Too Much Information on Credit/Debit Card Receipts Can Cause Big Problems for Businesses.

By Brendan Walsh, Esq.
bwalsh@pashmanstein.com

The use of credit and debit cards has exploded in the past decade.  Indeed, recent data indicates that credit and debit card payments now account for a combined 60% of all sales volume, and that number is expected to rise by four percentage points in the next five years as new technologies make it easier for businesses and individuals to process such payments.  But all individuals and businesses, large or small, who accept credit and/or debit card payments should carefully review their point-of-sale practices to confirm that they are not unwittingly opening themselves up to substantial liability under federal law for including too much information on their customers’ electronically printed receipts.

In 2003, Congress enacted the Fair and Accurate Credit Transactions Act (FACTA) in an effort to combat identity theft.  Among many other things, FACTA provides that “no person that accepts credit cards or debit cards for the transaction of business shall print more than the last 5 digits of the card number or the expiration date upon any [electronically printed] receipt provided to the cardholder at the point of the sale or transaction.”  15 U.S.C. § 1681c(g)(1).  FACTA imposes civil liability for violations of this provision, but the amount depends on whether the violation was negligent or willful.  If the violation was negligent, liability is limited to “actual damages” suffered as a result of the violation, which in the vast majority of cases is zero.  However, if the violation was willful – meaning “objectively unreasonable” – FACTA allows the recovery of statutory damages ranging from $100-$1000 per violation, as well as the recovery of attorneys’ fees.  Punitive damages may also be awarded for willful violations.

The Third Circuit recently considered this provision of FACTA in Long v. Tommy Hilfiger U.S.A., Inc., 671 F.3d 371 (3d Cir. 2012), where a plaintiff sought to recover a substantial damages award on behalf of a class of consumers as a result of a Hilfiger store’s failure to fully redact the expiration date of the plaintiff’s credit card on the plaintiff’s electronically printed receipt.  Specifically, the receipt included the last four digits of the plaintiff’s credit card number (which is permissible under FACTA) and the month, but not the year of the card’s expiration date (i.e., 04/##).  Hilfiger argued that it had not violated FACTA because it had only included a portion of the expiration date on the receipt.  The Third Circuit disagreed and held that FACTA prohibits the inclusion of any portion of a card’s expiration date.  Nevertheless, the court concluded that the plaintiff was only entitled to recover actual damages (which the plaintiff conceded were zero) because it was not objectively unreasonable under the circumstances for Hilfiger to believe that FACTA only prevented the inclusion of complete expiration dates on customer receipts.  To this end, the court noted that “there was no guidance from the federal courts of appeal on this issue” and that the few district court opinions addressing similar FACTA violations “were not directly on-point because they involve[d] merchants who, unlike here, printed the entire expiration date.”

Now that the Third Circuit has resolved this issue, it is reasonable to believe that merchants who continue to include any portion of a credit card’s expiration date (or more than the last five digits of the card number) on electronically printed receipts may be opening themselves up to claims for willful violations FACTA.  If you accept credit and debit card payments and provide customers with electronically printed receipts, you should immediately review the information on your customers’ receipts in order to ensure that you are complying with FACTA.  Of course, attorneys at Pashman Stein would be happy to review your point-of-sale practices with you for compliance with FACTA.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s