New technologies are automating some transactions that once involved a customer and a merchant meeting face-to-face. As always, the law is not quite keeping pace with the latest developments, which leads to conflicts that the courts must resolve. California’s Song-Beverly Credit Card Act, Cal. Civ. Code § 1747 et seq., protects consumers in part by prohibiting anyone accepting credit card payments from requiring disclosure of personal information. This has applied to in-person credit card transactions for years, but courts have recently ruled that it does not apply to certain online transactions. A recent Ninth Circuit decision, Sinbaldi v. Redbox Automated Retail, LLC, No. 12-55234, slip op. (9th Cir., Jun. 6, 2014), considered whether this provision applies to certain transactions that are both in-person and automated.
The defendant, Redbox, places automated kiosks, from which customers may rent DVD’s or video games, in or near retail businesses around the country. Each box can hold about 630 discs, which represents about two hundred titles. To rent a movie, a customer selects a title from a screen, then swipes their debit or credit card. The customer must enter the five-digit ZIP code connected to their credit card account, which the system informs the customer is for “security reasons.” Rentals cost around $1 per day, with late fees assessed and charged after either the rental is returned to the kiosk or the accumulated charges reach a maximum amount.
The plaintiffs filed a putative class action lawsuit against Redbox, claiming that requiring customers to enter their ZIP code violated Song-Beverly’s prohibition on collecting personal information as part of a credit card transaction. Cal. Civ. Code. § 1747.08(a); Pineda v. Williams-Sonoma Stores, Inc., 246 P.3d 612 (Cal. 2011) (holding that ZIP codes constitute personal information). The U.S. District Court for the Central District of California dismissed the case. It found that transactions at a Redbox kiosk are analogous to online transactions, citing precedent that held that Song-Beverly “was specifically passed with a brick-and-mortar merchant in mind.” Saulic v. Symantec Corp., 596 F.Supp.2d 1323, 1333 (C.D. Cal. 2009). Because of the risk of fraud in automated transactions, the district court found that Redbox’s request for a ZIP code was lawful.
The Ninth Circuit, while acknowledging the dispute over whether a Redbox is more like an online or a brick-and-mortar transaction, affirmed the dismissal of the lawsuit on completely different grounds. It found that Redbox’s ZIP code requirement fell under Song-Beverly’s “rental deposit exception,” which allows collection of personal information if the merchant is using the credit card “as a deposit” to ensure that the customer pays “in the event of default, loss, [or] damage.” Cal. Civ. Code. § 1747.08(c)(1). Redbox charges a customer immediately for one day’s rental, and retains the credit card information for use if the customer keeps the rental for additional days or fails to return it at all. The court ruled that this constitutes a “deposit” within the meaning of the statute.
If you or your business has a contract dispute or other legal matter, you should consult with a skilled business and commercial lawyer. Cirrus Law PC has represented businesses in the Bay Area for the past 38 years. To schedule an initial confidential consultation to see how we can help you, please contact us today online or at (925) 463-1073.
More Blog Posts:
Liability for Cybersecurity Breaches Still Uncertain for Many Businesses, Pleasanton Business & Commercial Law Blog, June 30, 2014
California-Based Space Transport Company Sues U.S. Government Over Anticompetitive Contract Bidding Process, Pleasanton Business & Commercial Law Blog, May 30, 2014
FTC Announces $3.5 Million Settlement, One of the Largest Ever, in FCRA Lawsuit, Pleasanton Business & Commercial Law Blog, February 26, 2014