There are multiple attack vectors. One of them is "why did I just get another charge from that place we visited last June". Another being "oops, we plugged our pin into a skimmer", etc.
Agree that letting Visa/MC/whomever know everything about your transactions is a choice...
Otoh if they pay you 3ish % for it, you might decide you're more than happy to.
I have half a mind to make a debit card that lets you whitelist merchants. You use the same card everywhere, but unless the merchant is in the whitelist, the charge fails. Also, you can set limits and rules.
Basically like privacy.com, but why use a new card per merchant?
hackers need not apply. I'm sure retailers will happily sell your transaction data to a third party aggregator, and that transaction data is more fine grained than what Visa gets to know about you (spending at Walmart vs specifically buying diapers).
So now Apple gets to know what Visa knows. Still, for the time being, they don't seem to know individual items. And many here seem to think Apple is more trustworthy than random anonymous data broker.
I agree with the GP, this is a huge privacy blind spot.