Credit card truncation
I live in Indiana. Our credit card truncation law is outdated. We still have many businesses that print your entire credit card number on your receipt....making it possible for any employee or person who steals your receipt off the restaurant table after you leave to steal your credit card info.
I always take a marker and mark out all but the last 5 digits...the business does not need all those numbers...I've done this for years.
Regulations on truncation come from FACTA (Fair and Accurate Credit Transaction Act). Although FACTA only permits the last 5 digits, there are so many loopholes that states like mine live on.
Here is a cut/paste from FACTA, signed in 2003.
SEC. 113. TRUNCATION OF CREDIT CARD AND DEBIT CARD ACCOUNT
Section 605 of the Fair Credit Reporting Act (15 U.S.C. 1681c)
is amended by adding at the end the following:
RUNCATION OF CREDIT CARD AND DEBIT CARD NUMBERS.—
‘‘(1) IN GENERAL.—Except as otherwise provided in this subsection, no person that accepts credit cards or debit cards for the transaction of business shall print more than the last 5 digits of the card number or the expiration date upon any receipt provided to the cardholder at the point of the sale or transaction.
‘‘(2) LIMITATION.—This subsection shall apply only to receipts that are electronically printed, and shall not apply to transactions in which the sole means of recording a credit card or debit card account number is by handwriting or by an imprint or copy of the card.
‘‘(3) EFFECTIVE DATE.—This subsection shall become effective—
‘‘(A) 3 years after the date of enactment of this subsection, with respect to any cash register or other machine or device that electronically prints receipts for credit card or debit card transactions that is in use before January 1, 2005; and
‘‘(B) 1 year after the date of enactment of this subsection,
with respect to any cash register or other machine or device that electronically prints receipts for credit card or debit card transactions that is first put into use on or after January 1, 2005.’
However, FACTA has been challenged on constitutional grounds:
A very recent note...
"Since December 4, 2006, consumers have filed hundreds of suits against merchants who allegedly printed a truncated account number and the expiration dates on receipts, arguing that those merchants “willfully” violated FACTA, and seeking $100 to $1,000 for each violation."
Here is a plain language article on this too:
I just wish they'd stop printing my entire number on the receipt. :rant:
Actually PCI DSS (Payment Card Industry Data Security Standards), while not being a "law", but is a standard adopted by the credit card companies, requires an even stricter requirement, of only the last four digits or the, I believe, first 5 digits of the credit card. Furthermore, no other information shall be retained like the expiration date, name, or "card Identifier" - sometimes called the CVV, shall be retained in an non-encrypted format. Obviously this violation cannot be used as a basis of suit, but it can be used as a threat to report the vendor to the credit card company. The credit card company has been very good about enforcing compliance, to the threat of pulling the merchant's ability to accept credit card payments, and in at least one case, when this ability had been pulled, the merchant went out of business within a year. I, also make the merchants black out all but the last 4 digits, and remind them that it violates the PCI DSS standards. When you tell them this, they will usually comply. Of particular frustration is that many of the older credit card printer machines, will print an original for you to sign which is the merchant's copy with the full credit card number printer, and your copy which has all but the last 4 digits xxx'd out. Since you are the holder of the credit card, it is certainly within your rights to have the whole credit card number printed out if you want on your copy (and if you mishandle it, then it is your fault), but if you look at your copy, you would think that the number is actually xxxx'd out on both copies, which is not the case. This is a result of the merchant not spending the few bucks to update their software, which is unforgivable. Perhaps if enough of us complain, the will start to get the message and fix this problem. After all, it is our credit cards and identity that we are trying to protect.
|All times are GMT -6. The time now is 01:44 AM.|
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2022, vBulletin Solutions, Inc.