Slashdot Mirror

← Back to Stories (view on slashdot.org)

Court Says California Stores Can't Ask Customers For ZIP Codes

Posted by timothy on from the mine-was-just-a-bunch-of-sixes-anyhow dept.

Hugh Pickens writes writes "CNN reports that the California Supreme Court has ruled that retailers in California don't have the right to ask customers for their ZIP code while completing credit card transactions, saying that doing so violates a cardholders' right to protect his or her personal information, pointing to a 1971 state law that prohibits businesses from asking credit cardholders for 'personal identification information' that could be used to track them down. 'The legislature intended to provide robust consumer protections by prohibiting retailers from soliciting and recording information about the cardholder that is unnecessary to the credit card transaction,' the decision states. 'We hold that personal identification information ... includes the cardholder's ZIP code.' In her lawsuit, Jessica Pineda claimed that a cashier at Williams-Sonoma had asked for her ZIP code during a purchase — information that was recorded and later used, along with her name, to figure out her home address by tapping a database that the company uses to market products to customers and sell its compiled consumer information to other businesses."

7 of 461 comments (clear)

  1. Re:Only applies to 'unnecessary' personal informat by Anonymous Coward · · Score: 5, Informative

    The law provides for the collection of personally identifying information that's necessary for the transaction. Online, this includes the billing zip code. This ruling apples to card-present retail transactions. FYI. Here's the entire decision: http://www.courtinfo.ca.gov/opinions/documents/S178241.PDF

    Except the billing zip code happens to be a very important (though not the only) piece of AVS (Address Verification System), which is used to combat fraud. In a nutshell, the merchant submits the customer's address along with their card info, and (depending on the merchant's arrangement) the credit card processor checks to make sure certain parts of that address match what's associated with that card number. Zip code happens to be one of the most reliable.

  2. Re:Does that really solve the problem? by techwreck · · Score: 5, Insightful

    As a business owner, I can tell you with 100% certainty that the day I am unable to validate the identity of a card holder and protect myself against fraud will be the day I stop accepting credit cards. While some of you think that fraud only falls on the shoulders of the credit card company, it is often the merchant that ends up on the losing end. Instead of restricting the ability of a merchant to request personal information, the legislation should be designed to penalize those who improperly use that information such as the company cited in the case above.

  3. Re:Does that really solve the problem? by RoFLKOPTr · · Score: 5, Informative

    Do they? Why should they? The transaction is between the merchant and the credit card company.

    You are exactly wrong. If a fraudulent purchase is made with a credit card and it is recognized and reversed, it is the merchant that takes the hit. Not the bank, not the customer, the merchant. They charge back the merchant the full amount of the purchase and then it is primarily up to the merchant to identify the suspect and prosecute the theft.

  4. Re:Worse is by idle12 · · Score: 5, Insightful

    I went to go get a Hair Cut. Yes, a hair cut and they handed me a form on a clip board that wanted:

    my name (including last).
    Phone Number
    Address
    Email address

    Which is ridiculous to start with; but to top it off they also wanted:
    Emergency contact (seriously?)
    Any medical conditions I might suffer from that would impair or need to warn the hair dresser about? (um?)
    Any family members or friends that might be interested in getting a hair cut. (wtf)
    and a "short" 2 page survey with questions like "How often do you get your hair cut?"

    This wasn't some high end fancy pants place. It was Great Clips or ClipNSave or Cost Cutters, one of the big ones. Hair cuts are normally $20 and I had a 75% off coupon.

    I told them "um, I'm not going to fill this out" and the snotty girl behind the counter said "well, I guess your not getting a hair cut here then"

      I agreed. Fuck everything about that.

  5. Re:Worse is by pushing-robot · · Score: 5, Funny

    I tell stores "you don't need my zip code" when they ask.

    Please, please tell me you wave your hand as you say that.

    --
    How can I believe you when you tell me what I don't want to hear?
  6. Treating symptoms by GuldKalle · · Score: 5, Insightful

    Sounds to me like the law is only treating symptoms. How about a law that makes it illegal to sell customer info without their express written consent?

    --
    What?
  7. Re:FINALLY... by techwreck · · Score: 5, Interesting

    The credit card company is assuming the risk, not you. Since when did Master Card have the power to deputize you and turn you into a mini police detective? They set up a system, it's their responsibility to ensure that their business model works. For that they earn billions of dollars, and you don't.

    While it would be nice if that was the case, it isn't. If someone walks out of my store with a $500 laptop computer paid for with a stolen credit card, I'm out the merchandise and the revenue when the actual card owner issues a chargeback. Think all I have to do is provide a signed charge slip to get my money back? Then you probably have never experienced the joys of attempting to do battle with a credit card company. Part of the reason that they earn billions of dollars and I don't is because they have entire departments dedicated to putting the burden of risk on the merchant and not the card issuer.