When Credit Card ID Checks Go Awry
24 January 2012
I've always had mixed feelings regarding handing over my ID to a merchant when paying by credit card. On one hand it's great that the merchant is attempting to protect its business and you from fraud. On the other hand you are handing over your personal information to a complete stranger. I was shopping last week with my wife at a Coach
store in Florida. We made a small purchase and the sales agent asked for my ID for the credit card transaction. I handed over my credit card and ID and started chatting with my wife. I then noticed that the salesperson was studying my ID and appeared to be typing my information into her computer. I promptly asked what she was doing and she answered that she was typing my address and info into her computer so that I could be added to the Coach mailing list. She never asked for my consent and needless to say I was not happy. The salesperson thought she could simply take the liberty of capturing my personal information. I found this especially curious since this happened on the same day as the Zappos data breach
that exposed the personal information of 24 million customers. I subsequently spoke to a manager about the salesperson's actions and was told that their policy is to check IDs but ask for consent regarding the capture of your personal information. I told the manager what happened and she replied, "Oh, she probably did this on a habit." Talk about bad habits, and ones that can certainly get you into trouble! In some instances, asking for personal information may violate store policy, credit card merchant agreements and even state law.
This past February, a ruling in the state of California determined that merchants cannot even legally ask for your zip code when making a purchase by credit card. Merchants must start to weigh the pros and cons of capturing personal information at the point of sale. Sure, it can help gather data and help with marketing, but on the other hand it can open the merchant and the consumer up to all sorts of vulnerabilities. In the online world things are obviously different. Shoppers must provide (and are therefore consenting to provide) a billing address, and that can be captured. And the vulnerabilities are being exploited. Just yesterday, Coach's website was hacked
by a group called UGNazi. This group hacks organizations that support SOPA
. To my knowledge no information was leaked, only the website was defaced. I'm still thinking about how to deal with Coach's mishandling of my transaction. I am definitely going to file a complaint with Coach senior management. Other options include complaints to the Federal Trade Commission
, and to the Florida Attorney General
. I'm curious to hear your thoughts, please discuss!