Oh, I'm fairly certain that the information sharing would only go one direction: the merchants would share the data to the credit card companies, who would run fraud models on it and provide near-real-time feedback to the merchants.
In terms of user privacy, this gives the credit card information more information than they already have access to. It is reasonable to worry about the privacy implications of that sharing. But to be honest, the credit card company already knows a great deal just from processing the customer's purchases. Adding in the delivery address (when it differs from the card's billing address) is a leak of personal data, but not a huge one. Additionally, we might be able to put in place contractual controls limiting the data to certain uses. I can assure you (from my own experience), credit card companies are well experienced at compartmentalizing data and limiting data sharing.
In terms of user privacy, this gives the credit card information more information than they already have access to. It is reasonable to worry about the privacy implications of that sharing. But to be honest, the credit card company already knows a great deal just from processing the customer's purchases. Adding in the delivery address (when it differs from the card's billing address) is a leak of personal data, but not a huge one. Additionally, we might be able to put in place contractual controls limiting the data to certain uses. I can assure you (from my own experience), credit card companies are well experienced at compartmentalizing data and limiting data sharing.