing to put up with because the choices were few and the convenience level high.

Credit Card Transaction Trail

What happens when you conduct a credit card/debit card ‘pull’ transaction? You set into motion a complex set of actions initiated, completed and passed to and through several intermediaries in the cycle:


The diagram shows that the following parties will have both your identifying information and access to your bank account:

  1. The merchant
  2. The merchant’s IT supplier
  3. The acquiring bank
  4. The acquiring bank’s 3rd-party processor
  5. The card network (MasterCard, Visa, Paypal)
  6. Your card issuer
  7. Employees of the above institutions that have access (or who can get access)

The short list of people you must trust in this scheme could be as few as a dozen; the long list could number into the thousands.

Perhaps a bit more unsettling is this: how many times a day do you use your debit or credit card, thus multiplying the numbers?

We shouldn’t be shocked at the hacking of Target (or any other retailer). We should be shocked that we haven’t all been robbed blind in the ‘pull’ system.

Bitcoin’s Simple Push

Bitcoin’s system is super simple, especially if using the core Bitcoin protocol (rather than a fancy service) to send funds. It’s as simple as a click of a button from one person directly to the other. Or, you, the consumer, initiate a payment from your wallet to the merchant, without ever handing over detailed identifying information or access to your stash.

Pure peer-to-peer transactions eliminate the middleman (that, in ‘pull’ transactions could mean dozens of people and theoretically thousands). Also avoided are the associated fees.

Can I Borrow a Spoon?

To me, pull vs. push transactions could be illustrated by borrowing a spoon from your neighbor. The neighbor could swing the door wide open, grant access to the whole house, leave, and hope you’ll go in, only get the spoon, and leave. They’re also betting that no one else is going to enter.

In a Bitcoin ‘push’ transaction, you stand outside the locked door while the neighbor fetches the spoon. They come to the door, give you the spoon, and you go on your merry way, never having had access to the house.

When Will We Learn?

The onus is on each person to secure their valuables. When we hand over access to our valuables to third parties, especially multiple 3rd parties, the vulnerability factor rises; throw in the possibility of the merchant being hacked, and that factor expands exponentially.

Huge opportunities exist in the cyrpto world to bring about massive change in how point-of-sale transactions are processed.

Ultimately, you are in charge of your valuables (whether it’s Bitcoin or fiat), how it’s spent, and who will have access to it.

Images from Coincenter.org and WikiMedia Commons.