California Senate Democrats voted today to remove a critical safeguard against credit card fraud that will result in more data breaches. Senate Bill 383 by Senator Hannah-Beth Jackson (D-Santa Barbara), which was substantively amended this week, makes it easier to sue Internet retailers if they don't comply with undefined requirements for handling their customers' personal information when they purchase downloadable goods and services.
"I want to protect consumers but that's not what this bill will do," said Senate Republican Leader Bob Huff (R-Diamond Bar.) "Forcing online sellers to delete consumer information without saying when to do it makes it harder to protect online consumers. In recent weeks there have been numerous reports of massive data breaches at Target, Neiman-Marcus, and Michaels Stores which led to fraudulent charges and identity theft. Fraudulent charges on this scale can cost consumers, retailers and financial institutions potentially hundreds of millions of dollars. Identity theft can result in substantial disruptions to someone's financial life, taking months and sometimes years to fix. This is the wrong time to weaken anti-fraud measures."
While Democrats claim the bill would protect consumers from fraud, it actually makes the problem worse. Requiring an online retailer to delete consumers' financial information may be a good idea, but this bill does not clearly say when that must be done. That means any online retailer that tries to comply with an undefined standard stands to lose millions of dollars in class-action litigation by trial attorneys (who strongly support the bill). The retailers' only choice is to delete the information as soon as a transaction is completed, removing any chance of being able to detect fraudulent charges in time.
In addition, many of the world's most innovative technology companies are based in California and rely on account-based business models to offer their digital goods and services to their customers. SB 383 is an attack on the technology, motion picture and financial services industries who use this technology and their consumers will ultimately suffer.
"There are a lot of great elements to this bill," said Senator Joel Anderson (R-San Diego.) "The difficulty I have is, I've done some traveling recently, and I was always pleased to receive a call from my credit card company asking if I was actually in another city where credit card transactions were made. They had a history of my credit card use and saw charges that were out of pattern. That level of fraud protection is very important to me. This bill jeopardizes that level of fraud protection. Fraudulent use of credit cards is at play here and without changes to prevent that fraud I can't support this bill as currently written."
No Republicans voted for this bill, which now moves to the California Assembly for consideration.