Slashdot Mirror
Court Says California Stores Can't Ask Customers For ZIP Codes
Hugh Pickens writes writes "CNN reports that the California Supreme Court has ruled that retailers in California don't have the right to ask customers for their ZIP code while completing credit card transactions, saying that doing so violates a cardholders' right to protect his or her personal information, pointing to a 1971 state law that prohibits businesses from asking credit cardholders for 'personal identification information' that could be used to track them down. 'The legislature intended to provide robust consumer protections by prohibiting retailers from soliciting and recording information about the cardholder that is unnecessary to the credit card transaction,' the decision states. 'We hold that personal identification information ... includes the cardholder's ZIP code.' In her lawsuit, Jessica Pineda claimed that a cashier at Williams-Sonoma had asked for her ZIP code during a purchase — information that was recorded and later used, along with her name, to figure out her home address by tapping a database that the company uses to market products to customers and sell its compiled consumer information to other businesses."
Worse is O'Reilly auto parts. They want your name, address and phone number.
They told me it was for "warranty information". I was buying a quart of oil.
I walked out and went and bought it at Walmart instead.
I have no idea why Pier1 asks me for my zipcode every time I buy something small like a mug or a pillow. And I pay cash most of the time.
How are they able to sell that information? I'm sure a better profile of me is stored in loyalty cards at Ralphs, Vons, or wherever.
The law provides for the collection of personally identifying information that's necessary for the transaction. Online, this includes the billing zip code. This ruling apples to card-present retail transactions. FYI. Here's the entire decision: http://www.courtinfo.ca.gov/opinions/documents/S178241.PDF
geek. lawyer.
Why does it take so long for someone to finally challenge crap like this? Every time someone asks me for this kind of information at the register it just makes me mad... with so many other ways to validate my identity there is zero excuse for exposing this kind of data to retailers.
Here's to hoping this cascades to other states... who am I kidding, somewhere a lobbyist is talking with a CA state senator about when and how quickly they can amend the law.
-rt
While that makes sense in theory, merchants do have the right to verify the identity of a customer attempting to use a credit card. Won't they just request to see a driver's license instead? Then they would have access to much more personal information than just a zip code. I don't really see how this law ends up protecting anyone.
I have noticed many gas stations around here now require you to enter your zip code when you pay at the pump. I assume it's an extra validation against the zip code on your credit card.
Sorry timothy, no such zip code. 66606 puts you in Topeka, Kansas.
I'm not sure I like this. In california I've had the pumps at gas station ask for my zip code rather than my PIN. At some stations I think I'd prefer to only provide a zip code.
I have no idea why Pier1 asks me for my zipcode every time I buy something small like a mug or a pillow. And I pay cash most of the time. How are they able to sell that information?
They are not profiling you, they are profiling your neighborhood. They are probably trying to figure out what neighborhoods they should spend their ad money in, or trying to measure the response to advertising in neighborhoods.
The law provides for the collection of personally identifying information that's necessary for the transaction. Online, this includes the billing zip code. This ruling apples to card-present retail transactions. FYI. Here's the entire decision: http://www.courtinfo.ca.gov/opinions/documents/S178241.PDF
Except the billing zip code happens to be a very important (though not the only) piece of AVS (Address Verification System), which is used to combat fraud. In a nutshell, the merchant submits the customer's address along with their card info, and (depending on the merchant's arrangement) the credit card processor checks to make sure certain parts of that address match what's associated with that card number. Zip code happens to be one of the most reliable.
Radio Shack asks (or used to ask) for your zip code on any purchase -- even if you were buying batteries and paying cash.
(This may have changed at some point; I haven't bought anything at Radio Shack in the past two decades.)
There's no -1 for "I don't get it."
Here's my postal code, F0K Y0U (canadian Postal Code FTW). It's not like you have to give real information.
read an actual merchant agreement some time
(the one between the business and visa)
merchants are FORBIDDEN to ask for ID as a condition of using a credit card...
if the signature is good, and the card is present, you may NOT ask for ID just because its a credit card.
if you require ID of all purchasers say, for a hotel, you can ask for ID.. but not just because it is a credit card.....
doing so violates CC agreements.
(merchants aren't even supposed to accept cards that say CID or SEE ID)
if it is UNSIGNED, we are to request ID, then get the card holder to sign the card before accepting.
(I have a merchant agreement, I've read it, and I've read the merchant operations PDF's at the major sites)
every day http://en.wikipedia.org/wiki/Special:Random
Hopefully gas station pumps can continue to ask for a ZIP rather than a PIN. Just a personal preference.
while at a "pay at the pump" transaction I dont mind giving my zip to verify my ability to use the card, the zip outside of that type of transaction is bogus!. you have no right to it.
Now then my favorite trick is when a cashier asks for my zip during a face to face transaction where the info is strictly customer base tracking, I enjoy using zip code 99501. Yes, thats the zip for Anchorage, AK. I'm in Indiana. try to figure THAT out mister statistics man...
Comment removed based on user account deletion
The problem is that merchants are not requesting the zip code to verify the credit card transaction. The merchant collects the zip code for marketing, and that is impermissible because the zip code is part of the consumer's protected personal information re: credit card transactions. If merchants asked--or more likely, had you input the zip code like you do at a gas station kiosk--for the zip code for verification purposes then your analysis would be correct. But they don't.
The government doesn't when it comes to real numbers like unemployment or how many die in war or how they died. Companies lie about earnings all the time and if unlucky get caught and pay a fine. But none of these people including politicians seems to do time for it. My guess is if people just gave out bogus information for things like where they live, or how old they are, then all that info and meta info becomes a problem and the companies will stop using it against people.
Interesting, if upheld, this could push the PCI DSS Council to add Zip to the list of non public information that must be encrypted.
And that would effectively mandates QSA's find every gas station in California in violation of the next wave of PCI DSS criteria.
The expense of coding testing, QA'ing, promoting encryption on Zip (at rest and in transmission) could be high as compared the moderate to minor risk that companies are stalking their customers using Gas Station data.
If it is necessary for your credit card to go through, then you have to give it anyway.
If it isn't needed by your credit card, then there is no reason you can't just interpret their question as "please name a zip code". There is a store by my house that I know will ask zip code prior to any purchase that probably thinks they have had a customer from every state including Alaska and Hawaii last year.
Unfortunately, there doesn't seem to be a way to get the retailer to only use my address for this purpose.
Sleep your way to a whiter smile...date a dentist!
While asking for a zip code may be necessary, retailers (despite their insistence) do not have the right to require that you show identification.
Every major credit card company I'm aware of has explicit terms in their merchant agreements that prohibits the requirement of "supplementary identification" to complete a transaction.
If they tell you their store policy requires it, feel free to require them to call the credit card company and be told they can't :-)
About the only time they can get away with requiring that you show identification is when state law does so (e.g. tobacco
And if gas station pumps stop asking for a ZIP the solution is obvious... change your PIN to your ZIP.
If someone steals your wallet, they have your credit card, and they have your zip code. Not very secure.
Bullshit. If my credit card company wants to talk to me and ask me security questions, they can ask the merchant to put me on the phone. The merchant is neither law enforcement nor my legal counsel. They have their arrangement with the credit card company. I have my own, separate arrangement with the credit card company. And never the twain shall meet. And if the risk of doing business is too great for that 3% or 5% or whatever they earn on every single transaction before even thinking about interest, then the credit card company should close its doors.
Seven puppies were harmed during the making of this post.
Asking for a ZIP code IS a legitimate way of verifying a card isn't stolen. Probably not the best method, but it's a common one in the wild.
It's also a legitimate way for the store to say "Hey, we got a lot of customers coming in from two towns over to shop here. Maybe that'd be a smart place to build our next store."
MSIE: The world's most standards-complaint web browser.
Except for those countries where zip codes are not widely used. This could apply for local [US] purchases.
Open Source Network Inventory for the masses! Kuwaiba
I don't understand this. Don't you have PINs in the states?
What?
Sounds to me like the law is only treating symptoms. How about a law that makes it illegal to sell customer info without their express written consent?
What?
If they wanna pay w/ a credit card then we need a zip; pay with cash, no zip code required.
When I'm paying in person with a credit card and a retailer asks me to provide my zip code, all I do is say "I'd rather not." Been doing it since the early 80's, when the practice first started. It's almost never a big deal. Very rarely (maybe once in several years) the cashier complains and I say that my zip code is 12345. They just want something they can punch in so they don't get in trouble with their manager.
Cashiers at some bricks-and-mortar retailers ask for a zip code even when I'm paying cash. I just give them a quizzical look and say, "Oh, I'm paying cash."
Find free books.
Below is right about the bleach, but there are other concerns as well.
Ever been poked accidentally by a barber? Now, what happens if they draw blood (even a drop is enough) and you're HIV positive? It's a reasonable question to ask.
Or, simple things like hair lice or other vermin that could be infesting you.
Some of it is obviously marketing driven (hair cut count, family members, etc..), but the other stuff is not as sinister as it might first appear.
Just about every time I go to Fry's, they ask for my ID. Just about every time, I file a merchant complaint with Mastercard.
I wonder if this ruling is why the gas station I bought fuel from this afternoon didn't ask for my billing ZIP code for the first time ever. It immediately struck me as surprising in a good way. Then, I read this story a few hours later. The timing is almost too blatant to be an accident.
Check out my sci-fi/humor trilogy at PatriotsBooks.
For debit cards yes. Credit cards generally don't...
Better than letting someone use a dropped Credit Card or copying the strip. It is not much extra to add a bit of security. If we wanted very secure, we could use a unique PIN, but for gas zip seems secure enough.
According to one article I read, gas station use of zip is legal because the info is transmitted directly to the credit-card company for fraud prevention and not stored by the retailer.
What got them in trouble is doing unauthorized back-end matching and marketing. Gotta hand it to the sleaze-balls who argue:
"...the law was never intended as sweeping privacy legislation to prevent a retailer from using legal means to send catalogues to its customers."
and
"...this kind of litigation has caused retailers to reconsider doing business in California."
Yeah, right. We're exiting the 8th largest economy in the world because they value their privacy. Boo hoo.
It's even more fun when you don't actually live in the US and are just visiting. They typically get very confused when you start saying letters.
As a tourist, I find that this system sucks, as my (Australian) bank doesn't do this kind of authorisation, so any petrol pumps I've tried to use in the US have failed.
If my credit card company wants to talk to me and ask me security questions, they can ask the merchant to put me on the phone.
It's not likely for the CC's company's protection, it's for the merchant's. It's the merchant that bears most of the risk for fraudulent transactions, and it's their decision to add an extra validation step.
There are 2 sorts of cards in the US: ATM (or check) cards and Credit Cards.
The ATM cards, are pulling money directly from your checking account, and they require a PIN.
Credit Cards, are credit. You receive a monthly bill that you can pay in full (for no fee), or partially but with a usually high interest rate (what most people seem to do). You only need to sign, no PIN involved.
Now, you can pay with your Visa ATM without the PIN by saying it is a credit card (I believe they like that since the credit card transaction fees are higher).
I know retailers pay a lower fee if they can match the house address and zip code to the swiped/entered credit card. May only be a little bit, but it can sure add up.
But if the retailer is just asking for the zip code, but not the house address, then that is probably just phishing for info...
Anyways, if a merchant asks to see your card, then asks for identification (to match name on card to name on license), they can always mentally note any information they choose as well.
If someone is really worried, just pay in cash!
The gas station I use makes me punch in my zip code after I slide my credit card in the card reader. Presumably this would not be OK either, right?
You realize that consumer privacy protections and gun control are not mutually exclusive, right?
gas pumps currently use the zip to verify it's your card...
No they don't. The zipcode is never sent to the credit card company. It's collect for demographics. Try putting in a bogus zip if you don't believe me.
I'm from Canada you insensitive clod. Our "zip" codes have letters in them, try finding those on the keypad on a pump.
Once I was a four stone apology. Now I am two separate gorillas.
They're not allowed to ask your zip.
But they're also required to ask it, because in California they are required to charge and report sales tax based on YOUR zip code, not theirs.
So now which law do they obey, and which law do they break?
I'm from Canada you insensitive clod. Our "zip" codes have letters in them, try finding those on the keypad on a pump.
Funny, I remember sending text messages on non-smart phones with only a keypad and no keyboard. ;-)
So the act of recording the ZIP is why they violate the law, and not when they use it to "complete the transaction". The use at the gas pump better only be for completing the transaction, and they better not be recording it.
And I was starting to question why I still live here...
I have - right after a move, I forgot whether or not I had updated that particular card and guessed wrong. The machine bounced the card and locked into a "See attendant to complete transaction" mode. I drove up to the next machine and swapped cards just to be sure.
I thought the reason retailers ask for your zip code is so they know what rate of sales tax to charge you, and which state gets said tax.
Do you get asked for zip code if you pay by cash?
With zips, most stores are trying to find where the customers are to advertise. I think there are tens of thousands in my zip, so why should I care.
Then I wont ship to your house. I can check the billing address with the credit companies to verify if that's the same as the mailing address. That is to say, I can access your zip code from your credit card number to verify that the item is being sent to the same address as the billing address. So I don't need to ask you; I can get your number without you.
my zip is 90210
Only if your zip code is in your wallet. The only thing with my zip code on it is my ID. I change addresses much more often then I change IDs. The ID in my wallet right now has a zip code on it that hasn't been my billing address except for brief periods of time pretty much since I had a credit card.
I went for oil change and the cashier said they need my address, cell phone number etc etc. I said I am going to wait inside the shop and I am not willing to give anymore information than necessary. After a few back and forth "we want", "I won't" he gave up. I don't know why the heck they need even VIN number and odometer reading. Just change the effing oil and be done with it. I work in an industry auxiliary to marketing research/telemarketers and even they don't know why.
I work at a small business. We use a terminal to manually enter credit cards to be processed, as most of our orders come in over the phone or online. The cc terminal uses number/name/exp. date/CCV for the go-ahead, then uses the home address # and zip code to verify the cardholder. If the info doesn't match up, we pay a higher fee because it's a "higher risk transaction".
Their agreement is that they are liable for fraud, and higher fees associated with less information in the transaction, so they will ask for whatever information they need. The merchant fees are often higher when the zip code is not used. The merchant account processor just passes the cost of the extra liability onto the merchant, if they chose to process the card without the zip code.
And you do not want to get the issuing bank contacting you, like with verified by VISA. In that case, liability is shifted from the merchant to you.
Yeah, they tried that. Then we told them we just won't accept credit cards then, they backed down VERY quickly.
Got to love the "free" market. CC is barely used here, PIN payments directly from the bank are the vast majority of legit deals. In fact most shops won't even deal with credits cards full stop.
Maybe it is time for American merchants to develop an alternate method because having had to read up on CC transactions, it is pretty sure who profits most out of it and it ain't the customer or merchant.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
*sigh*
We consumers have rules and contracts that we must follow when using credit cards.
Merchants do as well.
These practices are, generally, in complete non-compliance with the Merchant Agreement which has been, perhaps surprisingly to you, agreed to by the merchant.
And, simply: If they don't like the terms of that agreement, then they needn't accept credit cards. At all.
Like anything else in life involving money, you either play the game by its stated rules, or you don't play at all.
Kid-proof tablet..
It is not illegal in California for a retailer to see a person's ZIP code or address, the ruling notes: For instance, one can request a customer's driver's license to verify his or her identity. What makes it wrong is when a business records that information, according to the ruling, especially when the practice is "unnecessary to the sales transaction."
So, ASKING for the zip code itself was not wrong, using it for marketing was the wrong bit. Had they kept the zip purely for the transaction (as proof for later challenges making it necessary for the sales transaction) and NOT used it for marketing, then everything would have been okay.
Once again, slashdot fails to read the full article and jumps all over the place with its conclusions.
The company would have been just as wrong if they had used their credit card information they get back from the CC company for marketing purposes. This is about using information from one set of data in another set of data without permission being given.
And it is ALSO okay for shops to ask you for your zip code for marketing purposes as long as it is clear that is what it is for. You can just say no. In Holland at least companies put up a sign telling you what the request is for.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Fine.
But those are different from the "card present" transactions which are being discussed here.
Kid-proof tablet..
I couldn't resist, and looked it up on the US Postal Service site. The answer:
"The ZIP Code you entered could not be found in our database. Please confirm the ZIP Code and try again."
I guess that they have a way of recognizing that the card is from a foreign country, and handle it differently. Or totally refuse to accept it at all.
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
A very important security process that depends on the secrecy of ZIP CODES??? Is there any personal information you couldn't require on this completely ludicrous rational? Thankfully the judes aren't quite that gullible.
I always wonder if there's a spike of 31337 entries when postcode data is being gathered...
a lot of stores in my area asks for zip codes. I usually make up a five digit number or give one of some town in another state.
Whenever I buy something online or offline, when I am asked for information, which is not relevant for die deal, I lie.
Having built a myriad of websites in my time I can say with some authority that at any time a business has any contact with any customer, client or potential customer, or someone who's filling out the "contact us" form on the website they will not pass up the opportunity to request their name,DOB,email,address,postcode,phone number,NI/IRS/TAX code,type of dwelling,number of bedrooms,number of children,favourite ice cream,dog's name and colour of socks.
They will also make all of these mandatory, even if all you want to do is ask "are you open on sunday?"
I don't think there's any actual purpose to this, I just think that if there's a database then the boss will want to fill it with as much "data" as possible, just in case it's handy. Even if it's illegal they don't care, they probably don't even plan to use it for marketing, they just NEED TO KNOW!!!!
If you don't risk failure you don't risk success.
In the UK there are also 2 types of card. Debit cards and Credit cards.
The debit card acts the same way as your ATM card, and it requires a PIN.
The credit card acts the same way as your credit card, but it also requires a PIN that is different from the debit card pin (though you're free to set them to the same if you so wish).
I still don't understand why the US does not use a PIN on their credit cards..
Could always do what I do, Lie
20500 is my zip according to most companies
20500 = White House
Is your ID a Driver's License? Technically, where I live you are required to notify the registry of motor vehicles whenever you change your address, and they actually send you a sticker to put on the back of the license with your corrected address. So you'll always be carrying around your ZIP Code if you're in compliance. Not that I imagine everyone is so diligent.
RETURN without GOSUB in line 1050
This sounds entirely bogus to me. I work for a pizza delivery restaurant. I don't usually bother to ask customers for their zip code for credit transactions, but some cards are rejected if the correct zip code for the card's billing address isn't entered. If a card is rejected the first time i try to run it, I always ask for the billing zip.
It was Great Clips or ClipNSave or Cost Cutters, one of the big ones.
There's your reason: it's corporate. Some junior executive had the brilliant plan to gather marketing information at "no cost" and use it to advance his career.
Barbershops are one of those businesses where mom & pops are clearly superior. Not only do you cut the bullshit, you also most likely cut the crowds.
What about gas pumps that want your ZIP code as part of their authentication scheme for a credit card? Many still do it, and won't authorize against the card if you enter the wrong code.
Learning HOW to think is more important than learning WHAT to think.
The zip code helps the stores fight fraud. I don't think that the general public realizes that businesses have to pay the price of credit card fraud. They can have the physical credit card, a full address, the CID number and still have to pay. If the person using the card stole the card and the information it's the businesses that loses the money. So they want to be able to prove as much as possible that they have the right person.
Does this also apply to gas pumps? I actually like the fact that gas pumps and self checkout lines make you put in your zip code for security reasons.
Wise men say, "Forgiveness is divine, but never pay full price for late pizza."
During a purchase of a bottle of wine at Target along with some other odds and ends, the cashier asked for my drivers license. I thought nothing of it (though I haven't looked younger than 21 in a decade, but whatever). Foolishly, I let him hold it, which he then proceeded to swipe the magnetic strip on it. Now, there's a big difference between typing in a birthdate and storing all my driver's license info in their computer. Needless to say, my license never comes out of it's viewport in my wallet from then on. Watch out - I think a lot of stores are getting really brazen about how they collect your data.
Here in Ohio they ask so they can calculate the correct sales tax. Different cities tack on different taxes. I imagine retailers just use a standard zip code, if people get snotty (probably the highest tax). I'm sure they have other reasons to get as much info as they can, but taxes is definitely one reason here.
Whenever I was asked for info, I would just say "cash" and they knew what to do and stop asking questions. If it is a credit card terminal then I know to plug in my real zip code. If I am pressed for my zip code when the transaction starts with the cashier, as a teen in the late 80's I always just give them 90210 and they don't bat an eye.
If they are asking for my data without my permission, I don't really see a problem with throwing a few data spikes in their data harvest.
Microcenter is another one of these that demands addresses. You can sometimes see the screen they are working on, just tell them your last name is "Jones" and when several pop up say you recently moved and tell them "yeah, the third one on the list there is me".
There is no legal requirement to be truthful with these quizzes, have fun with them!
Which is exactly where it belongs. I need to make sure no one steals my credit card, and report it immediately if it gets stolen. I don't have to use a credit card, either. The only time the bank is responsible is if someone forges their cards or otherwise breaks their system. However we live in a world of free-loaders who want all the credit in the world, and none of the responsibility. The merchant must only ensure that the card is a real card, just like he must ensure that those $20 bills are real $20 bills. The card owner must ensure that his card hasn't expired and that he hasn't lent it out to anyone or better yet, stored the number in his browser on his computer. And that's that.
Seven puppies were harmed during the making of this post.
White House, 202-456-1414
I recently heard on NPR that the postal service no longer requires exact addresses when sending out bulk mail.
Businesses like this since they no longer need to maintain or buy address lists, and now can "blanket" an area with bulk mail.
I assume the postal service also likes this since it increases their mail volumes.
-ted
http://online.wsj.com/article/SB10001424052748704803604576078131322160002.html
Zip code happens to be one of the most reliable.
I thought the exact same thing. In the same store at checkout, depending on which credit card I use, I get asked for my zip code or I don't. American Express asks for billing zip code, while Visa doesn't. When my mother drove across country from LA, by the time she got to Chicago, she had to personally speak with the credit card company (American Express) to verify that her identity hadn't been stolen.
How many people actually know the zip codes around them? That's why it's the most reliable. My company moved three blocks in downtown Chicago to the other side of the river and went from a 6060* zip to a 6066* zip and we can literally see our old building. How likely is it an identity thief knows the victim's zip code off the top of his head?
On topic: what's the problem with memorising a ZIP-code to somewhere other than where you live?
Two reasons.If they want the zip code for idle curiosity why even bother? I could just say 5 random numbers. However where I have had more problem is buying petrol where they require that the ZIP code to match that on your credit card billing address. So memorizing a valid ZIP code would not help since there is no way any 5 numbers will match a postcode with letters!
California used to be really bad at that particularly near SF airport when trying to fill a rental car for return. In fact I've had several garages refuse to serve me without a ZIP code so I am very happy to hear that this is no longer legal.
Not every state sends a sticker. Illinois just lets you carry an outdated license.
The vendor isn't violating a customer's rights by asking for their zip code. Purchasing something at a store is a voluntary transaction between two private parties. If a vendor wants to put conditions on that transaction, that's their prerogative. If the customer doesn't agree to those conditions, he or she is free to not engage in the transaction. The state is violating the vendor's rights by putting restrictions on how they can do business.
The reason they ask for your zip code is to reduce the amount of credit card fraud. If they are legally prohibited from doing this, there will be more credit card fraud. Credit card companies factor in the level of fraud into their financial calculations, and compensate for it by raising interest rates. So the unintended consequence of this law will be higher interest rates for everyone.
Cause they always ask for zip codes for identity conformation.
Er, so I've heard anyways...
I would have filled it in with bogus information...
Name : Ivor Longhair
Phone: (premium rate no, especially setup for this type of thing, so I get £5 a min credit if they call)
Address: Google Earth it, somwhere in the same area to be believable.
Email: fu@noneofyourbusiness.com
I bet the staff don't even read it.
The merchant is the one that eats the cost of fraudulent transactions, not the card company. One could argue that you always could use cash if you wanted to be anonymous.
I love how the article is how someone wanted to protect their privacy and then CNN goes ahead a post the name "Jessica Pineda" as the complainer. GG CNN, nice about being professional adults and not caty teenagers.
Thanks for posting the link to the ruling. I read about this case this morning, and my first reaction was incredulity at the stupidity of prohibiting any kind of authentication of a credit card transaction. A closer reading, and the actual ruling, tell me that what this was about was not authentication but the retailer's misuse of authentication information needed for the transaction
It's one thing if when a vendor wishes to verify that I know the billing ZIP code of the credit card I am presenting for payment, because it might not be my card. It's another thing, though, when that information is stored and used for other purposes. It's kind of like going for a test drive in a car and presenting my driver's license to assure the dealer that I know how to drive a car, and then having a credit check run so they can figure out how much money I might be good for.
"Who controls the past controls the future. Who controls the present controls the past." -- George Orwell
I wish gas stations would stop asking for ZIP code. I hate that!
In New York, the sales tax is tied to the retailer's location AFAIK.
I listen to both RIAA and non-RIAA stuff if I like the music, tangential business/politics nonwithstanding.
I usually go with the zip code 90210, people look at me funny, and I say, "What, you got something against California?"
Only recently have I been hit up for a phone number, which is easy. Just say "(local area code) 867-530 Niiiieeeeeeiiiiiiiiine. Ya got it?"
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
I frequently get asked for the zip code and either I tell them a fake one or I tell them I just moved here or to the next city and don't know the zip code yet. Either way they enter the wrong zip code :-))
Are we *really* THAT scared in today's society, that we can't even go to get a friggin' haircut without filling out all sorts of forms?
Barbers and hair stylists have managed to get by just fine since the beginning of civilized society without feeling a need to have paperwork filled out about their clients' "medical conditions"! I'm pretty sure it's exceedingly rare that someone comes in with a head full of lice, wanting a haircut at one of these places. And if they did? I'm pretty sure the person doing the haircuts would quickly see the problem and refuse to finish the job.
And the whole drawing blood and HIV positive thing? I think that's a bit on the paranoid side. Even if someone is HIV positive and comes in for a haircut, and the barber accidentally pokes them and draws a drop of blood? It's fairly close to impossible for that to get transferred to the barber and give him HIV. It's not like he's licking his razor blades to clean them or anything, you know ... He'd have to have an open wound of his own that happened to directly touch that drop of blood for it to have ANY chance of doing anything at all. When you start playing "what if" scenarios with such improbable circumstances, you may as well start worrying about every single human interaction with HIV positive individuals..... I mean, what if the waiter or waitress at a restaurant gets it because they bled a drop of blood on their utensils or plate or drinking glass before they left? What if they came into a retail store and as a cashier, you handled money they gave you that had some of their infection on it somehow? We better demand they fill out legal forms before they do ANYTHING around us, right??
Try putting in a bogus zip if you don't believe me.
I live in the USA. When I first encountered a gas pump that asked for my zip code, I was traveling with some Europeans who couldn't use their credit card in the pump because it demanded a zip code. As an experiment, I put my card in the pump and entered a fake zip code. My card was refused. Tried the same card, entered the correct zip code, the pump was happy.
Maybe it just didn't read my card correctly the first time. But the conclusion I drew from that small sample size is that the zip code matters, at least sometimes.
Hopefully gas station pumps can continue to ask for a ZIP rather than a PIN. Just a personal preference.
Yes, it's definitely better to ask for information that can be easily obtained in a number of ways than something you carry around in your head.
Eagles may soar, but weasels don't get sucked into jet engines.
Do gas pump keypads work the same way? I don't own a car so have never had the occasion to check.
All the world's a CPU, and all the men and women merely AI agents
I don't see the problem here... Just give tham a fake one... Just lookup one of McDonalds restaurants and use their address, ZIP code and phone number for all such transactions... Or you could even use one of their own stores... Or pick someone you don't like... It's not as if they can ask your for ID... They have to believe anything you say... Furthermore they don't care... If your ZIP checks out as valid I don't think the store employee would care if it's really your ZIP code...
You realize that consumer privacy protections and gun control are not mutually exclusive, right?
I realize gun rights can coexist with consumer privacy, but in today's polarized political environment the two rarely coexist in any given state. In an ideal world you'd get both, but we don't live in that world. I choose to live in a place where the human right to defense of self and family is respected and address the privacy issue by not patronizing businesses that don't respect my privacy. YMMV :)
Sounds to me like the law is only treating symptoms. How about a law that makes it illegal to sell customer info without their express written consent?
Selling isn't the only problem addressed here, the merchant's own use of the information is also a problem.
And the initial collection and recording of the unnecessary information isn't a "symptom", its an essential precondition for any use of sale of the information. If you make it illegal to collect and record the information -- and enforce that law, then you address both unwanted internal use and unwanted sale.
Hopefully gas station pumps can continue to ask for a ZIP rather than a PIN. Just a personal preference.
That is really annoying for those who don' t live in the USA so have no zip code. It means two extra trips to the booth to get your credit card read and approved, and then debited with the actual amount of gas used. Almost all other countries use a PIN number (typically 4 digits) to approve credit card purchases done by machine but machines in the USA don't seem to be able to read them. I can't wait for the USA to catch up with the rest of the world.
But I suppose one can't expect any more of the only part of the world not to use International Standard road signs, A4 paper, 00 as the international dialling prefix, 230/240 volt mains, and metric units.
Zip code is very commonly used for address verification. Making it unusable will only increase risk and costs, and that can't be what the California court intended. If so, an appeals court will smack them around soon enough.
But if the problem is the other uses for Zip code, like address extraction and marketing, then that's a problem. I often refuse, unless I like the business. If I get the prompt at a gas station, it is for credit authorization. Gas & oil are fairly common targets for fraud, and they have their rules. Zip is useful to catch the run-of-the-mill thieves.
If you give a bogus ZIp and your transaction is declined, you can bet it was the Zip match. Try again with a real one.
How, if California decides to legislate the use of customer data, and prevent sharing or mining with partners without the customer's permission, I'm all for that, baby. We can't really limit the information we give busineses we patronize, but we can expect them to tell us what they are doing with it. If you've purchase a home in the past 10 years, you know how quickly the insurance, door/window, garage storage, and carpet people start calling. They mis-spelled my wife's name on our loan app 6 years ago, and we still get calls for that name - and that was the loan APPLICATION, not the actual loan... Weasels.
deleting the extra space after periods so i can stay relevant, yeah.
....because 99% of the work force manning the registers dont watch the news...and the mgnment staff wont enforce the new ruling.
Joe Investor
That's only true of Discover, which is why it's not as widely accepted as Visa/Mastercard. If a purchase is truly fraudulent, then Visa and MC give the money back to the store.
I went to a local Target with the intent to buy a video game or movie and they asked for my license. I held out my license so the cashier could verify my age, but I was then asked to hand it over so they could scan it. I then asked the cashier why scanning my license was necessary, he said it was needed for age verification. I left without my intended purchase.
So your suggestion is that they either do what the credit cards tell them to, or go out of business?
So the fuck what if you had to give out your fucking zip code?!?
Since this practice started, I always give the Zip Code for Charlotte Amilie (St Thomas, US Virgin Islands), 00803. Sometimes a clerk will ask me what the Zip Code goes to, and I just respond,"St Thomas, US Virgin Islands."
Security by using the Zip is a bogus statement for the huge number of small towns in the USA that only have one zip code. Someone stealing my card here would not have too much trouble figuring out my zip code, and if they got my wallet, they would have it even in a large city. Zip codes are -not- used for security, they are used for marketing.
A large big-box hardware store here demanded my -telephone number- to use my disabled veterans sales tax exemption card (my state exempts 100% disabled veterans from sales tax and property tax). I said "No, I am not required to give it to you, nor am I required to even have a telephone, or a home, to use my card." The clerk gave me the song and dance "The register requires it to complete the sale."
I told him that was the store's problem: it was unlawful to refuse the card. He called the manager.
The manager refused to accept my sales tax card without the telephone number. I walked out. Then I reported them to the Tax Commission. The penalty is a $500 fine to the store and the manager who refused the card.
I got a personal letter of apology from the company's headquarters in North Carolina, and a personal apology letter from the manager. I assume the Tax Commission gave it to them. Tough. I won't shop there. On telephone numbers, the "Do Not Call" registry only applies if you do not give a business your phone number, that is, enter into a "pecuniary interest" with them. If you give it to them, the Do Not Call registry does not apply.
Because the US invested heavily in magstripe readers before chip-and-PIN became a standard, and we would have to re-buy the entire infrastructure.
No. My suggestion is that they either accept credit cards under the terms of the agreement, or that they accept other forms of payment instead.
If they want to play the game, they've got to follow the rules. Just like I, the cardholder, must. Along with Visa, the issuing bank, and probably other parties.
They don't get special rights just because they're a merchant.
(And yes, I'm also a mechant. And I accept credit cards.)
Kid-proof tablet..
Well if you're a merchant then you realize that it doesn't matter if you accept every other form of payment from cash, to checks, to solid gold bars, if you stop accepting credit/debit cards it's very likely you'll go under.
I can think of very few retail business models that could maintain clients/customers on a cash only basis. Strip clubs, street vendors and a few bars maybe. But even then, they're starting to lose business to competition that has the convenience of accepting plastic. And as more and more people stop carrying cash and checks on them, those cash/check businesses are dwindling.
That's why I boiled your argument down to "do what the credit cards tell them to, or go out of business", because whether you intended that to be your point, (which I'm sure it wasn't), it's an illustration of the realistic result of your suggested alternative.
You presume a lot about me, and my intent.
I mean only what I write.
And I maintain that if a merchant wants to accept credit cards, then they must follow the rules.
Just as a cardholder who wishes to use credit cards must follow the rules.
And a bank which services a merchant account must follow the rules.
And a bank which issues the credit cards must follow the rules.
And so on.
Being a merchant doesn't make them special. Even if they don't like the rules.
There's a lot of rules in life, business, and law that I don't like, but I don't expect that I'll be able to get away with ignoring them just because I don't like them.
Kid-proof tablet..
You should work for the mafia, you would do well.