For now, online retailers can rest assured that they are not liable under California’s Song-Beverly Credit Card Act if they require customers to enter their addresses or phone numbers in order to complete downloadable online purchases. On February 4, 2013, the California Supreme Court held in Apple Inc. v. Superior Court (Krescent) that the Credit Card Act’s prohibition against recording customers’ personal identification information as a condition of credit card purchases under those circumstances. This provide significant relief to online retailers, who otherwise could have been exposed to up to $1,000 in statutory penalties each time a customer had to enter personal identification information in connection with an online downloadable credit card purchase.
David Krescent brought a putative class action against Apple in June 2011, claiming that Apple violated the Credit Card Act when it required him to provide his telephone number and address in order to purchase online media downloads.
The California Supreme Court had to determine whether the Credit Card Act, which was “enacted in 1990 . . . almost a decade before online commercial transactions became widespread,” was intended to apply to online transactions or only to brick-and-mortar retail transactions.
Since it was not clear whether the Legislature intended for the Credit Card Act to cover online transactions, the Court considered its legislative history and purpose, finding that the enactment of the Credit Card Act balanced consumer privacy protection with retailers’ concerns about the risk of fraud. In 1991, the Credit Card Act was amended to clarify that retailers could require customers to provide photo identification and could record a customer’s driver’s license number if the customer did not make the credit card itself available for verification. This “key antifraud mechanism,” however, is not applicable to an online retailer who cannot visually inspect a credit card, signature, or photo.
Based on the Legislature’s concern that an antifraud mechanism be available and the fact that the mechanism provided in the statute is not available to online retailers, the Court concluded that the Legislature could not have intended the Credit Card Act to apply to online transactions for downloadable purchases.
While the Court’s holding is a win for retailers with an online presence, the Court invited the Legislature “to revisit the issue of consumer privacy and fraud prevention in online credit card transactions,” so the victory could be short-lived. Meanwhile other questions, such as the application of the Credit Card Act to online transactions not involving downloadable products, still remain open. Finally, the Court’s decision will have little, if any, immediate impact on the dozens of ongoing class action lawsuits in which plaintiffs allege that retailers’ in-person collection of their ZIP codes violates the Credit Card Act.