Technology Header
October 05, 2010
Resources

JW Technology Practice Area

JW Technology Attorneys

Contact JW

www.jw.com

Offices

100 Congress Avenue
Suite 1100
Austin, TX  78701

901 Main Street
Suite 6000
Dallas, TX  75202

777 Main Street
Suite 2100
Fort Worth, TX  76102

1401 McKinney Street
Suite 1900
Houston, TX  77010

301 W. Beauregard Avenue
Suite 200
San Angelo, TX  76903

112 E. Pecan Street
Suite 2400
San Antonio, TX  78205 
Recent Case Clarifies Payment Card Protection Requirements for Merchants


By Jason Whitney and Stephanie Chandler

A recent case from the United States Court of Appeals for the Seventh Circuit clarified merchants' obligations to protect credit and debit card information under the Fair and Accurate Credit Transactions Act of 2003 ("FACTA").  The case, Shlahtichman v. 1-800 Contacts, Inc., No. 09 4073 (7th Cir. Aug. 10, 2010), held that FACTA, which prohibits the printing of certain payment card information on receipts, did not apply to email confirmations.  The case illustrates the potentially serious risks merchants face for seemingly minor errors when handling credit and debit card information.

FACTA Background

In 2003, Congress passed FACTA, which sought to reduce the threat of identify theft for consumers by requiring merchants to adopt certain procedures to safeguard consumers' credit and debit card information.  Among other provisions, FACTA prohibits merchants who accept credit or debit cards from "print[ing] more than the last 5 digits of the card number or the expiration date" on a receipt provided to the cardholder at the point of sale or transaction.  15 U.S.C. § 1681c(g)(1).  The prohibition expressly "appl[ies] only to receipts that are electronically printed" and not to receipts where card information is taken by "handwriting or by an imprint or copy."  15 U.S.C. § 1681c(g)(2).  The statute permits consumers to recover actual damages resulting from negligent violations, 15 U.S.C. § 1681o, or statutory damages for willful violations, 15 U.S.C. § 1681n. 

Shlahtichman v. 1-800 Contacts, Inc.

In Shlahtichman v. 1-800 Contacts, Inc., the Court of Appeals for the Seventh Circuit (which includes Illinois, Indiana, and Wisconsin) considered whether email confirmations were "printed" receipts under FACTA.  The plaintiff, Shlahtichman, purchased contact lenses over the internet from www.1800contacts.com and received an automated email confirmation containing his credit card's expiration date.  Shlahtichman filed a class action lawsuit against 1-800 Contacts, suing on behalf of himself and others who had received similar email confirmations from 1-800 Contacts.  In the lawsuit, Shlahtichman alleged that the inclusion of a payment card expiration date in an email confirmation violated FACTA.

The Seventh Circuit carefully examined the language of FACTA before ultimately concluding that an email confirmation is not a "printed" receipt.  The court explained that several district courts had "concluded that the term [printed] should be understood to reach electronic receipts that are displayed on the consumer's computer."  1-800 Contacts, slip op., at *7.  However, the court reasoned, the statutory language clearly "contemplates transactions where receipts are physically printed using electronic point of sale devices like electronic cash registers or dial-up terminals."  Id. at 13.  In addition, despite significant e-commerce activity when FACTA was passed in 2003, the applicable provision made no reference to the internet, e-commerce, email, or other similar transactions.  Id. at 13-14.  Thus, the court concluded, FACTA regulates "only those receipts physically printed by the vendor at the point of the sale or transaction."  Id. at 16.

Recommendations

Although the Seventh Circuit held that email confirmations are not regulated by FACTA's requirements for "printed" receipts, the Fifth Circuit (which includes Texas) has not addressed the issue.  For most merchants, however, the cost of modifying website code to remove credit or debit card information from email confirmations is significantly less than the cost of defending a class action lawsuit as in Shlahtichman v. 1-800 Contacts, Inc.  Consequently, we recommend that all merchants providing email confirmations to customers take action to ensure that the confirmations do not contain more than the last 5 digits of a payment card number or the payment card's expiration date. 

Jackson Walker L.L.P. attorneys are experienced in advising clients in electronic payment matters, including the protection of credit card and debit card information, Electronic Fund Transfer (EFT) laws and regulations, Payment Card Industry Data Security Standard (PCI DSS) compliance, National ACH Association (NACHA) operating rules, and other issues related to electronic payments.   Please contact our data privacy and security team if you need assistance in complying with rules applicable to payment processing:

Stephanie Chandler - schandler@jw.com - 210.978.7704
Jeff Drummond -  jdrummond@jw.com or 214.953.5781
Jason Whitneyjwhitney@jw.com or  210.978.7784

If you wish to be added to this e-Alert listing, please SIGN UP HERE. If you wish to follow the JW Technology group on Twitter, please CLICK HERE.

Austin

Dallas

Fort Worth

Houston

San Angelo

San Antonio
Jackson Walker L.L.P.

Techlaw e-Alert is published by the law firm of Jackson Walker L.L.P. to inform readers of relevant information in technology law and related areas. It is not intended nor should it be used as a substitute for legal advice or opinion which can be rendered only when related to specific fact situations. For more information, please call 1.866.922.5559 or visit us at www.jw.com.

©2010 Jackson Walker L.L.P.
Click here to unsubscribe your e-mail address
901 Main Street, Suite 6000 | Dallas, Texas 75202