themerchantserviceinsider.com

A recent decision by the California Supreme Court in Pineda v. Williams-Sonoma (Feb. 10, 2011) prohibits businesses from requesting that credit card holders provide “personal identification information” during credit card transactions and then recording that information. Unfortunately, the Court’s opinion may leave unanswered as many questions as it actually addresses about the governing California Song-Beverly Credit Card Act of 1971 (“CCA”). According to Glenn Dassoff of the law firm Paul Hastings, the CCA in this respect closely parallels the federal Fair and Accurate Credit Transaction Act of 2003 (“FACTA”) in terms of the need for legislative clarification and the steps that businesses may take to seek the reform needed to shed light on questions that the courts may take years to decide.

Jessica Pineda sued Williams-Sonoma after a cashier asked for her zip code as part of a sales transaction. Pineda disclosed the information, which she believed she had to do in order to finalize her purchase. The CCA states:

No . . . [entity] that accepts credit cards for the transaction of business shall . . . request, or require as a condition to accepting the credit card as payment . . . the cardholder to provide personal identification information . . . which the [entity] accepting the credit card writes, causes to be written, or otherwise records upon the credit card transaction form or another.

In other words, it may be OK, as discussed below, for a business to ask for the information, but it certainly cannot record that information.

Pineda sued, arguing that her zip code was precisely the sort of personal identification information contemplated by the CCA, and alleging that the retailer used the combination of her name and zip code to locate her home address in violation of the Act.

The California Supreme Court agreed with Pineda and overturned a lower state court ruling that had reasoned that a zip code pertains not to an individual, but rather only to the entire group of individuals who live in that zip code. The Court found that a zip code does indeed constitute personal identification information and that once recorded in violation of the CCA, the retailer’s software then “reverse engineered” Pineda’s address from databases with millions of names. Serious business. The Court expressed particular concern that while the retailer was then able to put Pineda’s name into its own corporate database, which could be either (i) used for the company’s own promotional marketing, or (ii) sold to third-party businesses.

The Court’s reasoning began with the premise that the CCA, as a civil statute, should be construed “for the protection of the public.” Under this broad construction, the Court found that publicly protected information means “information concerning the cardholder” and thus was not limited to names and addresses, but also to zip codes, particularly in those instances where that number is not necessary to the transaction – e.g., where there is no shipping involved.

THE EVOLUTION OF CALIFORNIA’S CREDIT CARD ACT

Notwithstanding existing shortcomings, the CCA is far more refined than it was when enacted in 1971 to impose fair business practices for the protection of consumers. The original Act suffered from vague definitions, which are hardly uncommon in statutes. In 1990, the Act was amended specifically to address the misuse of personal information for marketing purposes. The California Senate Committee on the Judiciary stated that there was no legitimate need to obtain such information if it was not needed to complete a credit card transaction. In 1991, the Act was further revised to allow businesses to request certain information—for example, a gas station that requests a zip code in order to prevent credit card fraud—so long as none of that information is recorded. Robust consumer protection ruled the day, and the gravamen of both these revisions can be seen in Pineda. But it’s still not enough.

CREDIT CARDS, CONSUMERS, AND THE CALIFORNIA BUSINESS COMMUNITY AFTER Pineda

When I last ordered a pizza for delivery from a well-known franchise, the manager asked me for my zip code. I had just given him my street address, so I presumed his request was precisely along the lines of the gas station above. The franchise wants to prevent credit card fraud. I didn’t ask and then blindly put my trust in my own State’s consumer protection laws as they pertain to this matter. I merely assumed and hoped that those laws exist. As we consider these two examples—gas stations and pizza delivery franchises—it is important to acknowledge that we regularly are asked for our zip code and a wide range of information linked to our identity in the course of ordinary consumer transactions, and most of us probably give it little thought. To a great extent, that’s precisely why laws like the CCA are in place. The regularity of these requests should certainly be noted in California because Pineda will not be the final word on this matter. On the contrary, existing case law—and more to the point the CCA itself—leave too many questions unanswered.

As Dassoff advises, Pineda does not affect all business transactions affecting credit cards and zip codes. Rather, the CCA in facts allows businesses to collect personal identification information in four particular instances, including where personal information is required for a special purpose incidental but related to the credit card transaction, such as shipping, delivery, servicing, or installation of the purchased merchandise, or for special orders. (The other three exceptions are fairly technical, through hardly uncommon.) One could certainly argue that fraud protection (e.g., the gas station and pizza delivery hypotheticals above) should be included. And as Dassoff asks, what if a business requests a piece of personally identifiable information but doesn’t record it?  That’s allowed even under the 1991 revisions. But what does “incidental but related” really mean? And how about “information concerning the cardholder”? These terms—statutory in the first instance; common law in the second—are hardly precise. From a common law perspective, that question and others can only be resolved by future fact-specific cases that arise before the courts. However, there is another way: the legislative process. Amend the statute further to reduce inconsistencies that already are or can be foreseen as the subject of future litigation. And there is good reason to do so. Since Pineda was decided only six weeks ago on February 10, seventy (70) class actions have been filed against retailers for violations of the Act.

THE FAIR AND ACCURATE CREDIT TRANSACTION ACT : AN IMPORTANT PARALLEL FOR STATUTORY CLARIFICATION

FACTA presents an important historical parallel for the need for the statutory clarification of the CCA. FACTA precluded any business that accepted a credit card or debit card for a business transaction from printing more than the last five (5) digits of the consumer’s number or the card’s expiration date on the customer’s receipt. That hardly seems unreasonable. When enacted as revised, however, some technology—basic credit card processing machines, for example—had not been reformatted or rebuilt so as to comply with FACTA, so many businesses were immediately in violation of the Act, which led to a rush of lawsuits. Dassoff notes that “[t]his mass movement [of class actions after Pineda] is reminiscent of the class action suits filed against corporate defendants following the 2003 passage of the Fair and Accurate Credit Transaction Act.”  In the case of FACTA, the U.S. House of Representatives passed the Credit and Debit Card Receipt Clarification Act, which brought light to numerous then-unsettled issues.

CONCLUSION

For now, Pineda deserves the attention of all California businesses that accept credit cards, as well as online businesses selling to customers in that State. Businesses should scrutinize the way they collect personally identifiable information, and certainly any possible retention thereof, which constitutes a clear violation of the Act.  General counsel should watch closely the decisions of California courts and the manner in which this issue progresses nationwide. For those businesses willing to act collectively in order to effect change through the legislature, FACTA provides a highly relevant model of private interests having successfully clarified statutory vagueness without undermining the public good the statute is meant to protect.

___________

Ben Kerschberg is a Founder of Consero Group LLC. Mr. Kerschberg has a Bachelor of Arts in Foreign Affairs and German, summa cum laude and Phi Beta Kappa, from the University of Virginia and a Juris Doctor from Yale Law School, where he was as a Coker Fellow. He clerked for The Honorable Gilbert S. Merritt of the U.S. Court of Appeals for the Sixth Circuit.

You may follow Consero on Twitter @ConseroGroupLLC and Ben Kerschberg @benkerschberg.

10 Credit Card Apps, Swipers for iPhone, Android and BlackBerry
January 06, 2011 · by Matt Ferner

Print Email 1 Comment Comments RSS ShareThis Ecommerce merchants frequently find themselves selling products in venues other than their web stores. Be it in-store trunk shows, pop-up shops, trade shows, boutiques, local fairs or even coffee shops, ecommerce merchants are there setting up booths and selling merchandise.

In the past, merchants had to run cash-only shops or process credit cards on a laptop, but extra outlets and a reliable Internet connection can be rare at these events. Now, merchants can process credit card transactions on their mobile devices with a host of mobile apps and dongles. (A “dongle” is hardware that attaches to a mobile device for a secure connection.)

I looked at the top twenty-five credit card processing apps with the (a) highest user ratings, (b) good reviews and (c) the most downloads for each of the top three mobile devices: Apple’s iPhone and iPad, phones running Google’s Android operating system and Research in Motion’s BlackBerry. I then handpicked from that group of 25 the most highly-rated and useful for each device.

Download these apps and start selling merchandise anywhere you can get a cell phone reception.

iPhone and iPad
1.Square. This handy app can be used with or without the proprietary Square dongle (it plugs directly into your iPhone or iPad headphone jack), so merchants can swipe or type-in card account information. Receipts are sent to the customer automatically via email. Square does not require a contract, and a merchant account is not required for use. It comes with some helpful tools to track sales, payment locations, tax, and top-purchasing customers. Square charges $.15 plus 2.75 percent for a swiped card and $.15 plus 3.5 percent for typed-in account information. App cost: Free.

2.iPay POS. One of the most flexible credit card processor apps, iPay POS is a good option for merchants that already have a merchant account — iPay POS is compatible with dozens of the most widely-used payment gateways. You can also set up a gateway with iPay POS for $7.50 per month. For a small merchant that may not attend many events, iPay POS comes with 10 free transactions and additional sets of 10, each for $.99. Or for a merchant with a larger budget, $29.99 will allow for unlimited transactions. It has limited compatibility with dongles, but it is compatible with the iMag credit card swiper and portable receipt printers like the RedFin P25-M. App cost: Free.

3.Credit Card Terminal. One of the most widely-used credit card processing apps, Credit Card Terminal can process all major credit cards, handle full and partial refunds on returns, allows for digital signatures to be captured on-screen and PDF receipts can be emailed directly from the app. It is compatible with an optional Innerfence card reader dongle. Authorize.Net processing rates of $.25 per month plus an additional 1.74 – 3.79 percent rate depending on transaction type, also apply. Credit Card Terminal is only for use with Authorize.Net accounts. App cost: $.99.

4.Swipe It. Use the app by itself to key in credit card account information or in conjunction with the Swipe It Reader for card swiping on your iPhone, where you can capture a customer’s signature right on your phone and email receipts automatically at the end of sale. Merchants must set up an account with Swipe It’s proprietary EPay gateway, which costs $15 (a one-time set up fee), then $20 per month and $.15 per transaction. App cost: Free.

BlackBerry
1.BlackCharge. Limited in payment gateway options, BlackCharge is only compatible with Authorize.Net, NMI and PayPal Payflow Pro. If you don’t have a merchant account, you can set one up through NoblePay. The app costs $4.99 and BlackCharge does not add additional fees or take a percentage for transactions, but the standard transaction rates for the compatible merchant accounts still apply. App cost: $4.99.

2.MerchantWARE Mobile. Process credit cards on the BlackBerry Storm, Curve, Pearl and Bold with this free app and email your customer a receipt at the end of the transaction. Although the MerchantWARE Mobile app is limited to use to a Merchant Warehouse — makers of MerchantWARE — merchant account, there are no additional gateway transaction fees or percentages, just the monthly cost of the merchant account, which varies depending on merchant needs. The app is also compatible with MagneSafe BT90 wireless Bluetooth credit card reader. App cost: Free.

BlackBerry running MerchantWARE.

3.vTerminal. Accept credit cards with this very simple app, which is also known as ChargeBerry. It doesn’t offer a lot of additional tools, but it allows the entering of numbers from major credit cards without having to use a swiper dongle. It has limited payment gateway compatibility, as it only works with Authorize.Net or PayPal Payflow Pro. There are no additional fees after the $9.99 download purchase, but standard gateway fees apply. App cost: $9.99.

Android
1.Mobile Merchant Pro. This free Android app provides a very simple, no-frills way to accept all major credit cards. It has limited gateway support, but it is compatible with two of the most popular gateways: Authorize.Net and PayPal Website Payments Pro. Simply type in the customer’s credit card info and click “Charge Now” and that’s it. No additional transaction fees from Mobile Merchant Pro, but standard Authorize.Net and PayPal gateway fees apply for each transaction. App cost: Free.

2.Merchant on the Move. Primary Merchant Solutions’ robust credit card processing app works in conjunction with the proprietary Merchant on the Go card swiper and receipt printer. The app allows for customer signature capture and either typed-in or swiped credit card processing. Merchant on the Move can only be used with a Primary Merchant Solutions’ merchant account, which comes at a cost of $24.95 per month. For each transaction, merchants are charged $.30 plus 1.69 percent for swiped card and 2.2 percent for typed-in account info. App cost: Free.

4.ROAMpay. QuickPay Merchant Services ROAMpay app works in conjunction with a provided dongle, allowing users to swipe cards or type-in account information. A wide variety of merchant account gateway options is available, all with standard — but competitive — monthly usage fees and transaction percentages. Built-in tools allow for customer data tracking and search, emailing of receipts, handling of voids and refunds, and you can even record transactions offline when out of wireless coverage and then upload the transactions when you are back in coverage. App cost: $2.99.