Redbox Customers Discover Typing In Zip Code Might Be Pretty Much Pointless

When you scan your credit card on a Redbox kiosk, the system prompts you to type in your zip code. That’s to verify that you’re you and not someone who picked up your credit card on the sidewalk and decided to go crazy renting DVDs for $1.20 per night. Right? Well, maybe not.

A viewer of CBS Sacramento discovered that he could type in pretty much any random five-digit number and the kiosk would let the credit card transaction go through. So why does Redbox ask for it?

This is a particular concern in California, where it’s illegal for businesses to collect their customers’ zip codes unless there’s a legitimate reason to do so. For example, credit card verification. If Redbox is collecting zip codes for customer research, that isn’t just lying: it’s illegal.

Interestingly, Redbox refused to comment on why they’re collecting zip codes.

Call Kurtis: Redbox Kiosk Security Flaw Exposed In ZIP Code Use [CBS Sacramento]