- Paying by Credit Card or Check in California
- Paying by Credit Card: MasterCard and Visa Rules
- Merchandise Returns and the Retail Equation
Two California laws limit the collection of personal information in retail stores when you pay using a credit card or check. These laws limit the amount of personal information that can be collected.
- When a consumer pays with a credit card, the merchant cannot record any personal information other than what is on the front of the credit card. (California Civil Code § 1747.08) (Song-Beverly Credit Card Act of 1971)
- When a consumer pays with a check, the merchant cannot record the credit card number. (California Civil Code § 1725)
What personal information can a merchant collect when a shopper pays with a credit card?
Under the Song-Beverly Credit Card Act:
- Merchants cannot request or require that the consumer write any personal information, including address and telephone number, on any form associated with the credit card transaction when the consumer uses a credit card to pay for goods or services.
- Merchants cannot ask the consumer to provide personal information that the merchant then records.
- Merchants cannot use forms with pre-printed spaces for personal information.
Are there any exceptions?
Yes. A merchant can collect personal information when:
- The credit card is used as a deposit.
- The credit card is used for a cash advance.
- The personal information is needed for something incidental but related to the use of the credit card. An example would be the address to which the purchased product is to be shipped.
- The merchant is required to collect information under a federal law or regulation.
- The merchant is contractually obligated to provide personal identification information in order to complete the credit card transaction.
- The card is used to "pay at the pump" for gasoline, limited to zip Code information which may be used solely for prevention of fraud, theft, or identity theft.
- The merchant allows you to pay with a credit card when you don't have it with you.
Does the law prohibit a merchant from asking to show identification when using a credit card?
The Song-Beverly Credit Card Act does not prohibit a California merchant from requiring a consumer who pays for goods or services by credit card from showing identification such as a California driver’s license or California ID. However, the store may not write or record any information from these documents. But, as we explain below, the major credit card company rules provide that merchants cannot make showing identification a condition of credit card acceptance.
Does the law prohibit a merchant from asking for your zip code?
In Pineda v. Williams-Sonoma Stores, the California Supreme Court ruled that a merchant may not ask a customer to provide a zip code as part of a credit card transaction. Williams-Sonoma used customer zip codes that it collected from customers to obtain their home addresses. It then used those addresses to send catalogs to customers who had never provided their address to the retailer. It was able to obtain these addresses through a process known as reverse appending (reverse searches from databases in order to match their customers’ names and zip codes with their previously undisclosed addresses).
Exception: When "paying at the pump" for gasoline, your zip code can be collected. It may be used solely for prevention of fraud, theft, or identity theft.
What personal information can a merchant collect when a shopper pays by check?
Merchants who accept a check for goods or services sold or leased at retail cannot:
- Require a consumer to provide a credit card or record the credit card number in connection with any part of the transaction.
- Require a consumer to sign a statement agreeing to allow the consumer’s credit card to be charged to cover the amount of the check in case the check bounces.
- Contact the credit card issuer to find out if the amount of credit available to the consumer will cover the amount of the check.
Are there any exceptions?
Yes. A merchant can request or record a credit card number in connection with payment by check when:
- A check is used solely to obtain cash.
- A check is used as a deposit.
- A check is used to make a payment on that credit card account.
What happens when a merchant breaks the laws described above?
Merchants may be fined up to $250 for the first violation and up to $1,000 for each subsequent violation. In addition, the court can order the merchant to stop violating the law.
In most situations, a merchant may not condition acceptance of a Visa or MasterCard credit card upon the customer presenting identification. In other words, you can refuse to provide identification, and the merchant still must accept your credit card.
Identification may be required for purposes other than the credit card transaction, for example, when purchasing alcohol, tobacco products, or certain medications. Identification may also be required for unusual transactions flagged during the authorization process.
The MasterCard Rules (June 28, 2018 edition) provide as follows:
5.10.4 Additional Cardholder Identification
A Merchant may request but must not require a Cardholder to provide additional identification information as a condition of Card acceptance, unless such information is required to complete the Transaction, such as for shipping purposes, or the Standards specifically permit or require such information to be collected.
A Merchant in a country or region that supports use of the MasterCard Address Verification Service (AVS) for MasterCard POS Transactions may require the Cardholder’s ZIP or postal code to complete a Cardholder-Activated Terminal (CAT) Transaction, or the Cardholder’s address and ZIP or postal code to complete a mail order, phone order, or e-commerce Transaction.
The Visa Core Rules (October 13, 2018 edition) provide as follows:
22.214.171.124 Cardholder Identification
Unless specified in the Visa Rules, a Merchant must not request Cardholder identification as a condition of purchase.... a Merchant that suspects fraud in a Face-to-Face Environment may request Cardholder identification. If the identification is expired or does not match the name on the Card, or if the Cardholder does not provide identification, the Merchant may decide whether to accept the Card.
What should I do if a merchant insists upon seeing my identification?
Unfortunately, the MasterCard and Visa rules are often ignored by retailers. If you feel strongly about not showing identification as a condition of using your Visa or MasterCard credit card, you may wish to print out a copy of the relevant merchant rule (from the links cited above) and ask to speak to a store manager.
Can a retailer swipe my driver's license if I want to make a return?
Generally, yes. While return policies vary from one retailer to another, many retailers require you to present a driver's license (or government-issued ID) when you return or exchange merchandise. Typically, retailers will swipe your license in a reader that will query a database to look at your return history for patterns of fraud or abuse. By scanning your license, the retailer can collect any information that is encoded on the license's magnetic stripe or bar code. In most states, this information includes the data printed on the face of your license.
California law specifically allows a retailer to swipe your license "to collect or disclose personal information that is required for reporting, investigating, or preventing fraud, abuse, or material misrepresentation." CA Civil Code Section 1798.90.1(a)(1)(D).
Some retailers manage merchandise return data in-house. Others outsource the collection of this data to a company called The Retail Equation.
What is The Retail Equation?
The Retail Equation (formerly known as The Return Exchange) (TRE) is contracted by many retailers to gather and store their return information and analyze the data to develop return policies for those retailers. As customers return merchandise, TRE compares variables such as return frequency, dollar amounts and/or time against a set of rules that form the retailer’s return policy.
TRE states that it does not share its data among retailers. Access to information in their returns database is limited to the consumer, TRE, and the retailer that provided the data to TRE. In other words, TRE does not create a compilation of the shopper’s return activity across all merchants with which that individual shops. If the shopper has returned merchandise to several companies, a merchant will only see the returns for that specific retailer.
TRE does not actually set the return policies for participating retailers. The company gathers and supplies the data that subscribing retailers use to make return authorization decisions, and helps them determine their own return policies.
Can I see the information that The Retail Equation has about me?
Yes. You can order a copy of your Return Activity Report from TRE. This report is a history of all your return transactions posted in those stores that use TRE. The report lists return activity information including the stores you have returned to and, for each return, the date and time, whether it was with or without a receipt, and the dollar amount. You may obtain a copy of your return activity report by sending an email to: ReturnActivityReport@TheRetailEquation.com. You should include your name and a phone number where TRE can reach you. When TRE calls, the company will ask for your driver’s license number and state, to enable a database search.
Can I dispute the information that The Retail Equation has about me?
TRE offers consumers the ability to dispute their Return Activity Report. If a consumer identifies any inaccuracy in his or her information, or if a consumer needs to change information in TRE’s files, the consumer should notify TRE in writing at The Retail Equation, P.O. Box 51373, Irvine, CA 92619-1373 so that they can investigate and update their records.