Bill Text

Bill Information

Add To My Favorites | print page

SB-383 Credit cards: personal information.(2013-2014)

SHARE THIS:share this bill in Facebookshare this bill in Twitter
SB383:v95#DOCUMENT

Amended  IN  Assembly  June 15, 2014
Amended  IN  Senate  January 28, 2014
Amended  IN  Senate  May 24, 2013
Amended  IN  Senate  April 01, 2013

CALIFORNIA LEGISLATURE— 2013–2014 REGULAR SESSION

Senate Bill No. 383


Introduced by Senator Jackson

February 20, 2013


An act to amend Sections 1747.02 and 1747.08 of the Civil Code, relating to credit cards.


LEGISLATIVE COUNSEL'S DIGEST


SB 383, as amended, Jackson. Credit cards: personal information.
Existing state and federal law regulates the provision of credit and the use of credit cards. The Song-Beverly Credit Card Act of 1971 generally regulates credit card transactions and prohibits a person or entity that accepts credit cards for the transaction of business from requesting, or requiring as a condition to accepting the credit card, that the cardholder write any personal identification information, as defined, upon the credit card transaction form or otherwise. Existing law prohibits a person or entity that accepts credit cards for the transaction of business from requesting, or requiring as a condition to accepting the credit card, that the cardholder provide his or her personal identification information to the person or entity to be written or caused to be written upon the credit card transaction form or otherwise. Notwithstanding those provisions, existing law authorizes a person or entity that accepts credit cards for the transaction of business to require the cardholder, as a condition to accepting the credit card, to provide reasonable forms of positive identification, which may include a driver’s license or a California state identification card, provided that the information is not written or recorded on the credit card transaction form or otherwise. Existing law authorizes the use of ZIP Code information in a sales transaction at a retail motor fuel dispenser or retail motor fuel payment island with an automated cashier that uses the ZIP Code information solely for prevention of fraud, theft, or identity theft.
This bill would authorize a person or entity that accepts credit cards in an online transaction involving an electronic downloadable product, as defined, to require a cardholder, as a condition to accepting a credit card as payment in full or in part, in an online transaction involving an electronic downloadable product, to provide the billing ZIP Code and street address number associated with the credit card, if used solely for the detection, investigation, or prevention of fraud, theft, identity theft, or criminal activity, or enforcement of terms of sale. The bill would authorize the person or entity accepting the credit card to require a cardholder, as a condition to accepting a credit card as payment in full or in part, in an online transaction involving an electronic downloadable product, to provide additional personal identification information, as defined, if it requires that information for the detection, investigation, or prevention of fraud, theft, identity theft, or criminal activity, or for enforcement of terms of sale, and the additional personal identification information is used solely for those purposes. The bill would require that person or entity to destroy or dispose of the ZIP Code, street address number, and any additional personal identification information it requires in a secure manner after it is no longer needed for those purposes. The bill would prohibit that person or entity from aggregating the ZIP Code, street address number, or additional personal information it requires with any other personal identification information, as defined, information and from sharing the ZIP Code, street address number, or additional personal identification information it requires with any other person or entity, as specified. The bill, notwithstanding the foregoing provisions, would also authorize a person or entity accepting a credit card in an online transaction involving an electronic downloadable product to request, but not require, personal information if the cardholder actively elects to provide the personal information by opting in to the collection of the information and specified conditions are met require a consumer to establish an account as a condition for purchase of the product and to provide personally identifiable information in connection with that account, as specified. The bill would also authorize a consumer, concurrent with completing a transaction for an electronically downloadable product, to elect to opt in to the collection and use of personally identifiable information provided certain disclosures are made and he or she is permitted to opt out prior to completing the transaction.
Vote: MAJORITY   Appropriation: NO   Fiscal Committee: NO   Local Program: NO  

The people of the State of California do enact as follows:


SECTION 1.

 (a) The Legislature finds and declares all of the following:
(1) The Song-Beverly Credit Card Act of 1971 establishes privacy and other protections for cardholders. These protections prohibit a person, firm, partnership, association, or corporation from requesting or requiring a cardholder to provide personal identification information in a credit card transaction, with specified, limited exceptions.
(2) The Song-Beverly Credit Card Act of 1971 applies to credit card transactions without reference to the method, platform, or technology used to process or to complete the transaction.
(3) The California Supreme Court, in Apple Inc. v. Superior Court (2013) 56 Cal.4th 128, declared the Song-Beverly Credit Card Act of 1971 not applicable to an online transaction involving a downloadable product. As a result, the privacy protections of the act do not apply to those transactions.
(b) It is the intent of the Legislature to advance privacy protections by limiting the scope of personally identifiable information that may be required to be collected for an online transaction involving an electronic downloadable product.

SEC. 2.

 Section 1747.02 of the Civil Code is amended to read:

1747.02.
 As used in this title:
(a) “Credit card” means any card, plate, coupon book, or other single credit device existing for the purpose of being used from time to time upon presentation to obtain money, property, labor, or services on credit. “Credit card” does not mean any of the following:
(1) Any single credit device used to obtain telephone property, labor, or services in any transaction under public utility tariffs.
(2) Any device that may be used to obtain credit pursuant to an electronic fund transfer, but only if the credit is obtained under an agreement between a consumer and a financial institution to extend credit when the consumer’s asset account is overdrawn or to maintain a specified minimum balance in the consumer’s asset account.
(3) Any key or card key used at an automated dispensing outlet to obtain or purchase petroleum products, as defined in subdivision (c) of Section 13401 of the Business and Professions Code, that will be used primarily for business rather than personal or family purposes.
(b) “Accepted credit card” means any credit card that the cardholder has requested or applied for and received or has signed, or has used, or has authorized another person to use, for the purpose of obtaining money, property, labor, or services on credit. Any credit card issued in renewal of, or in substitution for, an accepted credit card becomes an accepted credit card when received by the cardholder, whether the credit card is issued by the same or a successor card issuer.
(c) “Card issuer” means any person who issues a credit card or the agent of that person for that purpose with respect to the credit card.
(d) “Cardholder” means a natural person to whom a credit card is issued for consumer credit purposes, or a natural person who has agreed with the card issuer to pay consumer credit obligations arising from the issuance of a credit card to another natural person. For purposes of Sections 1747.05, 1747.10, and 1747.20, the term includes any person to whom a credit card is issued for any purpose, including business, commercial, or agricultural use, or a person who has agreed with the card issuer to pay obligations arising from the issuance of that credit card to another person.
(e) “Retailer” means every person other than a card issuer who furnishes money, goods, services, or anything else of value upon presentation of a credit card by a cardholder. “Retailer” shall not mean the state, a county, city, city and county, or any other public agency.
(f) “Unauthorized use” means the use of a credit card by a person, other than the cardholder, (1) who does not have actual, implied, or apparent authority for that use and (2) from which the cardholder receives no benefit. “Unauthorized use” does not include the use of a credit card by a person who has been given authority by the cardholder to use the credit card. Any attempted termination by the cardholder of the person’s authority is ineffective as against the card issuer until the cardholder complies with the procedures required by the card issuer to terminate that authority. Notwithstanding the above, following the card issuer’s receipt of oral or written notice from a cardholder indicating that the cardholder wishes to terminate the authority of a previously authorized user of a credit card, the card issuer shall follow its usual procedures for precluding any further use of a credit card by an unauthorized person.
(g) “Inquiry” means a writing that is posted by mail to the address of the card issuer to which payments are normally tendered, unless another address is specifically indicated on the statement for that purpose, then to that other address, and that is received by the card issuer no later than 60 days after the card issuer transmitted the first periodic statement that reflects the alleged billing error, and that does all of the following:
(1) Sets forth sufficient information to enable the card issuer to identify the cardholder and the account.
(2) Sufficiently identifies the billing error.
(3) Sets forth information providing the basis for the cardholder’s belief that the billing error exists.
(h) “Response” means a writing that is responsive to an inquiry and mailed to the cardholder’s address last known to the card issuer.
(i) “Timely response” means a response that is mailed within two complete billing cycles, but in no event later than 90 days, after the card issuer receives an inquiry.
(j) “Billing error” means an error by omission or commission in (1) posting any debit or credit, or (2) in computation or similar error of an accounting nature contained in a statement given to the cardholder by the card issuer. “Billing error” does not mean any dispute with respect to value, quality, or quantity of goods, services, or other benefit obtained through use of a credit card.
(k) “Adequate notice” means a printed notice to a cardholder that sets forth the pertinent facts clearly and conspicuously so that a person against whom it is to operate could reasonably be expected to have noticed it and understood its meaning.
(l) “Secured credit card” means any credit card issued under an agreement or other instrument that pledges, hypothecates, or places a lien on real property or money or other personal property to secure the cardholder’s obligations to the card issuer.
(m) “Student credit card” means any credit card that is provided to a student at a public or private college or university and is provided to that student solely based on his or her enrollment in a public or private university, or is provided to a student who would not otherwise qualify for that credit card on the basis of his or her income. A “student credit card” does not include a credit card issued to a student who has a cocardholder or cosigner who would otherwise qualify for a credit card other than a student credit card.
(n) “Retail motor fuel dispenser” means a device that dispenses fuel that is used to power internal combustion engines, including motor vehicle engines, that processes the sale of fuel through a remote electronic payment system, and that is in a location where an employee or other agent of the seller is not present.
(o) “Retail motor fuel payment island automated cashier” means a remote electronic payment processing station that processes the retail sale of fuel that is used to power internal combustion engines, including motor vehicle engines, that is in a location where an employee or other agent of the seller is not present, and that is located in close proximity to a retail motor fuel dispenser.
(p) “Online transaction involving an electronic downloadable product” means a credit card transaction for a product, service, subscription, or any other consideration, in which the product, service, subscription, or consideration is provided by means of a download to a computer, telephone, or other electronic device.

SEC. 3.

 Section 1747.08 of the Civil Code is amended to read:

1747.08.
 (a) Except as provided in subdivision (c), a person, firm, partnership, association, or corporation that accepts credit cards for the transaction of business shall not do any of the following:
(1) Request, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to write any personal identification information upon the credit card transaction form or otherwise.
(2) Request, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to provide personal identification information, which the person, firm, partnership, association, or corporation accepting the credit card writes, causes to be written, or otherwise records upon the credit card transaction form or otherwise.
(3) Utilize, in any credit card transaction, a credit card form that contains preprinted spaces specifically designated for filling in any personal identification information of the cardholder.
(b) For purposes of this section, “personal identification information” means information concerning the cardholder, other than information set forth on the credit card, and including, but not limited to, the cardholder’s address and telephone number.
(c) Subdivision (a) does not apply in the following instances:
(1) If the credit card is being used as a deposit to secure payment in the event of default, loss, damage, or other similar occurrence.
(2) Cash advance transactions.
(3) If any of the following applies:
(A) The person, firm, partnership, association, or corporation accepting the credit card is contractually obligated to provide personal identification information in order to complete the credit card transaction.
(B) The person, firm, partnership, association, or corporation accepting the credit card in a sales transaction at a retail motor fuel dispenser or retail motor fuel payment island automated cashier uses the ZIP Code information solely for prevention of fraud, theft, or identity theft.
(C) The person, firm, partnership, association, or corporation accepting the credit card is obligated to collect and record the personal identification information by federal or state law or regulation.
(4) If personal identification information is required for a special purpose incidental but related to the individual credit card transaction, including, but not limited to, information relating to shipping, delivery, servicing, or installation of the purchased merchandise, or for special orders.
(d) (1) This section does not prohibit any person, firm, partnership, association, or corporation from requiring the cardholder, as a condition to accepting the credit card as payment in full or in part, for goods or services, to provide reasonable forms of positive identification, which may include a driver’s license or a California state identification card, or where one of these is not available, another form of photo identification, provided that none of the information contained thereon is written or recorded on the credit card transaction form or otherwise. If the cardholder pays for the transaction with a credit card number and does not make the credit card available upon request to verify the number, the cardholder’s driver’s license number or identification card number may be recorded on the credit card transaction form or otherwise.
(2) Notwithstanding subdivision (a), a person, firm, partnership, association, or corporation accepting the credit card may require a cardholder, as a condition to accepting a credit card as payment in full or in part, in an online transaction involving an electronic downloadable product, to provide the billing ZIP Code number and numerical portion of the street address associated with the credit card, if used solely for the detection, investigation, or prevention of fraud, theft, identity theft, or criminal activity, or for enforcement of terms of sale. The person, firm, partnership, association, or corporation accepting the credit card may require a cardholder, as a condition to accepting a credit card as payment in full or in part, in an online transaction involving an electronic downloadable product, to provide additional personal identification information, if it requires that information for the detection, investigation, or prevention of fraud, theft, identity theft, or criminal activity, or for enforcement of terms of sale, and the additional personal identification information is used solely for the detection, investigation, or prevention of fraud, theft, identity theft, or criminal activity, or for enforcement of terms of sale. those purposes. The person, firm, partnership, association, or corporation accepting the credit card shall destroy or dispose of the ZIP Code, street address number, and any additional personal identification information it requires pursuant to this subdivision in a secure manner after it is no longer needed for the detection, investigation, or prevention of fraud, theft, identity theft, or criminal activity, or for enforcement of terms of sale purposes authorized under this paragraph. The person, firm, partnership, association, or corporation accepting the credit card shall not aggregate the ZIP Code, street address number, or additional personal identification information it requires pursuant to this subdivision with any other personal identification information and shall not share the ZIP Code, street address number, or additional personal identification information it requires pursuant to this subdivision with any other person, firm, partnership, association, or corporation unless it is required to do so by state or federal law, or is contractually obligated to share the information with another entity to verify the information, complete the transaction, or for the detection, investigation, or prevention of fraud, theft, identity theft, or criminal activity, or for enforcement of terms of sale.

(3)(A)Notwithstanding subdivision (a), a person, firm, partnership, association, or corporation may request, but not require, personal information from a cardholder as part of an online transaction involving an electronic downloadable product, as long as the cardholder actively elects to provide the personal information by opting in to the collection of the information and is contemporaneously notified of all of the following:

(i)That providing the information is not required to complete the transaction.

(ii)The purpose of the request.

(iii)The intended use of the information.

(B)A cardholder shall be provided with an additional opportunity to opt out of the collection of the information before the online transaction involving an electronic downloadable product is completed.

(3) (A) Notwithstanding subdivision (a), a person, firm, partnership, association, or corporation that provides an electronic downloadable product may require a consumer to establish an account as a condition for the purchase of an electronic downloadable product and may require a consumer to provide personally identifiable information to establish, maintain, or update that account. Except as provided in subparagraph (B), the personal identification information collected pursuant to this subdivision may only be used for the establishment, maintenance, or updating of the account, or to process a credit card transaction.
(B) (i) Concurrent with completing a transaction for an electronically downloadable product, or when establishing an account pursuant to subparagraph (A), a cardholder may elect to provide personally identifiable information by opting in to the collection and use of that information if he or she is contemporaneously notified of the following:
(I) That providing the information is not required to complete the transaction.
(II) The purpose of the request.
(III) The intended use of the information.
(ii) A cardholder shall be provided with an opportunity to opt out of the collection of the information before the online transaction involving an electronic downloadable product is completed.
(e) Any person who violates this section shall be subject to a civil penalty not to exceed two hundred fifty dollars ($250) for the first violation and one thousand dollars ($1,000) for each subsequent violation, to be assessed and collected in a civil action brought by the person paying with a credit card, by the Attorney General, or by the district attorney or city attorney of the county or city in which the violation occurred. However, no civil penalty shall be assessed for a violation of this section if the defendant shows by a preponderance of the evidence that the violation was not intentional and resulted from a bona fide error made notwithstanding the defendant’s maintenance of procedures reasonably adopted to avoid that error. When collected, the civil penalty shall be payable, as appropriate, to the person paying with a credit card who brought the action, or to the general fund of whichever governmental entity brought the action to assess the civil penalty.
(f) The Attorney General, or any district attorney or city attorney within his or her respective jurisdiction, may bring an action in the superior court in the name of the people of the State of California to enjoin violation of subdivision (a) and, upon notice to the defendant of not less than five days, to temporarily restrain and enjoin the violation. If it appears to the satisfaction of the court that the defendant has, in fact, violated subdivision (a), the court may issue an injunction restraining further violations, without requiring proof that any person has been damaged by the violation. In these proceedings, if the court finds that the defendant has violated subdivision (a), the court may direct the defendant to pay any or all costs incurred by the Attorney General, district attorney, or city attorney in seeking or obtaining injunctive relief pursuant to this subdivision.
(g) Actions for collection of civil penalties under subdivision (e) and for injunctive relief under subdivision (f) may be consolidated.
(h) The changes made to this section by Chapter 458 of the Statutes of 1995 apply only to credit card transactions entered into on and after January 1, 1996. Nothing in those changes shall be construed to affect any civil action that was filed before January 1, 1996.