A recent California court ruling is expected to elevate the risks of credit cardholders to identity theft and fraud. The dispute involved the current practice of retail stores from soliciting zip codes from customers. Store owners were accused of asking customers of their zip codes in the guise that it is required to complete card transactions. The prosecutors alleged that the zip codes in reality were being collected by retailers and eventually sold off to companies who would later on pair the zip codes with customer names to identify home addresses with precision.
The court however dismissed charges since the practice does not constitute an act that violates a person's privacy. According to the court, zip codes are not unique characters that are customized to any one individual. Allegations that zip codes can be matched with names to arrive at an accurate home address were also downplayed.
Earlier state statutes have provided sufficient protection to customers from unwanted collection of personal information such as home addresses and phone numbers. The original design of the bills was to stop companies from collecting customer information that could put cardholders at great risk. For some time it had effectively served its purpose, but companies have become more savvy and resourceful and can now pull up a customer's background information using what seemingly looks like unimportant entries.
Consumers by and large are unaware of the dangers of this practice since they are accustomed to providing zip codes in certain transactions such as when they fill up for gas. Unmanned gas stations would normally ask for zip codes from customers for security reasons before cardholders can swipe their cards. The zip codes are not shared with gas stations owners and are wired directly to credit card issuers. In this type of situation, consumers know that their zip codes are being used purely for confirmation purposes.
Retailers, however, ask for customers' zip codes making them believe that it is a protocol for credit card transactions. In reality, store purchases need not require disclosure of zip codes and collection of such is unnecessary to enable purchases. The real beneficiaries of this practice are companies that buy the zip codes from store owners and use them to identify addresses.
To underscore the potential hazards of this intrusive practice, in 2007 and 2008, TJX Companies reported that hackers were able to infiltrate their database system containing clients' credit card account numbers, home addresses, phone numbers and other pertinent information. What followed thereafter was massive identity theft and fraud that affected businesses the world over.