GameStop, Other Retailers Subpoenaed Over Credit Card Information Sharing

New York State's Attorney General, Andrew Cuomo, has subpoenaed a number of online retailers, including GameStop, Barnes & Noble, Ticketmaster and Staples, over the way they pass information to marketing firms while processing transactions. MSNBC explains the scenario thus: "You're on the site of a well-known retailer and you make a purchase. As soon as you complete the transaction a pop-up window appears. It offers a discount on your next purchase. Click on the ad and you are automatically redirected to another company's site where you are signed up for a buying club, travel club or credit card protection service. The yearly cost is usually $100 to $145. Here's where things really get smarmy. Even though you did not give that second company any account information, they will bill the credit or debit card number you used to make the original purchase. You didn't have to provide your account number because the 'trusted' retailer gave it to them for a cut of the action." While there is no law preventing this sort of behavior, Cuomo hopes the investigation will pressure these companies to change their ways, or at least inform customers when their information might be shared.

PCI?

[harlows_monkeys]

There may be no law against it, but how does it comply with PCI security requirements? Shouldn't those companies be losing their permission to accept credit cards?

Re:PCI?

[Hognoxious]

Is the customer informed of this charge before completing the sale? It seems to me that the honest and transparent thing to do would be to add the service fee to the price.

I like to know what I'm paying for, and how much I'm paying for it. I don't think that's unreasonable. Even airlines[1], who are notorious for adding x number of random surcharges to the advertised price give you an itemised breakdown before you commit.

[1] I mean reputable ones, not Sleazyjet or Tryonair.

So if I use some one else's credit card

[ImNotAtWork]

with out authorization it is credit card fraud among other things that a DA will throw at me. If a business gives my information to a third party and the third party charges my credit card then that's just sharing? I need to start up a couple of businesses.

Legal but dishonest

[Shrike82]

From TFS:

While there is no law preventing this sort of behavior

Well that, right there, would appear to be a fairly large gap in the legal system. Common sense, decency and good old fashioned right and wrong clearly indicate that there should be a law against this.It reminds me of a scam that a site called RedSave.com ran in the UK. Hidden way, way down in the tiny small print of their Terms and Conditions when you made a purchase was a line that stated "We will charge you £20 every month unless you contact us to opt out". Apparently this isn't against the letter of the law, but it sure as hell isn't a good business practice and isn't in the interests of the consumer. It, and the situation from TFA, are examples of cynical, money-grabbing exploitation of customers. One can only hope that a sensible judge has the balls to come down really hard on them, discouraging others from trying these sorts of practices in the future.

Yay!

[sesshomaru]

This is the best news I've heard in a while. I do tech support for a local Buddhist temple, which has some staff authorized to use corporate credit cards to buy supplies for the temple.

Well, more then once I've been called in to help out with the mysterious charges on their credit cards, and it's always because of this scam. These people are both good-hearted and completely unsophisticated, they see someone offering a discount they don't question it. (Recently these scam artists had to change up their fine print so it's easier to read due to lawsuits in other states.)

The worst thing is it's semi-reputable companies destroying their brands for the sake of getting $10 a month charges out of grandma's checking account. I mean Barnes and Nobel? I used to work for them, I can't believe they've sunk this low.