California credit card ruling raises consumer privacy concerns

By , CardRatings contributor
  • Google +
  • Twitter
  • Facebook

A court ruling in California could pit privacy-conscious credit card users against retailers in a conflict over how companies can use customer information. In a February decision, the California Supreme Court ruled that online merchants selling digital downloads can ask for shoppers' personally identifiable information, such as ZIP codes and phone numbers, even if that information doesn't directly pertain to the sale.

The Song-Beverly Credit Card Act has governed credit card transactions in California for the past two decades. Retailers operating in California and in other states often fall back to the Act's rules as a lowest common denominator for their nationwide policies. Under California's previous rules, retailers could only ask for address and contact information when arranging delivery of shipped goods, when processing a security deposit or cash advance, or when required by either a credit card payments network or a federal regulation.

The court ruled in opposition to a lawsuit from an Apple customer who contended that the company did not need his telephone number or address to authorize the sale of downloaded content through iTunes. The court suggested that online retailers lack the same protection against credit card fraud as merchants with physical storefronts who can verify a customer's identity by asking for photo identification. However, the court did not account for merchant agreements with credit card networks that specifically prohibit retailers from checking identification at the point of sale.

According to Evan Schuman at StorefrontBacktalk, retailers like Home Depot have already used customer databases to merge online purchase histories with in-store activity records. When used effectively, consumer information can help retailers improve product selection and make appropriate suggestions for future purchases. Under the new ruling, a retailer with both online and virtual storefronts can collect key information during digital download orders that can then be merged with receipts from in-person sales.

Opponents of the ruling suggest that marketers could put customers at risk of identity theft, especially when merging information from external profiles. Writing on a University of California Berkeley blog, technology law scholar Babak Siavoshy noted that many corporate data breaches involve personally identifiable information stored without a specific purpose or a data governance process in place. Digital wallet services, such as Visa's V.me program, can prevent credit card numbers from being stored in retailers' databases. However, participating merchants must still take precautions to secure other customer information.

0 Responses to "California credit card ruling raises consumer privacy concerns"

No Comments

Leave a Comment
About Our Ratings ×

Our editors rate credit cards objectively based on the features the credit card offers consumers, the fees and interest rates, and how a credit card compares with other cards in its category. Ratings vary by category, and the same card may receive a certain number of stars in one category and a higher or lower number in another.

The ratings are the expert opinion of our editors, and not influenced by any remuneration this site may receive from card issuers.

Advertisers in our database are highlighted, and advertisements include an option to apply using links on our site. CardRatings.com may be compensated by companies mentioned on the site when a user's application is accepted or approved by such companies.

How do your cards stack up?

Compare your card starting here


Featured Partner Cards