It turns out, not all receipts are created (or printed) equally. The Ninth Circuit Federal Court of Appeals recently joined the Seventh Circuit in holding that e-mailed receipts are not “electronically printed receipts” under the Fair and Accurate Credit Transactions Act (FACTA).
Consumers may have noticed that their printed receipts from credit card transactions at the gas pump or in stores omit the last few digits and expiration date of their credit cards. This identity theft protection is due to FACTA’s prohibition of including those digits or the expiration date on “electronically printed receipts.” Recently, however, the Ninth Circuit, in Simonoff v. Expedia, Inc., 2011 WL 1991211 (9th Cir., 2011) ruled that a receipt which is emailed to a customer is not an “electronically printed receipt” and is exempt from these FACTA restrictions. The rationale? The court examined the dictionary definition of “printed” to determine that if the receipts aren’t literally imprinted upon pieces of paper, then the receipts may be electronic, but are not “electronically printed receipts.”
Given the prevalence of online transactions, particularly with easily hacked web-mail accounts, I have to question the wisdom of permitting easy and regular e-mailing of receipts containing all necessary credit card information. Remember, those emails can stay forever in a dormant account or even an off-site server. Missouri businesses should be aware that the 8th Circuit hasn’t yet ruled on this issue, so the law isn’t settled in this State. Nonetheless, if your customer has their information stolen from an email that you sent, even if you don’t have legal liability, the potential PR fallout could be a nightmare. Electronic and customer information security should be a top priority for all businesses, as the regulation and potential liability associated with information theft continues to grow.
Shlahtichman v. 1-800 Contacts, Inc., 615 F3d 794 (7th Cir. 2010)