E-Tailers Dodge A FACTA Bullet
Written by Evan SchumanFACTA, the federal law that prohibits POS receipts from displaying full credit card numbers and expiration dates, does not apply to E-Commerce purchases, a federal judge has ruled. The fear had been that the electronic purchase receipts E-mailed to customers might have to comply with the same paper receipt truncation rules, but U.S. District Court Judge John W. Darrah (Northern District of Illinois) ruled that E-tailers are immune from the Fair and Accurate Credit Transactions Act (FACTA).
“E-mail order confirmations are not entitled to FACTA protection” because they “are not electronically printed receipts under FACTA,” Darrah said. “Second, an E-mail order confirmation is not provided at the point of sale or transaction under FACTA. Although plaintiff posits that print is commonly understood to mean ‘to display on a surface (as a computer screen) for viewing,’ this argument is unpersuasive.”
-Marc
February 11th, 2010 at 1:06 pm
Well this is a blow to PCI and card security. Email receipts should fall under FACTA as it is a bigger security risk than printed receipts. Email is not secure. Everyone knows this. Except apparently, some ecommerce merchants and some judges.
There are consumer privacy groups out there. If there is not already one started, some should start a campaign to blacklist offenders of FACTA — not legal offenders (apparently), but spirit of FACTA offenders — and boycott these sites until they fix it. Luckily, I think the number of sites that email full card numbers in the confirmation is probably low — I have never received one.
February 11th, 2010 at 4:16 pm
While it may not apply under FACTA, PCI still applies. So if the merchant thinks s/he got a pass, just wait till their bank gives them a call after one of those plain-text receipts gets compromised.
What a moron of a judge. S/he should be removed from any and all cases that include information technology. They clearly don’t get it.