Federal Judges Backing Retailers In Credit Card Receipt Cases

Written by Evan Schuman
June 14th, 2007

Making it unanimous thus far, two federal judges have denied key motions in the lawsuits against retailers accused of violating federal law by printing prohibited information on credit card receipts. This is on top of a third federal judge making a similar ruling earlier this month.

Unless the U.S, Court of Appeals for the Ninth Circuit intervenes early next year, retailers who have been sued for printing federally-prohibited information on consumer credit card receipts will almost certainly get off the hook. This is because of decisions from two federal judges this week rejecting a critical class-action certification request from the consumers suing the retailers.

Those two federal judges are in addition to a third federal judge who recently ruled in an almost identical manner.

In the initial lawsuits filed early this year, some 50 of the nation’s top retailers?including Rite Aid, Harry & David, Ikea, KB Toys, Disney, Regal Cinemas and AMC Theaters?were accused of printing full credit numbers and expiration dates on printed customer receipts, violating a provision of the Fair and Accurate Credit Transactions Act (FACTA) that makes it illegal for a retailer to print more than the last five digits or a credit/debit card number and it also forbids printing the card’s expiration data on that receipt. This is known as masking or truncation. The rule took effect in phases, but by December 2006, the latest of its phases kicked in.

More recently, at least two of those defendants have filed lawsuits against their POS vendors, saying that the POS firms should have protected the retailers when writing their POS software.

The decisions this week?as well as the other recent federal judge ruling?was not supposed to be on the merits of the cases, but rather on a technical ruling whether the lawsuits can be certified as class-actions. In other words, whether many consumers can sue one retailer at once, as opposed to suing individually. With the FACTA masking cases, the decisions on whether they can tried as class-action cases is crucial because the nature of the plaintiffs is such that it would almost certainly not be financially possible to proceed individually. In effect, then, a ruling preventing class-action status?if not overturned–is almost as damaging to the plaintiff’s case as a dismissal of the claims.

Three of this week’s decisions came from cases in front of U.S. District Court Judge R. Gary Klausner. Klausner?ruling in Taline Soualian Vs. International Coffee and Tea, Frida Najarian Vs. Charlotte Russe and Fredrick Najarian Vs. Avis Rent-A-Car?said that the retailers involved couldn’t afford to pay the fines involved in the case if it were certified to proceed as a class-action.

“A finding of willful violation would create liability of up to $1.66 billion in the absence of actual harm,” Klausner wrote in the Avis decision. “The potential statutory damages would be particularly excessive here, since Plaintiff alleges no actual injury on behalf of himself or any class member, admits he has suffered no actual damages and expert analysis shows that it is impossible for there to be any injury.”

In his Charlotte Russe decision, Klausner also said that the retailer changed its procedures after being sued, which showed good faith. “As soon as defendant became aware of the FACTA violation, it promptly began the process of removing the expiration date from its receipts. Within a month and a half, defednat had implemented a company-wide fix that deleted the expiration data from all credit card receipts.”

Plaintiff attorneys argued that a retailer’s conduct after the federal law was broken can’t undo the illegal act.

Another federal judge this week?U.S. District Court Judge George H. Wu, ruling in the case of Hagop Parseghian Vs. Bally North America ?denied the class-action request much more narrowly, leaving open the possibility that he might approve the certification if the plaintiff revised the description of the class. But for now, he denied the request.

One of the plaintiff attorneys in the cases?J. Mark Moore?has already started work on an appeal to the Ninth Circuit, which he said he expects to be decided no sooner than early next year.

“Apparently, some of the judges think our cases are too good to be certified. We?ll see what the Ninth Circuit thinks about this sort of legislating from the bench,” Moore said. “The Ninth Circuit is going to have to decide whether judges can deny class certification because they don?t like the laws passed by Congress.”

Moore said that he is optimistic the federal judges will be told to reconsider their rulings. “I?m pretty confident that I know what the answer is going to be. These rulings have turned class certification law upside down in a number of ways,” he said. “I believe the Ninth Circuit will understand that.?


One Comment | Read Federal Judges Backing Retailers In Credit Card Receipt Cases

  1. thepeoplechoose Says:

    This could have been avoided if the corporate retailers acted sensibly and responsibly.

    Sensibly because security of private information is at risk with fraud increasing exponentially; responsibly because theft of private information impacts everyone including the shareholders of the companies being sued.

    The business community had ample time to change the software in their POS equipment but showed little regard for security. It is simply irresponsible. As the owner of a computer service company I routinely confront security issues that often require prodding business owners to adopt measures to assure the protection of private information. It’s a sticky problem but one that demands a resolution. For too many people security is an inconvenience. That mindset has got to change. Unfortunately there is little leadership from within the industry or from the federal government. This is mostly because the cost associated with securing information influences the bottom line of corporate America. And we all know how that works. It’s perfectly acceptable to have a condition that harms American citizens. That also has got to change.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.