Background information

Data protection at InterCard

Sensitive data - transparent and secure

Your client can pay by card with peace of mind: InterCard stores sensitive cardholder payment data with due care and for specific purposes. And it also complies with the very highest technical security standards as well as all statutory provisions.

As a service provider to the trade sector, InterCard primarily processes cardholder payment data as data controller. However, InterCard also operates in some segments as a data processor for the trade sector and its service providers. The data are in part personal data pursuant to the General Date Protection Regulation (GDPR) and the German Federal Date Protection Act (BDSG) and are used strictly for their intended purpose. In particular, they are not used for sales or marketing purposes. The data are protected by the very highest applicable security standards (including PCI DSS).

When using the data, where possible, InterCard first consults with the competent Bavarian Data Protection Supervisor as well as with other national organizations.

InterCard is regulated by the Federal Financial Supervisory Authority (BaFin) and must comply with the Money Laundering Act, the Payment Services Supervision Act and the Banking Act , among others. InterCard must also store and assess its clients’ transaction data suitably. These are used transparently and for their intended purpose - while ensuring the highest possible level of data protection and data minimisation.

The regulations as recommended to the merchants in the following appendix apply to ec direct debit payments made via InterCard (ec debit card payments and signature-based payments).


With online direct debit payments, InterCard assumes the merchant’s bad debt risk in some cases. In these cases, in order to limit the payment default risk, the name and address of the invoice recipient is communicated to InterCard and, using these data, InterCard performs an address check and a credit rating with the following service providers:

a) To check the postal deliverability and correct spelling of the name and the address of the invoice recipient: Deutsche Post Direkt GmbH, Junkersring 57, 53844 Troisdorf, Germany

b) To limit the credit risk, based on the name and address, we request information about the previous payment behaviour and credit rating information based on a mathematical/statistical method using address data (Rating to calculate the likelihood of payment) from infoscore Consumer Data GmbH, Rheinstraße 99, 76532 Baden-Baden, Germany.

These data are stored and used by InterCard solely for the purpose of preventing fraud and limiting the risk of payment defaults.
The merchant has a contractual obligation towards us to forewarn its clients of these checks.

The data stored by us will, as already said, only be used to process payments, perform risk checks and, where applicable, process returned direct debits and will be forwarded to the relevant banks for further processing. The data are used strictly for the intended purpose only and are not used for marketing purposes or sold on to call centres.

We are happy to provide information about personal data stored by us subject to an appropriate postal request and will explain to you how we process transactions. To this end, we must nonetheless consult the competent data protection supervisor and follow the requisite verification channels, as we do not usually know your address. On data protection grounds, we may not release specific transaction data to ‘unknown parties’, i.e., potentially to an ‘imposter’. When providing information, we must comply with the security provisions agreed with the data protection supervisor.

Data Protection Officer

F: +49 89 61445 - 513