New debit/credit card law protects merchants

After hundreds of retailers and restaurants ran afoul of the law by printing expiration dates of credit and debit cards on receipts, a change protects them from frivolous lawsuits.

The bill says a business that printed an expiration date on a receipt over the past 18 months cannot be found in violation of the Fair Credit Reporting Act as long as the merchant printed no more than the last five digits of the card number and complied with other FCRA requirements.

In an update of the FCRA, the Fair and Accurate Credit Transactions Act (FACTA) that took effect at the end of 2006, merchants interpreted the new rules as meaning they could either print no more than the last five digits OR leave off the expiration date, say the National Retail Federation and the National Council of Chain Restaurants. Most shortened the card number, but some kept printing the expiration date with the idea that the date is of no value without the full card number.

The resulting class action lawsuits — estimated at more than 300 — led Congress to unanimously pass new legislation, the Credit and Debit Receipt Clarification Act on May 20. Lawsuits called for fines up to $1,000 per incident.

While retailers and restaurant groups hailed the change, some attorneys are dismayed by its retroactive nature.

"The cases are over. Congress says you don't have a cause of action anymore. There's nothing we can do," Miami attorney Matthew Sarelson told the Daily Business Review. Sarelson, who has filed a dozen FACTA lawsuits, said six of the lawsuits are now over due to the legislation. "It's a bailout plan, plain and simple, and it's worded in such a way that it doesn't change what the law says.”

Merchants are required to both truncate card numbers and leave off expiration dates going forward.

Dallas Morning News columnist Pamela Yip, who last month moderated a panel discussion on data security, wrote that companies need to pay closer attention to protecting consumers’ private information, with truncating credit card numbers and deleting expiration dates just one step that should be taken.

Businesses should inventory what sensitive information they have, where it’s stored and who has access. Provide training, keep only the information you need for your business, lock up offices, desks and shredders, and destroy unneeded documents in a timely way. Most important, plan ahead, Yip advises. Be ready to help consumers if a security breach occurs.

“I encourage businesses to be vigilant about data security, because not doing so could have too high a cost for them and their customers,” she wrote.

Upcoming CPE Webinars

Jul 16
Hand off work to others with finesse and success. Kristen Rampe, CPA will share how to ensure delegated work is properly handled from start to finish in this content-rich one hour webinar.
Jul 17
This webcast will cover the preparation of the statement of cash flows and focus on accounting and disclosure policies for other important issues described below.
Jul 23
We can’t deny a great divide exists between the expectations and workplace needs of Baby Boomers and Millennials. To create thriving organizational performance, we need to shift the way in which we groom future leaders.
Jul 24
In this presentation Excel expert David Ringstrom, CPA revisits the Excel feature you should be using, but probably aren't. The Table feature offers the ability to both boost the integrity of your spreadsheets, but reduce maintenance as well.