Data breaches are very concerning because of the type of information that can be compromised during such an event, namely consumer payment information and personal information. When personal information is stolen during a data breach a consumer can be in for a much bigger headache than if their payment information is stolen, which is rendered useless as soon as a credit card issuer shuts down the account.
However, if a scammer is able to access a consumer’s name, social security number, address, and other pertinents he may be able to steal the consumer’s identity and actually open fraudulent accounts in the consumer’s name. Thanks to federal law, consumers are not on the hook for fraudulently opened accounts, but this type of true-name identity theft can be much more difficult for a consumer to resolve than a simple fraudulent transaction involving a stolen credit card number.
Providing Personal Information
Smart consumers know just how important it is to protect their personal information. After all, if a consumer has worked to earn strong credit reports and scores, then his credit can actually be one of his most valuable wealth building assets. It’s always a good idea to keep sensitive, personal information private as much as possible and to only share such personal data when absolutely necessary, especially social security numbers.
You should expect to share a very limited amount of personal information when you pay for something using a credit card. However, it’s important to keep in mind that there are strict limits to the types of information a merchant may request during a credit card transaction.
Asking For Identification
Sometimes a merchant will request to see identification at checkout when a customer is paying with a credit card for a purchase. However, depending on the state, it is not always legal for a merchant to do so.
In addition to state laws, each credit card network imposes guidelines on merchants regarding verification processes for credit card transactions. VISA, for example, instructs merchants to request a signature and then to compare the signature on the receipt to the signature on the card.
If the card is unsigned then, per VISA’s guidelines, a merchant may “ask the cardholder to sign the card and provide current government identification…if local law permits.” MasterCard has similar guidelines as well.
Consumers are commonly asked to provide their zip code when using a credit card to purchase gas directly from the pump. During at-the-pump transactions there is no employee present to verify a cardholder’s signature. In fact, a signature is not even required to complete the transaction.
Therefore, requesting a zip code serves as another layer of security against fraudulent charges during these transactions. However, gas stations are generally not allowed to retain zip code information after a transaction has been completed.
With the exception of gas station transactions, it is illegal for merchants to request and store zip codes from their customers in certain states. In California, for example, the state supreme court ruled in 2011 that retailers could no longer require zip codes from customers as part of a credit card transaction.
The ruling came about as a result of a case against Williams-Sonoma, which had collected zip codes and used them to look up the addresses of customers who had not previously provided their addresses to the store in order to mail catalogs to those customers.
Multi-Digit Security Codes
While the 3-digit security code on the back of a consumer’s credit card, known as the card verification value (CVV), does not technically count as “personal information” it is still worth mentioning since merchants commonly request the code.
The purpose of the security code is to let a merchant know that a customer physically has the credit card he is using during credit card transactions conducted over the phone or via the Internet. It is designed to add another layer of fraud protection for transactions not made in person.