Search PillsburyLaw.com
  • All
  • Lawyers
  • Capabilities
  • Insights

Alert

California Court OKs Collecting Consumer ZIP Codes to Combat Credit Card Fraud

By Catherine D. Meyer

Alert

By Catherine D. Meyer

03.22.12

Just over a year after it was filed, Chevron Corporation and other oil companies won dismissal of a putative privacy class action filed after the California Supreme Court's decision in Pineda v. Williams-Sonoma Stores, Inc. The complaint alleged that oil companies collecting consumers' ZIP codes at the gas pump violated California's Song-Beverly Credit Card Act. The Los Angeles Superior Court disagreed, deeming the plaintiff's argument that the Act applies to the oil companies' fraud prevention efforts "absurd." The gas pump case had already inspired a new California law permitting anti-fraud ZIP code collection.

The February 10, 2011, California Supreme Court decision in Pineda v. Williams-Sonoma Stores, Inc., 51 Cal.4th 524 (2011), established that the definition of "personal identification information" in California's Song-Beverly Credit Card Act of 1971, Civil Code §§ 1747, et seq. (the "Act"), includes a consumer's ZIP code. The court also held that the word "address" in Section 1747.08 "should be construed as encompassing not only a complete address, but also its components." This decision was the catalyst to hundreds of putative privacy class actions filed in California (and several filed in New Jersey). Chevron Corporation and other oil companies were swept up in the frenzy as defendants in Flores v. Chevron Corporation, et al., Case No. BC455706 (L.A. Sup. Ct.), a putative class action challenging their practice of collecting consumers' ZIP codes at the gas pump.

The Flores complaint alleged that the oil companies' collection of customers' ZIP Codes violated the Act, as confirmed by the Pineda decision. The Act prohibits merchants from "request[ing], or requir[ing] as a condition to accepting [a] credit card as payment in full or in part for goods or services, the cardholder to write any personal identification information upon [a] credit card transaction form or otherwise" (emphasis added). The Act defines "personal identification information" as information concerning the cardholder, other than information appearing on the credit card, and including, but not limited to, the cardholder's address and telephone number. The Pineda decision confirmed that personal identification information ("PII") includes a customers' ZIP code. The Act specifies that it does not apply in certain circumstances, such as where the PII is required for a special purpose incidental to but related to the credit card transaction (former Civil Code § 1747.08(c)). On March 14, 2012, Los Angeles Superior Court Judge Wiley granted the oil companies' motion for summary judgment, finding that the Act does not apply to the gas stations' collection of consumers' ZIP codes because this practice was implemented to prevent fraud (and not for any marketing purposes).

New 'Urgency Statute' Already in Place

The Flores class action was the catalyst to an October 2011 law, Assembly Bill 1219, "an urgency statute necessary for the immediate preservation of the public peace, health, or safety within the meaning of Article IV of the Constitution." A.B. 1219 was necessary "to prevent potential disruption of gasoline station services throughout the state [and] necessary to create a new exemption to the prohibition on the collection of Zip Code information when credit cards are used that will apply in the purchase of gasoline..." It added an express exemption limited to gas pump transactions using ZIP code collection at the pump point-of-sale used solely for prevention of fraud, theft or identity theft. It became effective immediately.

Latest Decision Consistent With Others

Judge Wiley's ruling that oil companies can collect consumers' ZIP codes at the gas pump to prevent fraud is consistent with other pre-Pineda California decisions. California's District Courts of Appeal have found that the Act does not apply to merchandise returns—they are not "purchases" and there are opportunities for fraud and the merchant must be able to identify the person who returns merchandise in case the merchandise is used, damaged or stolen. See TJX Companies, Inc. v. Superior Court, 163 Cal. App. 4th 80 (2008); Absher v. Autozone, Inc., 164 Cal. App. 4th 332 (2008). Similarly, one California federal court found that "online transactions are not encompassed within the Act" because of "unique fraud concerns created by those transactions"—the merchant needs to ensure the cardholder is who he/she claims to be. See Saulic v. Symantec Corp., 596 F. Supp. 2d 1323 (C.D. Cal. 2009). A San Francisco Superior Court Judge likewise ruled that Section 1747.08 "on its face does not apply to online transactions," sustaining craigslist, Inc.'s demurrer to a putative class action alleging violations of the Act.

Next Up: Whether the Act Applies to Internet Businesses

Many post-Pineda class actions will be resolved this year. The California Supreme Court granted hearings to Ticketmaster LLC, Apple Inc. and website eHarmony Inc. to decide whether the Act applies to Internet businesses. All face class claims of violations for obtaining phone number and address information from consumers during online credit card transactions for purchases that did not need to be shipped.

Download: California Court OKs Collecting Consumer ZIP Codes to Combat Credit Card Fraud 

Tags
Litigation, Cybersecurity, Data Protection & Privacy
These and any accompanying materials are not legal advice, are not a complete summary of the subject matter, and are subject to the terms of use found at: https://www.pillsburylaw.com/en/terms-of-use.html. We recommend that you obtain separate legal advice.