top of page

California Considers Credit Card Privacy Laws and how it Applies to eCommerce

The California Supreme court is considering a class action suit against Apple for collecting personal information for online transactions which goes against regulations put forth in the state’s Song-Beverly Credit Card Act. Several other major retailers are backing Apple arguing that the previous legislation was only intended for brick-and-mortar transactions, and the outcome of the case could have a major impact on eCommerce and CNP fraud in California.

The class action suit against Apple is led by David Krescent who alleged that Apple is violating the Song-Beverly Credit Card Act by requiring an address and telephone number to establish an iTunes account. This legislation, which was created in 1971, prevents retailers from recording personal information when a customer uses a credit card if it’s not needed for the transaction. In this case since goods are delivered digitally the plaintiff argued this personal information was not needed, but Apple and other retailers collect such information for fraud screening and mitigation.

Those supporting the credit card privacy law argue that this personal information needs to be protected because it is often used for marketing purposes and the Song-Beverly Credit Card Act applies to all credit card transactions, not just brick-and-mortar. Apple’s position is that the law did not foresee or consider eCommerce when created and that the purpose of collecting the information is to protect online shoppers from identity fraud. Apple attorneys have stated the current law is incompatible with current eCommerce needs and that it could lead to facilitating fraud against online merchants who wouldn’t be able to determine if the real cardholder authorized the charge.

In the past gas stations were able to show that they needed to collect ZIP codes at the pump to defend against fraud and in 2011 a bill amending the Song-Beverly Credit Card Act to allow this was approved in California. However, home goods retailer Williams-Sonoma was ruled to be in violation of Song-Beverly in 2011 for collecting ZIP codes with purchases in California, a legal precedent that experts say will be difficult for Apple to overcome. The California Supreme Court’s ruling on this case will then define the rules for other e-retailers in California, and restrictions on what information can be collected will adversely affect fraud detection capabilities.

For more information:


bottom of page