February 5, 2013

Major Win for eCommerce Businesses: California Supreme Court Rules On-Line Merchants May Collect Personal Information to Verify Credit Cards for Electronically Downloaded Products

The California Supreme Court held today in Apple v. Superior Ct. that on-line merchants may require customers to provide personally identifying information (such as home address and phone number) to purchase electronically downloaded products with their credit cards.


In June 2011, David Krescent brought a proposed class action suit against Apple alleging that Section 1747.08 of the Song-Beverly Credit Card Act of 1971 (“Credit Card Act”) prohibits on-line retailers from requiring consumers to provide personally-identifying information to verify a credit card when making an on-line purchase. Lawyers for consumers argued that online retailers can protect against fraud in credit card transactions without forcing buyers to turn over so much personally-identifying information. Lawyers for Apple argued that the Credit Card Act only applies to brick and mortar businesses. The California Supreme Court agreed with Apple.

California Supreme Court Ruling

The 4-3 split decision held that the California legislature had not intended for the Credit Card Act apply to online commerce. Judge Liu writing for the majority stated, “[w]hile it is clear the Legislature enacted the Credit Card Act to protect consumer privacy, it is also clear that the Legislature did not intend to achieve privacy protection without regard to exposing consumers and retailers to undue risk of fraud. . . . [We] cannot assume that the Legislature, had it confronted a type of transaction in which the standard mechanisms for verifying a cardholder’s identity were not available, would have made the same policy choice as it did with respect to transactions in which it found no tension between privacy protection and fraud prevention.” Online retailers should be able to verify consumer identity in the same fashion, for instance through photo identification, as their brick and mortar counterparts do.

The decision went on to say that if lawmakers want to prohibit on-line merchants from collecting such information, lawmakers “may wish to revisit the issue of consumer privacy and fraud prevention in online credit card transactions.”

Impact of the Apple v. Superior Ct. Ruling

Potentially Limited Application to Electronically Downloaded Products

The Apple v. Superior Ct. ruling holds, “section 1747.08 [of the Credit Card Act] does not apply to online purchases in which the product is downloaded electronically.” This begs the question of whether this rule applies to online credit card purchases of products that are not electronically downloaded. This issue is yet to be determined.

Clarification of Recent Ruling and Legislative Amendment

In 2011, the California Supreme Court held in Pineda v. Williams-Sonoma Stores, Inc., that brick and mortar retailers may not request and record a customer’s zip code during a credit card transaction. This led to numerous class action lawsuits against other retailers who were collecting this information. The Apple v. Superior Ct. ruling distinguished brick and mortar merchants from on-line merchants. The Apple v. Superior Ct. held, “. . . unlikePineda, which concerned the purchase of a physical product at a traditional “brick-and-mortar” business, this case concerns the purchase of an electronic download via the Internet.”

In response to the Pineda v. Williams-Sonoma Stores, Inc. ruling, the California legislature amended the Credit Card Act in 2011 to add section 1747.08(c)(3)(B) which states that retailers who are accepting credit cards in sales transactions “at a retail motor fuel dispenser or retail motor fuel payment island automated cashier” . . . . may collect “Zip Code information solely for the prevention of fraud, theft or identity theft.” The Apple v. Superior Ct. held that this amendment does not apply to online transactions, because pay-at-the-pump transactions pose less risk of fraud than online transactions. In pay-at-the pump transactions, consumers must possess a physical card and conduct a transaction in public where they can be seen by gas station employees, other customers and video surveillance. Consumers can engage in online transactions from the privacy of their own home and therefore, there is a greater opportunity for fraud.

Potential Legislative Changes to the Credit Card Act

This decision may encourage the California state legislature to enact further modifications to the Credit Card Act as they did in 2011. We will continue to track this and report any updates.

If you have any questions about how to comply with state or federal privacy laws, please contact Helen Christakos at

Subscribe Link

Email Disclaimer