advertisement
advertisement

This is page 2 of:

California Opens CRM Goldmine For All E-Tailers

February 6th, 2013

The court’s current decision focuses a lot on what the legislature’s intent was back when it was last revised in 1990, a good five or six years before the Web became commonly used by retailers.

“In construing statutes that predate their possible applicability to new technology, courts have not relied on wooden construction of their terms,” the court ruled, before quoting from a book on interpreting legal texts. “Fidelity to legislative intent does not ‘make it impossible to apply a legal text to technologies that did not exist when the text was created. Drafters of every era know that technological advances will proceed apace and that the rules they create will one day apply to all sorts of circumstances they could not possibly envision.'”

The rationale the justices embraced was that an associate in a store has lots of ways of discouraging fraud through identification—looking at a driver’s license, seeing the customer’s face, filming the customer via a closed-circuit security camera, etc.—that are not practical options for E-tailers. Therefore, the argument continued, online retailers need to be able to demand more information to strengthen anti-fraud efforts when dealing with downloadable goods.

The court also said that, when it comes to anti-fraud options, not all E-tailers are the same. When Walmart.com Walmart (NYSE:WMT) ships a lawnmower, at least it has a physical shipping address. It might be a maildrop, but at least it is something that can be observed. It’s also a non-arguable reason to ask for the address and Zip code.

That’s more than what E-tailers have, if the product is an electronic download such as when Apple’s iTunes (which was the retailer in the court’s decision) sells a song, movie or TV show or when Amazon sells an ebook, downloadable game, software applications or ringtones.

The phrasing of the law “shows that while the Legislature indeed sought to protect consumer privacy, it did not intend to do so at the cost of creating an undue risk of credit card fraud. Rather, (one section) demonstrates the Legislature’s intent to permit retailers to use and even record personal identification information when necessary to combat fraud and identity theft, objectives that not only protect retailers but also promote consumer privacy,” the written ruling said. “The safeguards against fraud that are provided are not available to the online retailer selling an electronically downloadable product. Unlike a brick-and-mortar retailer, an online retailer cannot visually inspect the credit card, the signature on the back of the card, or the customer’s photo identification. Thus, the key anti-fraud mechanism in the statutory scheme has no practical application to online transactions involving electronically downloadable products.”

The court also weighed in on how much data is reasonably necessary to try and discourage fraud. The consumer plaintiff in this case “argued that requiring a customer to provide his or her name, credit card number, card expiration date, and credit card identification number suffices to prevent fraud. But it is clear that the Legislature has disagreed. A customer’s name, credit card number, expiration date, and security code are all apparent to a brick-and-mortar retailer on the credit card itself when the card is presented during an in-person transaction,” the court wrote. “Yet the Legislature expressly authorized retailers to request additional information—namely a driver’s license, state identification card, or another form of photo identification—in order to combat fraud. The Legislature has thus decided that the information on the credit card is not necessarily sufficient by itself to protect consumers and retailers against fraud.”

The court noted that some have argued gas stations are often exempted from these fraud data-collection restrictions, and for good reason. “It seems counterintuitive to posit that the Legislature created a fraud prevention exemption only for pay-at-the-pump retailers while leaving online retailers unprotected, when online retailers—a multibillion-dollar industry by the year 2011—have at least as much if not more need for an exemption to protect themselves and consumers from fraud.”

That led the court to exempt all download-related E-tail activity from the law’s restrictions and to impose no limits on how the data can be used and whether it can be shared with non-virtual parts of the business.


advertisement

3 Comments | Read California Opens CRM Goldmine For All E-Tailers

  1. Mark Shuda Says:

    Great read. What should the bottom line be? The choice should be with the consumer. If the technology enhances the customer experience the customer should have the opportunity to opt in or out of the “service choice”. These “services” (or downloaded apps to smart phones)enhancing the store experience will soon be mainstream.

    Earlier today I had a meeting with my hairstylist. My last visit was just after Thanksgiving . During the Christmas visit she indicated that she “hated Christmas shopping, and prices were soaring, gas was going through the roof, and she could never find what she was looking for. She was not really what you would call tech or computer savvy! I asked her if she ever used Amazon. She replied “no”, what is it? I explained it to her briefly, gave her the website address, and wished her a merry christmas. During today’s haircut she could not stop telling me how Amazon has impacted her life relative to shopping, traveling, family,ect. She loves how they “tailor” their offerings to the items a and catagories directly to her and her family. Bottom line “she love’s it”. I could not pay for my haircut!
    These transformations are happening in stores which “INNOVATE”, and will soon be considered mainstream. the services will be personalized to the customer, and the customer will be welcoming to the technologies once they see the value.

  2. Daniel Kim Says:

    It’s great to see that the California Supreme Court is moving beyond the precedent that had been previously set. As technological advancements push businesses to evolve towards a paperless and cloud-based environment, there is a growing need for state/national legislation to evolve simultaneously, encouraging innovation. With the current form of federalism in the U.S., it will only be a matter of time before this specific issue on required personal information, is brought up in the U.S. legislative branch and possibly the U.S. Supreme Court. It’s no longer surprising that the utilization/implementation of social CRM is extremely beneficial to a business. The recent CA Supreme Court ruling only solidifies the importance of the accurate and organized flow of incoming customer data. This translates to an increase in worker productivity, along with an ability to understand the needs of every unique customer.

  3. LJessie Says:

    Why in NY do some gas pumps require that you key in your zip code before the credit card transaction will go through?

Newsletters

StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!
advertisement

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

StorefrontBacktalk
Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.