Group of professionals discuss finance

Breaking news and expert analysis on legal and compliance issues

[Back To Home][Back To Archives]

From Banking and Finance Law Daily, June 9, 2014

Redbox’s requiring ZIP codes from consumers using its kiosks did not violate California Credit Card Act

By Thomas G. Wolfe, J.D.

A retail company’s collection of consumers’ ZIP Code information in connection with the consumers’ rental transactions for movies or video games at the company’s self-service kiosks did not violate California’s Song-Beverly Credit Card Act (California Act), the U.S. Court of Appeals for the Ninth Circuit has ruled. The Ninth Circuit determined that Redbox Automated Retail, LLC’s collection of the consumers’ ZIP Code information fell within a statutory exception to the California Act’s prohibition against retailers obtaining personal identification information for credit card transactions because the consumers’ credit cards were used as a deposit to secure payment in the event of loss or late return (Sinibaldi v. Redbox Automated Retail, LLC, June 6, 2014, Clifton, Circuit Judge).

In reaching its decision, the federal appellate court affirmed the dismissal of the consumers’ proposed class action.

Background. Redbox Automated Retail, LLC owns and operates bright-red, self-service kiosks throughout the United States, including California, for the rental of movie and video game discs by consumers. A consumer uses his or her credit or debit card at the automated kiosks to pay the applicable charges for the rentals.

Redbox requires consumers who obtain the discs from the kiosks to provide their ZIP codes to the retail company. Typically, after selecting one or more titles and proceeding to the check-out screen, a consumer is “prompted to swipe a credit or debit card through a built-in card reader.” Next, the kiosk screen displays the following statement: “For security reasons, please enter the ZIP code associated with your card’s billing address, and press ‘ENTER.’” To conclude the rental transaction, the consumer enters a 5-digit number. When one day’s worth of transaction charges clears, the kiosk then vends the selected titles to the consumer.

When a consumer returns the selected movie or video game disc(s) to the kiosk, the consumer’s credit card is charged for any additional days beyond the initial one-day rental period—up to a maximum amount. Since any additional charges are processed automatically from the card information on file, the consumer is not required to swipe his or her credit card or enter a ZIP code upon returning the rentals.

Consumers’ complaint. In their proposed class-action complaint, the named-plaintiff consumers alleged that Redbox violated the California Act’s provision (Cal. Civ. Code §1747.08) prohibiting retailers from collecting personal identification information in connection with credit card transactions. More specifically, section 1747.08 of the California Act provides that “no…corporation that accepts credit cards for the transaction of business shall…request, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to provide personal identification information.”

As observed by the Ninth Circuit, the California Supreme Court previously held that a ZIP code constituted “personal identification information” within the meaning of section 1747.08 of the California Act. Accordingly, the consumers’ complaint claimed that since Redbox’s request for a ZIP code prior to completion of the consumers’ rental transactions at the kiosks was a request for “personal identification information” within the scope of the California Act, Redbox had violated California law.

Trial court’s ruling. In granting Redbox’s request to dismiss the consumers’ class action complaint, the federal trial court ruled that the California Act’s prohibition did not apply to transactions at Redbox’s self-service kiosks because, “in light of the potential for fraud in such transactions, the legislature could not have meant for them to fall within the statutory privacy protection scheme.”

The consumers appealed the trial court’s ruling to the Ninth Circuit, contending that the California Act’s prohibition—under section 1747.08—against retailers obtaining personal identification information for credit card transactions applied to Redbox’s kiosk transactions because “they are in-person, card-present transactions that present less risk of fraud than online purchases.”

Ninth Circuit’s analysis. Notably, the Ninth Circuit declined to address whether the kiosk transactions presented less risk of fraud under the California Act than online purchases. Instead, the federal appellate court’s analysis focused on section 1747.08’s exception for deposits to secure payment.

The court noted that section 1747.08’s prohibition did not apply under certain circumstances. For instance, according to another subsection setting forth exceptions (Cal. Civ. Code §1747.08(c)(1)), the general prohibition against obtaining personal identification information for credit card transactions does not apply if the credit card was used “as a deposit to secure payment in the event of default, loss, damage, or other similar occurrence.”

In examining the particular statutory exception to the California Act provision, the Ninth Circuit noted that the California Supreme Court had not yet “addressed the scope of that exception.” Consequently, assuming—without specifically deciding—that the Redbox kiosk rental transactions were subject to the California Act’s prohibition (§1747.08(a)), the Ninth Circuit determined that the California Supreme Court would hold that Redbox’s collection of personal identification information would be exempt under the California Act (§1747.08(c)(1)).

In affirming the dismissal of the consumers class action, the Ninth Circuit stressed that: (i) since the consumers’ use of credit card and debit card information at the kiosk permitted Redbox to collect any additional amount owed in the event that a consumer keeps the movie or game disc for additional days, or in the event that the disc was never returned, the card transactions were being used as “a deposit to secure payment in the event of default, loss, damage, or other similar occurrence” under the statutory exception; (ii) other vendors besides Redbox, such as rental car companies and hotels, may use a consumer’s credit card to secure payment in multiple ways; (iii) the dictionary definition of “deposit” supports “a broader reading than that which Plaintiffs propose”; and (iv) no breach of the agreement between the consumer and Redbox is required for the statutory exception to apply.

Dissent. Circuit Judge Stephen Reinhardt filed a dissenting opinion, maintaining that the statutory exception was not satisfied and that the “overriding purpose” of the California Act was to protect consumer privacy.

The case is No. 12-55234.

Attorneys: Daniel H. Qualls, Robin G. Workman, and Aviva N. Roller (Qualls & Workman, LLP) for John Sinibaldi. Christopher P. Ridout, Devon M. Lyon, and Caleb L.H. Marker (Ridout Lyon & Ottoson, LLP) for Nicolle DiSimone. Donald J. Kula, Thomas L. Boeder, Amanda J. Beane, and Eric D. Miller (Perkins Coie, LLP) for Redbox Automated Retail, LLC.

MainStory: TopStory CaliforniaNews CreditDebitGiftCards IdentityTheft Privacy

Banking and Finance Law Daily

Introducing Wolters Kluwer Banking and Finance Law Daily — a daily reporting service created by attorneys, for attorneys — providing same-day coverage of breaking news, court decisions, legislation, and regulatory activity.


A complete daily report of the news that affects your world

  • View full summaries of federal and state court decisions.
  • Access full text of legislative and regulatory developments.
  • Customize your daily email by topic and/or jurisdiction.
  • Search archives for stories of interest.

Not just news — the right news

  • Get expert analysis written by subject matter specialists—created by attorneys for attorneys.
  • Track law firms and organizations in the headlines with our new “Who’s in the News” feature.
  • Promote your firm with our new reprint policy.

24/7 access for a 24/7 world

  • Forward information with special copyright permissions, encouraging collaboration between counsel and colleagues.
  • Save time with mobile apps for your BlackBerry, iPhone, iPad, Android, or Kindle.
  • Access all links from any mobile device without being prompted for user name and password.