It has taken a couple of days for consumer privacy advocates to react and respond to the Feb. 4, 2013 California Supreme Court ruling regarding a California consumer protection law. By declaring that the Song-Beverly Credit Card Act does not apply to the multibillion-dollar online commerce world, the court basically sided with Apple and other e-retailers in a legal battle over how much personal information buyers must give up in credit card transactions.
On Feb. 6 an article in the Sacramento Bee called for additional legislation to revamp the law. The Song-Beverly Act, passed in 1990, says that retailers can't require personal information such as home address and phone number from customers using credit cards. The problem is that online retailers do not have the same ability to verify that a purchase is being made by the card holder as physical stores. They argue that data like home addresses, especially if different than shipping addresses, and phone numbers of purchasers will help to prevent credit card fraud.
Writing for the majority, Justice Goodwin Liu ruled that consumers can be required to provide certain info when say, buying a downloadable product from Apple like an iTunes song. “While it is clear the Legislature enacted the Credit Card Act to protect consumer privacy, it is also clear that the Legislature did not intend to achieve privacy protection without regard to exposing consumers and retailers to undue risk of fraud,” Liu wrote.
He went on comment that the Act did not envision online commerce when it was enacted and noted that the Legislature "may wish to revisit the issue of consumer privacy and fraud prevention in online credit card transactions. He also noted that it seemed counterintuitive for the Legislature to create a fraud prevention exemption only for pay-at-the-pump retailers while leaving online retailers unprotected.
On Feb. 6 Assemblyman Roger Dickinson, chairman of the Assembly Committee on Banking and Finance, answered Justice Liu’s challenge and announced he plans to introduce such a measure this month.
"In today's high-tech world, the privacy of online consumers is continually susceptible to being violated," Dickinson, a Sacramento Democrat, said in a statement. "The court's decision will further impair the privacy of online consumers. I plan to introduce legislation this month that would increase consumer privacy while also ensuring appropriate fraud and identity theft protection. We must better protect consumers' privacy by safeguarding against the exploitation of personal information."
The three dissenting justices seemed to side with consumer privacy advocates who are concerned that online merchants are may use the information irresponsibly and against the wishes of consumers. “The majority’s decision is a major win for (merchants), but a major loss for consumers, who in their online activities already face an ever-increasing encroachment upon their privacy,” Justice Joyce Kennard wrote in dissent.
Jay Foley of the ID Theft Info Source clarified the problem. “While consumers may feel this is an invasion of privacy, they need to understand that it will help prevent credit card fraud aided by large-scale credit card rings and underground websites that sell stolen or breached information. It adds barriers that should stop many attempted fraudulent purchases meaning less headaches for consumers and less identity theft.”
The Sacramento Bee argued that California consumers shouldn't have to reveal any more personal information than absolutely necessary, whether they're shopping at a mall or at their computers. They feel that the Legislature ought to debate whether to update the state's consumer protection law for credit card purchases to cover the billions of dollars of online purchases. “There needs to be the right balance between protecting merchants from losing money to fraud and shielding shoppers from unnecessary intrusions into their privacy.”
Clearly something needs to be done. On Feb. 5 federal officials announced that 18 people have been charged in what may be one of the largest U.S. credit card fraud rings. The group used at least 7,000 fake identities to obtain more than 25,000 credit cards and caused more than $200 million in fraudulent business loss.