Protecting Credit Card Data – Old Laws Matter!

  • Team Omega
  • April 16, 2013

Recently the St. Louis Metro Link settled a class action lawsuit for violating the Federal Fair and Accurate Credit Transaction Act (passed way back in 2003) because they printed rider receipts back in 2010 and 2011 that still included the last four digits of the card number AND the card expiration date.  The Federal Fair and Accurate Credit Transaction Act gave merchants until 2006 to comply with limits on the amount of card information printed on receipts.  The St. Louis Metro Link’s violation of FFACTA will cost them over $100 per violation –  paid out in cash and free ride vouchers to each passenger violated for each receipt presented by riders.  Even without receipts, a rider credit or debit card statement showing transactions with the Metro Link will earn the rider 3 free round trip tickets.

Two riders of the Metro Link simply noticed that their old receipts showed the last four and expiration date and their receipts instantly became “winning lotto tickets” plus $2,500 as class representatives.  It appears as the public is becoming more knowledgeable of credit card law and breaches, they are starting to watch what you do today, and even more importantly what you did in the past.  If your company violated FFACTA or if an entity that you are considering acquiring has violated FFACTA in the last 6 years, you may want to measure your possible exposure to those violations.