District Court Rules E-mail Order Confirmations Not Subject to FACTA
We have written several times about courts (and Congress) helping to define the scope and applicability of certain provisions of the Fair and Accurate Credit Transactions Act (“FACTA”) amendments to the Fair Credit Reporting Act. One provision that has been frequently litigated, 15 U.S.C. § 1681c(g), involves FACTA’s so-called truncation requirements for printed transaction receipts. On December 2, 2009, in Shlahtichman v. 1-800 Contacts, Inc., 2009 U.S. Dist. LEXIS 112379 (N.D. Ill. Dec. 2, 2009), Judge John W. Darrah of the Northern District of Illinois Eastern Division held that FACTA’s prohibition against the electronic printing of a debit or credit card’s expiration date on receipts was inapplicable to e-mail order confirmations (decision available here).
FACTA’s truncation requirements, 15 U.S.C. § 1681c(g), prohibit the “electronic printing” of any receipt at “the point of the sale or transaction” that contains the expiration date of a consumer’s credit or debit card or more than the last five digits of the credit or debit card account number. It is clear that this prohibition applies to hard copy receipts provided to consumers, but reported decisions regarding the applicability of FACTA to electronically displayed receipts are inconsistent in their holdings. Compare Grabein v. 1-800-Flowers.com, Inc., No. 07-22235 (S.D. Fla. Jan. 29, 2008) with Meehan v. Buffalo Wild Wings Inc., No. 07C4562 (N.D. Ill. Feb. 26, 2008). Nonetheless, many judges have held that FACTA does not apply to online receipts (see, for example, the Smith v. Zazzle.com case reported here). On December 2, Judge Darrah joined them.
In Shlahtichman, an electronic order confirmation containing plaintiff’s credit card expiration date was e-mailed to plaintiff after he placed an order through defendant’s website. The plaintiff alleged that this “receipt” violated FACTA’s truncation requirements. Judge Darrah, in coming to his conclusion, relied on the plain meaning of the word “print” and determined that under FACTA, an e-mail order confirmation is not an “electronically printed” receipt because “‘print’ is not commonly understood as a display on a computer screen.” Shlahtichman, 2009 U.S. Dist. LEXIS 112379, at *7 (citing Grabein v. Jupiterimages, 2008 WL 2704451, at *6 (S.D. Fla. 2008)). Judge Darrah also held that an e-mail order confirmation is not subject to FACTA because an e-mail is not provided “at the point of sale or transaction” due to the fact that an e-mail can be accessed from anywhere in the world. Id.
This is interesting, and, I feel, erroneous on two points: First, the receipt is provided at the "point" of sale as once the online transaction is complete, the receipt is generated and sent from the vendor (or agent acting on behalf of vendor) to the buyer into their e-mail account. It is provided at the "point" in time & at the "point" in cyberspace - if not at a geographic "point". As we become more digital, the law & courts must free themselves from the more limited, physical world view. An online transaction must meet the definition of point. Certainly, the receipt would not be generated and sent prior to the transaction being complete.
Second, the definition of "print" must also be liberated to include all materials produced to serve as a receipt of goods and services purchased. Whether a physically printed receipt or an e-mailed electronic message or attachment, both are intended to be an official record of the transaction. Why shouldn't they both follow the same guidelines. I'd ask, why doesn't the electronically e-mailed receipt match 100% any physically printed receipt that would be given a buyer who would walk into a storefront? Aren't the two meant to serve the same purpose?
Further, the fact that the electronic receipt can be accessed from anywhere in the world should imply that Greater security should be offered such records - for both the buyer's and vendor's protection. The buyer's protection is obvious, its always best to limit the number of places credit card information is available.
The vendor has provided an electronic document that is available anywhere in the world and provides all the information needed for a rouge individual (hacker) to assume the buyer's identity and take possession of the product.
In any case, I hope the courts reverse the trend suggested above and defend the FACTA restrictions.