Have you ever received a receipt containing every detail of your credit-card number? If so, you could file a federal lawsuit in addition to the 100 already ongoing against retailers who knowingly exposed consumer data.
Digital Journal — In one of the most under-reported stories this year, the Wall Street Journal reported on a slew of suits filed against mega merchants such as Wendy’s International, FedEx, TJX and others. At issue is the credit card companies’ prohibition of storing consumer info, which requires installing new software in the retailer’s computer system. Not everyone is complying, which results in receipts that print credit-card numbers. That data can be stolen by savvy identity thieves.
In the U.S., protecting this type of electronic info was made into law several years ago. As the WSJ notes, “The requirement that retailers cut off card data is part of the Fair and Accurate Credit Transactions Act of 2003, which sought to protect consumers from fraud and identity theft amid the growing use of electronic payments. Although it was enacted more than three years ago, the law gave retailers some breathing room to make the change.”
It looks like retailers are taking that “breathing room” a step further and relaxing on the hammock while they neglect their responsibilities. More than 100 federal lawsuits filed this year are looking for not only answers, but also reimbursement: if the lawsuits successfully contend retailers “wilfully” violated the law, the offenders may have to pay fines as much as $1,000 per transaction.
“I think it does send a message to businesses that this is the law and they need to come into compliance,” Paul Stephens, a policy analyst with the advocacy group Privacy Rights Clearinghouse, told the Pittsburgh Tribune-Review. “It’s clear-cut what needs to be done.”
The retailers oppose the class-action suits, and they are quick to point out if there’s no harm, there’s no foul. “We firmly believe Congress did not intend to allow these class-action lawyers to claim hundreds of millions of dollars in damages when no one has actually suffered any monetary harm,” said Arnold Wensinger, general counsel for Irvine, Calif.-based In-N-Out Burger, according to the WSJ article.
These companies must be exasperated, considering how they had to overhaul their software to eliminate some credit-card information (notice how some receipts print an “X” instead of numbers?). In 2003, Visa required merchants to eliminate the last four numbers from credit-card info on paper slips. And two years ago, MasterCard urged its retailers to mask numbers with asterisk or an “X”.
While the U.S. is protected by a federal law, Canada has yet to adopt a national act that would require credit-card number truncation. Individual credit-card companies set their rules, which may be confusing to retailers accepting multiple cards.
Is this the best we can do to protect private data? Identify theft is a growing problem, one that affects practically everyone in North America. Unless you live off the grid, you have a traceable identity that can be stolen. We put our trust in credit-card companies to protect us from fraud, but the recent American lawsuits put that trust into question. It’s hard to feel secure when a waiter hands you back a receipt with all your credit-card info printed — who else saw the slip of paper before it reached the table? And what happens if you forget it at the table or drop it on the way out? It’s basically the same thing as stapling your Visa number to the wall.
In the interest of consumers, retailers and credit companies, the U.S. and Canadian governments should begin to brainstorm ideas on how to curb any questionable malfeasance regarding credit-card theft. Don’t talk about it. Act upon what consumers want, and what retailers desperately need lest they pay up the nostrils when lawsuits find favour with sympathetic judges.
