It is apparent, especially during the holiday season, that Internet commerce has become an evolving substitute for traditional in-store shopping. In the area of federal identity theft protections, however, purchases over the Internet are not comparable to in-store transactions.
Under the Fair and Accurate Credit Transactions Act (“FACTA”), a person that accepts credit or debit card payments is prohibited from printing more than the last five digits of the card number or the expiration date on any receipt provided at the point of sale or transaction. The U.S. District Court for the Northern District of Illinois, however, recently determined that these FACTA prohibitions do not apply to email order confirmations related to Internet purchases. (Shlahtichman v. 1-800 CONTACTS (N.D. Ill. 2009)
In Shlahtichman v. 1-800 CONTACTS, Inc., the plaintiff purchased contact lenses from the defendant through an Internet transaction with his credit card. The defendant sent the plaintiff a receipt through e-mail which contained the plaintiff’s credit card expiration date. The district court dismissed the plaintiff’s claim that the defendant’s actions were in violation of FACTA for two reasons: 1) an e-mail receipt is not an “electronically printed” receipt under FACTA; and 2) an e-mail receipt is not provided at a transaction’s point of sale.
(1) An e-mail receipt is not an electronically printed receipt under FACTA
The relevant FACTA prohibitions are limited to “receipts that are electronically printed.” The court examined the plain meaning of FACTA, as well prior case law analyzing FACTA’s language, and concluded, consistent with the majority of court opinions to date, that e-mail receipts are not “electronically printed” receipts. The judge noted that the word “print” means to transfer information onto paper and not to display on a computer screen. To emphasize the point that print could only refer to a tangible paper receipt, the judge quoted a prior case (Grabein v. Jupiterimages (S.D. Fla. 2008), noting that the definition of “print” only refers to a tangible, paper receipt. That is why a person “has to print a copy of his receipt to get it off of his computer; it is why the machine used to transfer text from a computer to paper is called a printer.”
The Shlahtichman court also looked at Congress’ intent underlying the FACTA, noting that the statute was only meant to prevent low levels of identity theft, such as using information on a receipt obtained from the trash. If FACTA were aimed at protecting email privacy, the court opined, Congress would have explicitly referenced e-mail, as it has done in other statutes.
(2) An e-mail receipt is not provided at a transaction’s point of sale
FACTA also requires that the receipt covered by the statute be provided “at the point of the sale or transaction.” According to the Shlahtichman court, Internet commerce has no tangible point of sale or transaction, and thus FACTA cannot apply to an e-mail receipt resulting from an Internet purchase. E-mail receipts are directed to an account that could be accessed anywhere in the world, and not specifically to the place or computer where the consumer made the purchase. The court concluded that the a point of sale or transaction could only exist in the context of printed paper receipts.
As the Internet continues to drive retail shopping to the virtual realm, with search engines, one-click transactions, and cyber promotions, FACTA’s identity theft protections may become more and more limited. Shoppers eschewing the crowds at the mall should be aware that if they leave their e-mail on view to others, they may not have recourse to relief under FACTA in the event their receipts show too much of their personal data.
- Beth DeSimone, Nancy Perkins, and Brian Larkin
