I find it amazing that when I closely examine the detritus of daily life (by emptying my pockets at the end of the day), I discover that so many merchants still print all the digits of the card number on credit and debit card receipts. Why? Why? Why? There is simply no need to have that info there and by it threatens the privacy of the cardholders.
The problem is usually compounded by a pretty cavalier attitude toward these flimsy pieces of paper. How many times have I picked up someone's reciept from the check-out at the grocery store, only to find a full credit card number, complete with expiry date? Or a full debit card number? When I mention it to the clerk, they just chuck it in the garbage. If you want to commit fraud, I can tell you the dumpsters to dive in.
PIPEDA, thanks to its broad statement that you must secure personal information against accidental disclosure, etc., probably requires obscuring at least part of the number. But not enough retailers have read it. At least the US is taking this seriously. The Fair and Accurate Credit Transactions Act requires card "truncation" by January 1 and some state laws have mandated it for some time:
Credit-card processors gear up for new privacy law:
"By Marion Davis, Staff Writer
A federal law requires merchants to truncate personal information on credit card receipts by Jan. 1. Does your business take credit cards? If so, when the slip prints out, how much of the customer's card number is included? If it's more than the last five digits, and/or if the expiration date shows, you need to upgrade your terminal by Jan. 1.
A federal law passed last December, the Fair and Accurate Credit Transactions Act, requires credit-card "truncation" by that date, and a new state law makes merchants liable, starting in 2007, for any resulting fraud, plus legal fees, if they don't comply.
Some states, starting with California, have been gradually implementing truncation mandates for new terminals since 2001, but it was only last January that the first laws affecting existing machines kicked in. Some are tougher than Rhode Islandos: In Maine, anyone who didn't switch by last Jan. 1 is already subject to a $1,000 penalty; in Arizona, as of June 1, merchants who don't truncate can be fined $10,000. "
I gather that Visa/Mastercard have made this mandatory for their Canadian retailers by 2005.
0 comments:
Post a Comment