Attention holiday shoppers. Not sure what to buy Aunt Matilda or cousin George? A gift card allows them to buy whatever they like? Maybe. Large retailers such as Sharper Image, Bombay Company and Linens ‘N Things have filed for bankruptcy or gone out of business, leaving behind millions of dollars in unused gift cards. In bankruptcy, money left on a gift card is treated as a debt, which the bankruptcy court can decide if it is to be repaid, and how. If the retailer stays in business, the court may allow it to continue to honor its cards, but even then consumers may not get the full value. Sharper Image, for example, was allowed to continue accepting gift cards, but only if the cardholder spent twice the value of the card in a single transaction. Bombay Company was allowed to pay its gift-card holders 25 cents on the dollar. If the retailer closes its doors, it is possible the consumer’s only recourse would be to file a claim and stand in line with the other unsecured creditors.
If you carry, accept, use, issue or have anything to do with the world of credit cards, debit cards, gift cards, smart cards, stored value cards, pre-paid cards—need I go on?—you need to pay attention to DSS. That is the Payment Card Industry’s Data Security Standards that apply to all types of payment cards issued by the major card-issuing companies. The PCI DSS, in case you hadn’t heard, requires, as an example, that personally identifiable card data be rendered unreadable (truncated, encrypted, firewalled, decapitated—is anyone reading) whenever it is potentially exposed to a third party, when it’s stored, transmitted, used or processed. If you are a merchant with significant card-transaction volumes. encryption can be expensive or time-consuming or both—and no one wants to slow down transactions at the point of sale or at the point of billing. The DSS also requires audit records be kept so breaches can be detected, compromises traced and data integrity monitored. Yes, there are DSS Audit Guidelines from the PCI as well. Not to mention the fact that more than 30 U.S. states already have some form of data breach legislation that requires disclosure, notice and, in some cases, that some remedies be made available to consumers who are or potentially might be the victims of lapses in data protection.
Acquiring institutions—those financial institutions and card processors that have the relationships with merchants that accept and process cards—have until year-end to bring their systems and relationships into compliance, and some card associations are offering rewards for early compliance, but stiff penalties for delays and failure to comply.
How complex does it get? Well, imagine that a merchant opts to mask all credit card numbers, even though address information is unencrypted—but the numbers aren’t visible within any systems and therefore can’t be cross-referenced. PCI compliant? Probably? BUT, that won’t comply with Gramm-Leach-Bliley, the privacy statute applicable to banks and financial institutions that requires otherwise. What about SEC regulations regarding customer data and, of course, Sarbanes-Oxley, which says, “You must control access to your information.”
It’s enough to give anyone a headache. That’s why Rimon has a Financial Services, Corporate & Securities, Intellectual Property and, of course, an Advertising Technology & Media Law practice—so you get one seamless solution to your problems, no matter how complex the world gets.
Although many people think the Trojan Horse story comes from Homer, the Iliad ends before Odysseus comes up with the famous deception and the Odyssey occurs after Troy has fallen. It is Virgil, the most famous poet of Ancient Rome, who wrote the Aeneid that actually fills the gap. In Book II, the priest Laocoon warns the Trojans not to accept a giant wooden horse placed outside the walls and gates of Troy: “Quidquid id est, timeo Danaos et dona ferentes”—which translates into “Whatever it is, I fear Dardanians [Greeks] even when they bring gifts.” While we have come to think of a “Trojan” Horse as a form of malicious code—a computer virus wrapped in a friendly cocoon—the “Trojan” Horse wasn’t really Trojan at all: it was a Greek horse figure filled with Greek fighters who deceived and overpowered the drunken Trojans who thought it was a gift. The English expression “beware of Greeks bearing gifts” is derived from Virgil’s Aeneid.
Deception is also at the heart of legislation regulating gift cards, gift certificates, e-cards, gift codes and similar instruments—we’ll call them all gift cards in this article. Essentially plastic or electronic prepaid or stored value cards, they can be purchased or obtained by one person, freely transferred or gifted to another, used in promotions, or used by the original purchaser. Years ago, prepaid phone cards adorned the walls of gas stations and retail outlets. Today, newsstands, retail stores, the Internet are filled with them—adorning walls, displays, check-out counters, e-greeting card websites and online digital music services.
Gift cards owe their origins to pieces of paper issued by merchants allowing one person to pre-purchase value that can be given to someone else as a gift and which they can then use at an establishment to purchase goods or services available from that merchant. When you engage in a transaction with a merchant at the point of sale, you are presumed to know (or you should be able to know) the terms and conditions that apply. While there are legal exceptions, a posted sign that says “no refunds, no exchanges—store credit only” is part of the bargain you make when buying from that retailer. But what about a gift? If I hand you a gift card, how will you know what restrictions or limitations apply…the Trojan Horse!
Not limited by geography, gift cards can be used virtually (pardon the pun) anywhere. Chain store near you? Buy a gift card for your nephew across the street or across the country. Know a teenager who loves rock and roll, but prefer not sending a check for $100 and hope they head for the CD rack? Send a gift card that enables downloads, CD or subscription purchases online.