In a recent decision, the Supreme Judicial Court of Massachusetts (“SJC”) broadly interpreted a statute that governs the personal information that may be collected by a merchant during a credit card transaction.  The decision, Tyler v. Michaels Stores, Inc., SJC-1145 (Mass. March 11, 2013), was issued in response to three questions that had been certified to the SJC by a federal district judge in Boston, in connection with a lawsuit alleging violation of Mass. Gen. Laws, ch. 93, §105(a), the Massachusetts analogue to California’s Song-Beverly Act. 

Section 105(a) provides that “[n]o business entity that accepts a credit card for a business transaction shall write, cause to be written or require that a credit card holder write personal identification information, not required by the credit card issuer, on the credit card transaction form.”  “Personal identification information,” in turn, “shall include, but shall not be limited to, a credit card holder’s address or telephone number.”  Violations of Section 105(a) are treated as “unfair and deceptive trade practices” under Mass. Gen. Laws. ch. 93A, §§ 2, 9, which provides “injured” persons a private right of action against any entity that commits an unfair or deceptive trade practice.

The plaintiff in Tyler alleged that Michaels Stores violated §105(a) by requesting her ZIP code during a credit card transaction at one Michaels Stores retail location.  The district court agreed that the plaintiff had sufficiently pled a violation of that statute, but nonetheless dismissed the complaint because she had failed to allege a cognizable injury stemming from the violation, which is required to bring an action under Massachusetts’s unfair and deceptive trade practices statute.  The court explained that the purpose of §105(a) was to prevent identify fraud, and suggested a plaintiff would need to allege that fraud had occurred because of the alleged violation of §105(a).   

Continue Reading Massachusetts Supreme Judicial Court Issues Broad Ruling on Point-of-Sale Data Collection

In its most recent issue of the Supervisory Insights newsletter, the Federal Deposit Insurance Corporation (FDIC) describes mobile payment technologies, the risks they pose to depository institutions, and the regulatory framework applicable to such technologies.  The FDIC notes the widespread use of smartphones as a payment technology and the increasing availability of point-of-sale terminals equipped to process payments using near-field communications.  Both of these factors require institutions to understand and adopt controls to mitigate risk from mobile payment technologies.

Continue Reading FDIC Highlights Mobile Payment Technologies and Related Risks