This is page 2 of:
Amazon Accused Of Taking Payment Verification Data And Using It To Access Public Records
Without suggesting that Amazon actually did this—and it’s almost a certainty that this case will get quietly settled long before any Amazon executive has to take a deposition and answer these very delicate questions—the CRM possibilities are quite delicious. As noted earlier, the accusations are firm that the information revealed came from public records. The only purpose of the data from the payment verifications was to know which public records to seek.
Given that public records, by definition, are free to all, there is no legal problem with Amazon or anyone else disclosing what is in them. The tricky part is what lawyers call the fruit of the poisonous tree. If Amazon indeed had no realistic chance of searching that record without using verification data, this gets complicated. The payment-card numbers are restricted, but the verification data is less clear. Given that Amazon isn’t accused of publishing that data, but instead data from a public file, this might open a new window into data-mining options.
Please keep in mind that at least one state—California—has already started trying to prevent this sort of effort with the Song-Beverly Credit Card Act of 1971, which expressly makes collecting information needed for a credit-card transaction and then using it for marketing illegal. How far this forces retailers to act, even in California, is another issue.
What if an anonymous customer uses a credit card to make a purchase. Using the address and the username, you are able to access Facebook and LinkedIn public posts and then start displaying highly targeted products. E-mail could violate SPAM rules, but if you merely change the pages she/he visits, would that be problematic?
If we assume—solely for the purpose of discussion—that Amazon engaged in the accused conduct, it would have never been detected had its unit not posted the found information on a public site. In the course of its E-tail work—and the course of retail functions by all major chains—that data would never have normally come to light.
I had an accountant years ago who would typically answer questions like “Is filing that type of deduction legal?” by saying “Let them find it.” (It’s hard to not like an accountant like that, but the IRS might take a different view.) Just because something isn’t likely to be discovered doesn’t make it right. More to the point, such matters do have a tendency of eventually being discovered, especially given the tendency of employees to move from one chain to a direct competitor.
“Discovered,” though, presupposes that it’s somehow wrong. Is it? There are clearly two definitions of wrong. One is legal. But the second is perception from the perspective of your customers. Legalities aside, will your customers think it’s wrong? Or, even more basic, will they simply not like it and take their business elsewhere?
Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code.
-Marc
