When Credit Card ID Checks Go Awry

Create a vendor selection project & run comparison reports
Click to express your interest in this report
Indication of coverage against your requirements
A subscription is required to activate this feature. Contact us for more info.
Celent have reviewed this profile and believe it to be accurate.
24 January 2012
Jacob Jegher
I've always had mixed feelings regarding handing over my ID to a merchant when paying by credit card. On one hand it's great that the merchant is attempting to protect its business and you from fraud. On the other hand you are handing over your personal information to a complete stranger. I was shopping last week with my wife at a Coach store in Florida. We made a small purchase and the sales agent asked for my ID for the credit card transaction. I handed over my credit card and ID and started chatting with my wife. I then noticed that the salesperson was studying my ID and appeared to be typing my information into her computer. I promptly asked what she was doing and she answered that she was typing my address and info into her computer so that I could be added to the Coach mailing list. She never asked for my consent and needless to say I was not happy. The salesperson thought she could simply take the liberty of capturing my personal information. I found this especially curious since this happened on the same day as the Zappos data breach that exposed the personal information of 24 million customers. I subsequently spoke to a manager about the salesperson's actions and was told that their policy is to check IDs but ask for consent regarding the capture of your personal information. I told the manager what happened and she replied, "Oh, she probably did this on a habit." Talk about bad habits, and ones that can certainly get you into trouble! In some instances, asking for personal information may violate store policy, credit card merchant agreements and even state law. This past February, a ruling in the state of California determined that merchants cannot even legally ask for your zip code when making a purchase by credit card. Merchants must start to weigh the pros and cons of capturing personal information at the point of sale. Sure, it can help gather data and help with marketing, but on the other hand it can open the merchant and the consumer up to all sorts of vulnerabilities. In the online world things are obviously different. Shoppers must provide (and are therefore consenting to provide) a billing address, and that can be captured. And the vulnerabilities are being exploited. Just yesterday, Coach's website was hacked by a group called UGNazi. This group hacks organizations that support SOPA. To my knowledge no information was leaked, only the website was defaced. I'm still thinking about how to deal with Coach's mishandling of my transaction. I am definitely going to file a complaint with Coach senior management. Other options include complaints to the Federal Trade Commission, and to the Florida Attorney General. I'm curious to hear your thoughts, please discuss!


  • Great point about how this is unavoidable at online retailers. Much as I love shopping online, I dread receiving emails like the one I got from Zappos last week.

  • I was asked for my ID for a credit card transaction for the very first time last week. At first I was pleased as I thought I was being "carded" as a result of my youthful good looks (cue my colleagues sniggering!). Then I remembered I was buying clothes for my daughters, not alcohol!

    What I found strange was that the ID I provided was a UK ID. There is no way that person would know if it was fake or not. Indeed, just to recognise fake ID of just one type, say a US divers license, would be a challenge for anything but the most blatant copies. Equally, if I had had my wallet stolen, this ID would have been alongside the very card it was validating.

    Which rather raises the question of how useful the process is. If merchants are truly worried about fraud then they should be pushing for better security solutions. That may or may not be EMV, but almost anything must be better than is being employed currently.

    As an aside, but I think related, is the fact that one of the largest source of losses for UK issued cards is from stolen cards that are used overseas. Guess which country that most losses have come from? That has occupyied the top slot for more than 5 years? With more losses than the next 4 countries combined?

    The US.

    US card security isn't just a US problem.

Insight details

Insight Format
Geographic Focus
Asia-Pacific, EMEA, LATAM, North America