The manager hinted that this was a liability issue, but it sounds to us like Safeway's employees have decided to play morality police instead of following the actual rules. Daniel sums up the problem:

The bottom line is that walking into a store and leaving without purchasing anything should never necessitate showing an ID. This policy creates that scenario and does not in any way prevent underage drinking. Loss of freedom and no added prevention. Lose-Lose.

Here's the letter he tried to send to Safeway, but they don't provide an email address on their website or in their press releases. (You can find phone numbers and a mailing address for Safway here, Daniel.)

Yesterday I decided to purchase a six pack of beer. Sure, there are liquor stores near me, but Safeway happens to be about a block from my house. So my brother and I, who recently turned 21 and promptly lost his ID, walked the fifty yards to Safeway. Upon arriving at the register with beer in hand I was asked for my ID, not a problem. The clerk then asked for my brother's ID. My brother had not touched the beer, nor had he handed me money, etc. I was taken back, after all I had made this exact purchase with my brother a handful of times already and had never been asked for his ID. I told the clerk this and he said that it was Safeway policy to ask for his ID. Needless to say we walked out of Safeway, sauntered across the parking lot and paid the same price for the same six pack at a convenience store - with no hassle.

Still irked by this today, I decided to stop by Safeway and see if I could find out exactly what the policy was. After speaking with the manager of the Safeway I walked away with a clearer view of the policy. The policy is, at the discretion of the clerk, to check the ID every person present. An additional reason, as the manager explained to me, was one of liability.

On the surface this sounds like a reasonable policy. However, upon further thought, it is far from reasonable.

To begin with, checking the ID of every person present does not stop underage drinking. Hell, the manager himself suggested I have my brother wait outside next time. Also, I'm pretty sure that if the clerk asks for ID and I show it to him, the liability of the store stops right there. To say it does not means that Safeway is responsible for what I do with the beer after I buy it.

The main reason this upsets me is the need for someone that isn't buying anything to show ID. If a mother and her prepubescent son walk into Safeway and she buys a case of beer, do you card the son? Clearly (I would hope) not, because there is no indication that the son is going to be drinking the beer. I'm interested, based on appearance alone - what criteria do you use to decide if that person with the alcohol purchaser is going to be consuming it? If my underage Mormon friend, who doesn't drink alcohol, tags along for the purchase am I to be denied buying alcohol? There are all sorts of scenarios that can be described that destroy any sound purpose for this policy.

The bottom line is that walking into a store and leaving without purchasing anything should never necessitate showing an ID. This policy creates that scenario and does not in any way prevent underage drinking. Loss of freedom and no added prevention. Lose-Lose. You're also losing all of my business until I have in writing that his policy has been revoked.

If even the manager acknowledges that it's a trivial "security measure" that a customer can get around so easily, why not just put an end to it?

(Photo: Getty)

My wife showed the cashier her license, which was behind a clear window in her wallet. He said, “No, please hand it to me.” We both assumed he just wanted a closer look. Once he had it, he immediately picked up a barcode scanner and scanned the back of her drivers license. I asked him what that was all about, as I had never seen anyone do that before. Almost bragging that Target now knows, for example, exactly where we live, he explained that the scan “gets all the information off of the license.”

Thruhike98 wants to know why Target needs all of this data, and so do we. As he points out in his blog post, it's possible that by scanning the card they're creating verifiable evidence that they performed the required ID check—but in the meantime, the customer has just inadvertently given up all of his license data to a faceless corporation. (One that won't even respond to Thruhike98's email asking them about the practice.)

We'd like to know whether Target retains all of the data they scan off the license, and if so, why?

"Target Must Record My Organ Donor Status to Sell Me Wine?" [Thruhike98]
(Illustration: Getty)

Rebecca got one of those calls from her mother that everybody dreads. "Is there anything you think you should tell me?" her mother wanted to know. Rebecca's mom got a piece of junk mail with Rebecca's first name and her boyfriend's last name and was under the impression Rebecca had snuck off for a Vegas wedding. She hadn't. After Rebecca calmed her mother down, she tried to figure out how Rite-Aid, where both had worked for a time, had merged her name and her boyfriend's. When Rite-Aid gave her the run around, we advised Rebecca to try an EECB to get some answers. Read her email, inside.

To The Board of Directors:

Good Morning. I am sure you can help me with a little problem that I am having with your company.

Last Friday, my mother received a piece of mail from your company's current promotion regarding the "gas giveaway" if I switched my prescriptions to you. Annoying as any other piece of junk mail is, this one was particularly disturbing. It was addressed as:

Rebecca J*****
[redacted]
[redacted] CT

My mother called me where I live, in Vermont, and told me of the mail that I had gotten. It turns out, my last name isn't J*******, it's F*******. My boyfriend's last name is J*****, though. When she called me, she was extremely agitated and excited (and not in a good way), over the fact that I had gotten married behind their backs. My mother had just gotten out of the hospital with congestive heart failure and a massive infection, and the last thing that she needed was to be excited.

I spoke with one of your customer service representatives on Monday, and she assured me that I would get a call with someone from "corporate" yesterday. I waited all day without a call. She told me that the marketing comes from the pharmacy division. My boyfriend hasn't had a prescription filled at a Rite-Aid in two and a half years, the time we've been together.

We both worked together at Rite-Aid, but never once marked myself as being "connected" to him, except by address.

I cannot figure out how my first name got linked with my boyfriend's last name. Simply what I am asking for help with is to find out where this came from.

If you could help me, it would be greatly appreciated. I simply want to know where this name came from, so I can get it removed, and make sure it doesn't happen again.

And about the piece of mail? If your pharmacy can't even get my name right, and is linking me to other people I'm not even related to (yet), how can I trust them to get my prescriptions right? More than likely, I will never do anything personally identifiable with Rite-Aid again. I was once a loyal shopper, but if this problem cannot be solved, I may never shop there again.

Thank you for your time, and for reading my email.

Looking forward to your response,

Rebecca

It's one thing if a customer loyalty program gets confused about your name. Irritating, but unlikely to actually hurt you. It's another thing completely if the pharmacy decides you'd be better off married and starts sending junk mail to your mother's house in another state. If the pharmacy makes such an appalling, counter-intuitive mistake about what name to use on annoying junk mail, how badly are they going to screw up your prescription? If you're having trouble with Rite-Aid, the link with tips for sleuthing corporate contact information is here.

(photo: Clean Wal-Mart)

Remember TJX's gigantic security breach problems last year, where data on 94 million accounts was stolen? Good for you, because apparently TJX doesn't. A former employee of a TJX store in Lawrence, Kansas was fired recently for posting anonymous complaints online about the current sorry state of his store's security, which included the store manager writing server login and password information on a sticky note, and the store resetting employee passwords to blank fields.

According to The Register,

Benson's May 8 posting was prompted by news that managers had changed the password for employees to access the store server. Inexplicably, it was set to blank. When Benson first began working for TJX, his password was the same as his user name, he said. Then came word in January 2007 that unknown hackers had brazenly intruded on the company's network over a 17-month period. For a time following the disclosure, TJX employees were required to use relatively strong passwords. The change to a blank password clearly represented a step backward, Benson thought.

TJX says the former employee divulged confidential information, but Benson claims that he's acting as a whistleblower to get them to improve their security:

"My information is still on that server," he continued, referring to the machine that sits in an office at the TJ Maxx where he once worked. "So if their network is insecure, then my information is insecure. I'd prefer they get it fixed."

"TJX employee fired for exposing shoddy security practices" [The Register] (Thanks to Will!)
(Photo: crazytales562)

I am a current RS manager in standing, so I'll renege on giving out my name, however, the actual reason for requiring names and addresses is very simple. First, it is listed on the back of every reciept. So it is part of official policy. Second, the rest of our return process is very I suppose lax if nothing else, our products may be returned at any of our stores, following simple rules that are spelled out.

Now the reason the N&A are needed is because it prevents a LARGE portion of theft which is both internal (as spelled out from one of your posters in the comments) and external such as a snatch and grab. If an item is taken from our store, a customer may attempt to return it at several locations around the city as there are numerous radioshacks around, but this is a very big issue, since beyond the name and address, we are liable on our end for issuing the customer credit for potentially stolen merchandise.

This of course is not saying that 99.999 % of our customers are abusing our return policy, but without this, because of our ability to go the extra step, and take care of you, we as a corporation must protect our assets. This also prevents smash and grabs from cars in mall parking lots, as thieves have stolen out of vehicles and attempt to return the items in the store.

The biggest misconception seems to be against a corporation protecting it's items against theft. We in no sense require ID for a purchase (barring unsigned CC purchases) but it HAS to be required since we will help you with out a reciept if at all possible. Since we as a company do attempt to resolve returns in many cases without reciepts, we do have to have some basic measure of fraud protection.

That customer more than likely could have gotten cash returned if needed without the reciept, but in common sense, a store just won't hand out money over the counter without a ticket showing why the money is leaving.

On top of that, we also need the information to verify vs the signature on the return slip, since we have dealt with people stealing from relatives it also helps during holidays where a daughter may try and return something their parents bought to the store, and if the parents come in asking, or we have some one else complaining that they were not the person returning the item, we at least have some paper work showing who did.

Oh, and as an FYI, the Name and Address is actually for warranty info since a bunch of our small parts, batteries, and such have a limited 90 warrenty. If you have like a battery blow up, we can look up your purchase and hand you a new pack. We recently started a lifetime guarentee with some of our AV cables. We have in every store on at least one register a giant 8 x 11 sign stating our name and address policy. We specifically mention the only people that have your info is the company and related parties (if you sign up for ATT it goes to ATT, if you sign up for Dish, it goes to Dish, If you sign up for Greendot prepaid, it goes to Greendot).

Once again, very basic items that have been blown out of proportion. I cannot deny that we used to years ago, but when we stopped doing it, traffic dropped due to customers no longer recieving the RS catalog (That was huge for many many parts nuts). It's a juggling act, so now we ask for it, it's not required for most types of purchases (contractual, prepaid, and service plans are examples of required), and the actual info just goes into a system that we can use to look up your old tickets if you have problems with your items. The last thing we want is to not be able to help our customer find a resolution.

Certain items like routers can be purchased at any electronics store, and then you run into the potential of having shoplifters hitting up one type of store and returning it at another. If we have the capability of preventing this, all in all, everyone can shop a little safer.

We're not sure how any of this is less complicated than keeping track of store inventory and requiring a receipt for all returns. The refund-without-a-receipt policy is the sort of goodwill gesture that this writer feels mainly benefits the careless consumer at the expense of the rest of us, so by all means, do away with it if it will bring an end to ID requirements for receipt returns, particularly for items paid for with cash.

RELATED
"RadioShack Won't Give Refund On Cash Purchase Unless You Show Your Papers"

Carolyn writes:

I walked into the Dunkin' Donuts and there were three people ahead of me in line. The first two were two girls, who were together. One asked for a free iced coffee, and the guy behind the counter asked her for ID.

She asked why he needed it, and he responded that she had to be over 18 to receive the free coffee. She asked if he was serious, and said she didn't have any ID.

At that point, those of us behind her in line started saying that we'd never heard of that rule, and I said that I'm a high school teacher and many of my 14-year-old students today had gotten free iced coffee.

He replied that he didn't make the rules, and the girls left.

The woman ahead of me and I then pulled out our IDs to get our coffee, but he said he didn't need to see them, it was just that those girls looked so young to him.

How odd! Let's look at Dunkin' Donuts Brand Marketing Officer Frances Allen's description of free iced coffee day:

We look forward to treating everyone to a free cup of our delicious, freshly brewed iced coffee on May 15.

Not everyone who look over 18. Not everyone with ID. Everyone!

We called the Dunkin' Donuts on 2nd Avenue and said that we were 17 and in need of free iced coffee. They told us to get lost, adults only. For the hell of it, we called two more Dunkin' Donuts' down the block. Neither is carding customers, and one told us to "bring the kids."

According to the corporate office, free iced coffee day is for everyone. They're trying to track down the franchisee to work out a solution. Another free iced coffee day seems in order. Kids only.

(Photo: cheesebikini)

You might have a harder time finding kosher meat in the coming weeks, because the country's largest kosher meat packing plant, Agriprocessors, was raided this past Monday. At least 300 of its nearly 1000 employees were arrested for using fraudulently obtained Social Security numbers, and immigration officials have said they expect the number to go as high as 700.

Agriprocessors is located in Postville, Iowa, which might seem like an odd place for the nation's largest kosher meat packing plant:

About 200 Hasidic Jews arrived in Postville in 1987, when butcher Aaron Rubashkin of Brooklyn's Crown Heights neighborhood reopened a defunct meatpacking plant with his two sons, Sholom and Heshy, just outside the city limits. Business boomed at the plant, reviving the depressed economy while pitting the newcomers against the predominantly Lutheran community.

"Iowa meatpacking plant raided in ID theft investigation" [USA Today]

RELATED
"Immigration Authorities Arrest Hundreds in Raid on Nation’s Largest Kosher Meat Plant" [Forward]
(Photo: Getty Images)

Here's MGD's email to us:

I wanted to advise your that the fraud charge from prophotosland.com is part of a massive fraud operation perpetrated by an organized crime syndicate operated from Eastern Europe. This long running multi-year fraud operation has been hijacking millions of dollars a year from consumers debit and credit cards, virtually undetected by the financial institutions. They utilize an elaborate scheme that takes advantage of several weaknesses in the merchant account vetting system. The criminal enterprise is driven by the ability to obtain vast amounts of consumer card data.
 
I have been tracking and documenting this crime syndicate for almost three years, and have several hundred hours of research into the project. prophotosland is a subdivision documented here:
 
"fraud: www.prophotosland.com & www.photogey" [dslreports]
 
However, the master story of the criminal enterprise is here:
 
"Ebook websites, fraud charges, Devbill/DigitalAge/Pluto" [dslreports]
 
A few months ago Shaun Waterman, the UPI Homeland and National Security Editor ran a story on one aspect of the case which was published here:
 
"Analysis: Detroit trial shows cyber-scam" [UPI.com]
 
Recent victims of this fraud have included US military personnel including many stationed in Iraq, Kuwait, Saudi Arabia and Germany. There has been many reported cases of hardship as a result of having to cancel their cards due to their location. There are numerous military victim reports on the net. The first reports began shortly after rangerjoes.com database was hacked by these criminals. Many of the overseas victims had purchased supplies from there before heading offshore. Military victim reports began to show up around here:
 
Military reports on main thread [dslreports]
 
and in numerous other places on the net. Mostly under searches of the phone numbers from the fraudulent sites as they were listed on the line item charges on the statements.
 
Regards,
MGD

I just noticed a charge for $9.87 on my WAMU VISA card from someone called prophotosland.com. I had no idea who or what that was, so did a quick google search hoping to jog my memory. What I found was quite a few websites complaining about the same mystery $9.87 charge from the same company and talking about how they couldn't manage to speak with any live person at said company.
 
So I skipped right to calling WAMU to report this fraudulent charge. The person I spoke to expressed no concern at my story and promised to send me a charge dispute form in the mail. I asked her if I should worry about the fact that this is clearly not an honest mistake and she said it was nothing to worry about unless they charge my account multiple times. I asked her what about the phenomenon of multiple people having the exact same fraudulent charge on their accounts and she said WAMU could do nothing about it.
 
I find it a bit ridiculous that I have to sit around waiting for her to put this form in the mail to me (as opposed to having something built into their website) and that I have to go to the trouble of "disputing" the charges from a documented fraudulent company. I don't expect to have any problem with the dispute, but it's still a bit irritating.
 
Anyway, you might want to warn your readers to look out for this $9.87 charge... it's small enough that I imagine people who use their cards often won't really notice the difference unless they're paying attention.
 
Thanks!
Megan

I too like other readers had signed up for this service. After a few months (and a few $14.95) charges, I decided their service wasn't worth it. I have no issue with the money spent, that is my fault..
 
However, when I went to cancel my monthly subscription, the first thing the operator asked for was my SSN... not the last 4, but the full SSN.. Why in the world would a company who's job it is to alert you to credit issues ask for something like that? I mean, one of their services they offer is related to identity theft.
 
But it gets worse...
 
After the CSR was able to (through some sort of magic or wizardry) pull up my account via my phone number, in oder to "verify" who I was, she wanted my mother's maiden name !!!! After being on-hold for 20 minutes while she escalated to a manger, the call was disconnected..
 
Can you imagine the audacity of a company who's job it is to "protect" your credit report and help with identity theft asking for full SSN and Mother's maiden name? Keep in mind, all I was trying to do was cancel a subscription to a credit monitoring agency I was able to register on-line with...
 
I then called back in, and this CSR was able to cancel my account with my phone number and birthday (yes, he too asked for my SSN and mother maiden name, but again, through some magic he pulled my account using other info. I will say, while he tried to up-sell me, (Sir, I realize you think this service is ineffective, but for only 29.95 a month you can add this service and get more info) and then tried to convince me that I still had some time left on my account, and I should call back closer to my billing date to make sure I got full utilization , I stood strong and insisted on canceling my account..
 
I think I will be checking my credit card to make sure they canceled it...

Dear Consumerist,

I stopped in my local East York Wal-Mart in PA on 3/22/08 around 12:00 pm to pick up an Easter gift for my daughter. I went to the electronics department to pick up the Rock Star video game for the PS3. They did not have any on the sales floor so I asked a sales associate named John if there was any in the back. John went to the back and brought one out. John told me that the purchase must be made in the electronics department. As if I would have walked out with it without paying for it. I guess this policy only affects the PS3 version of the game. If I wanted a 360 version I could have picked it up off the shelf and paid for it up front since I did have some other shopping to do.

No big deal I will just pay for it in the electronics department as I was told. So John rang me up and paid with a my signed credit card. I signed the signature pad at the register. John gave a brief glance to the back of my credit card and asked to see an ID.

A little bit about me: I have worked with credit card processing and acceptance for a government agency for several years. And also worked with law enforcement agencies in regards to credit card and identity theft. And also provided training to them on this very subject.

I know that the less personal information you give out in a store or online the less likely your credit card or identity will be stolen. So I have a State Issued ID what has my picture, my name, and my signature. Everything that is needed to confirm that is my card. But, all of the other info such as address, birth date, license number has been blocked out for security reasons and are not used to confirm the rightful card holder. Since some of those things can be used with the credit card number and CVS number to complete a fraudulent credit card transaction.

John told me "This is not a valid ID and you can not use it". I told him that was no where in any credit card processing agreement that asks you to view a persons address, DOB, or licensee number before completing a credit card sale. So he called over another sales associate and asked him. He said basically the same thing probably out of not wanting John to look bad. So I explained that I would be informing Wal-Mart headquarters about this to make sure this is their policy. John said "I will have to call a CSM". Now keep in mind that I already paid for the item and he at this would not give me back my credit card or ID.

After waiting around for about 5 minutes I made a decision that I now regret. I showed him another ID that had all my info on it. I just wanted get out of there and do the rest of my shopping. Now John tells me that since I will be calling Wal-Mart headquarters I have wait for a CSM. I was like "WHAT?" John will not give my credit card and 2 forms of ID back until he talks to a CSM. A few minutes later a CSM showed up and basically agreed with John. Then John said "since I showed another ID it was okay "

I regret giving up most of my personal information. I should have stood my ground. I did think about just leaving with my purchase and calling the police to get my credit card and ID back. But the police have better things to do.

Regards
Steve

(photo:SIRBERUS)

"Patients' Data Stolen, Hospital Says " [New York Times]
(Photo: alexstaubo)

One reader, Meiran, put it this way: "I'm rather impressed by their reaction, it seems like most modern companies would attempt to push this under the rug and pretend it didn't happen, leaving customers to wonder what those strange charges on their statements are."

According to Wikipedia, the company is mostly owned by McDonald's and Coinstar, so it's not like this is an example of a start-up that's never encountered the heavy hand of corporate influence. This means Redbox's board of directors intentionally chose to be proactive on the matter. They seem to have figured out something that lots of other companies still struggle with, which is that if you empower your customers to help protect themselves, they'll help protect you, too. We wouldn't be surprised if the next time a skimmer is detected, the alert comes from a customer who remembers Redbox's email.

"Redbox Security Alert - Credit Card Skimmer Attempt" [redbox](Thanks to everyone who sent this in!)

RELATED
"Redbox Warns Customers about Credit Card Skimming" [Hacking Netflix]

I wanted to inform consumerist that the manager from the Apple Store at Stonestown called me back to apologize about the incident and to invite me back to the store. She apologized for the employees making ID a requirement of purchase and that they were doing it to protect from fraud. She then mentioned that they understand they were not following the merchant agreements but will do so here on out. I will go back to make my purchase!

Thanks for your support,
Ignacio

(Photo:PhotoMarkR)

Mr Jobs, and Mr Rhodes,

The Merchant, Apple Inc., at Stonestown Galleria Required California ID as a condition to accepting my Credit Card as payment.

From previous experiences, I have learned that many occasions have occurred where the consumer's identity becomes compromised because merchant's ask for ID and the unknowing consumer gives his ID, which includes his home address and DL#. That is why Merchant's such as VISA/MC have policies that protect consumer's rights. If your Credit Card is signed it is valid, and the Merchant must not require customer's to provide ID as a condition of purchase. My Concern is my personal security and other's that shop at Apple Store.

Cardholder ID
Although Visa rules do not preclude merchants from asking for cardholder ID, merchants cannot make an ID a condition of acceptance. Therefore, merchants cannot refuse to complete a purchase transaction because a cardholder refuses to provide ID . Visa believes merchants should not ask for ID as part of their regular card acceptance procedures. Laws in several states also make it illegal for merchants to write a cardholder's personal information, such as an address or phone number, on a sales receipt. P. 29, Visa Merchant Card Acceptance Policy

I gave the merchant at 3251 20th Avenue, Space 235, San Francisco, Ca, 94132 both my Citibank Visa and Citibank Mastercard and the merchant refused to accept them both as payment because I refused to provide them with my Driver's License. Also from previous experience I know that they record your DL# for every Credit Card transaction. Why does Starbucks and other retailers train their employee's not to ask for ID and Apple Inc has entire stores who don't know what a merchant policy is?

The reason that I provided both my Mastercard and VISA is because they both have similar policies, and Mastercard even has a webpage to submit policy obstructions to.

I entered the store and proceeded to an employee to make my purchase, the employee asks for ID and because I was in a hurry I showed him my University ID so I could get done with it. In and out. Well he says sorry I need to see California ID, and I responded, "I am sorry you are not getting that, My Mastercard is signed and that is all you need." He said he couldn't process my transaction so I gave him my VISA card and he still said no. I asked him for his manager because I was sure that Apple Inc., informs their Sales Manager's about Merchant policies and laws. Well Paul [redacted] comes back and isn't any help and tells me that he won't accept my cards with out proper identification for my security and protection. I tell him I'm doing fine and my cards are signed and verified. He can call the bank if he wants to verify anything. He doesn't process my transaction and I take his information.

When you buy online, or visit a restaurant.. A big sign for ID verification isn't showing up anywhere because of merchant agreements. The fact that he didn't take his time to show me some corporate policy on this and just let me leave unsatisfied after he gave me his business card was very disappointing. Many companies either don't have written ID Request policies or have written policies that employee's must not require ID or ask for ID at POS. The fact that I know they record DL#s on the little hand held they have for every credit card transaction made me wonder if everyone else knew they were willingly handing over their personal information. I like to use my Credit Card for all the transactions I do because of the protection I get from Citibank, Sure I had cash but that is beyond my purpose.

I called 1-800-VISA-911 immediately and they forwarded me to my card issuer. After the run around Citibank told me to first to call Visa, that the merchant had the right to refuse my card, and then they finally escalated me because I wanted an explanation as to why they didn't want my business. Finally a Rep (Roxanne), said she would highlight my agreement in the correct places so I could see that the merchant could reject my cards. Wow, UNBELIEVABLE! Prior experiences with Citibank will leave me waiting for that response indefinitely, especially because I know what the merchant agreement says.

California Civil Code 1747.08 States that the merchant isn't prohibited from asking for ID by law, which bluntly says CA doesn't care if they ask/don't ask for ID, as long as they follow certain guidelines if they do. Unfortunately these merchant's are in Agreement's with VISA/MC not to ask for ID. Also this Merchant periodically takes down individuals DL# with every CC transaction at their locations. They broke the merchant policy and were going to break the California civil code for every transaction in the store that is taking place with a credit card.

CALIFORNIA CIVIL CODE 1747.08
(a) Except as provided in subdivision (c), no person, firm, partnership, association, or corporation that accepts credit cards for the transaction of business shall do any of the following:

(1) Request, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to write any personal identification information upon the credit card transaction form or otherwise.
(b ) For purposes of this section "personal identification information," means information concerning the cardholder, other than information set forth on the credit card, and including, but not limited to, the cardholder's address and telephone number.
(d) This section does not prohibit any person, firm, partnership, association, or corporation from requiring the cardholder, as a condition to accepting the credit card as payment in full or in part for goods or services, to provide reasonable forms of positive identification, which may include a driver's license or a California state identification card, or where one of these is not available, another form of photo identification, provided that none of the information contained thereon is written or recorded on the credit card transaction form or otherwise. If the cardholder pays for the transaction with a credit card number and does not make the credit card available upon request to verify the number, the cardholder's driver's license number or identification card number may be recorded on the credit card transaction form or otherwise.
(e) Any person who violates this section shall be subject to a civil penalty not to exceed two hundred fifty dollars ($250) for the first violation and one thousand dollars ($1,000) for each subsequent violation, to be assessed and collected in a civil action brought by the person paying with a credit card, by the Attorney General, or by the district attorney or city attorney of the county or city in which the violation occurred. However, no civil penalty shall be assessed for a violation of this section if the defendant shows by a preponderance of the evidence that the violation was not intentional and resulted from a bona fide error made notwithstanding the defendant's maintenance of procedures reasonably adopted to avoid that error. When collected, the civil penalty shall be payable, as appropriate, to the person paying with a credit card who brought the action, or to the general fund of whichever governmental entity brought the action to assess the civil penalty.

I would like to bring to the merchant's, card issuer's, network managers, and fellow consumer's attention that rules and regulations to protect the consumer's are not being executed at the reported Apple Store, and at many merchants across the U.S., and that many bank Customer Service Reps, not limited to Citibank, do not have the correct procedure or knowledge on handle these incidents of privacy. I would like to request that some communication is made with the location mentioned to make sure they don't ask for ID. I really need to buy something.

Thank you,

Ignacio

MasterCard Merchant Manual (PDF) [Mastercard]
Paying by Credit Card or Check: What Can Merchants Ask? [Privacy Rights Clearinghouse]
(Photo:C.Barr)

"The customers came in and evidently he took down their credit card number and expiration date," said Jim McDonald, manager of the gas station. "He was working with another employee. When the other employee left at 9 p.m. he bought himself three prepaid debit cards and since he had the credit card number and expiration date, he could manually enter it."

McDonald said Saumur bought one $100 card, and two $50 cards.

"Gas Attendant Accused Of ID Theft" [MSNBC]
(Photo: Getty)

At epassportphoto you upload your photo, crop it according to your country's standard guidelines, and save the resulting 4x6" image—that's six 2x2" ID shots—to your computer to print wherever you like, whether it's at home, from an online service, or at that same CVS with the myopic camera operator.

Not only will you be able to control the photo lighting and quality (and retake the photo until you're happy with it), but you'll have four more 2x2" shots than you get for $8 at CVS or Walgreens. And if you need any more incentive to cut the drugstore out of the process, consider that they also produce sets of six photos at a time—they just refuse to give you more than two unless you pay extra:

While we waited for the photos to print out, I saw (with my own eyes) that the photographs were printed on a 4″ x 6″ photo paper - and there were 6 copies on it. Then the dude coolly cut away 4 copies, disposed them, and handed us the remaining two copies.

Iron Mountain says it's been missing for a while, but that even if it was stolen it should be hard to access data on it:

In a statement, Iron Mountain said it notified GE Money of the missing tape in October, and added that there has been no evidence suggesting that the identity of any person had been compromised.

"We believe this is an unfortunate case of a misplaced tape," Iron Mountain's statement said. "We also understand the tape was created in such a manner to make unauthorized access extremely unlikely and difficult, even for experts with specialized knowledge and technology."

Data Lost on 650,000 Credit Card Holders [AP]

RELATED
"Major Retailer's Data Breach Results In Wave Of Credit Card Fraud"
"Shenanigans With Chase Credit Cards?"
(Photo: Getty)

For more information about the Read ID Act and its implications to your personal privacy, you can check out the Electronic Frontier Foundation's website. Here's some more info from the ACLU.

For those of you who don't like to comment on things you haven't read, (there must be at least one of you out there), we've included a link to the DHS's 40 page PDF about the issue. We're going to read it before we comment. You do as you wish. —MEGHANN MARCO

Minimum Standards For Driver's Licenses And Identification Cards Acceptable by Federal Agencies for Official Purposes (PDF) [Department of Homeland Security]
Tell the Department of Homeland Security that REAL ID is a Real Nightmare [ACLU]
Submit Comments to DHS Opposing REAL ID — Deadline May 8! [EFF]

Kim writes:

When I finally reached a human being at MSN, they said the only way they'll tell us the password is if Dad can tell them the last four digits of the credit card to which he originally had the account billed. But he's changed American Express cards a couple times and can't find that old card. Call American Express, MSN says. Ok. The first woman I reach at American Express tells me they can only tell me the old 4-digit account number if I can read her the security code from the card. DUHHH. If I had the card, I wouldn't need to call and ask her the last four numbers!

I've been dealing with a NIGHTMARE with my Dad's MSN account. I know lots of people have written stories about how impossible they are, but if you need grist for another one: My Dad, who is currently 79 years young, signed up for an MSN email account maybe 5 or 6 years ago, and had it billed to a corporate American Express number. Time moves on...Last week he had some computer troubles and called MSN for tech support. They changed his password to something he doesn't remember. So now, he can't get in to his account. He asked me for help. When I went online to reset the password, MSN's only solution was to email a new password to him. There's a catch 22! How are you supposed to get your password on an email account that you don't know the password to? There's even a question to that effect on the reset password page. But when I clicked on the question to get the answer to that puzzler, I got an error message. Then I spent a long time looking in vain for a telephone number for tech support. I finally called Dell, the maker of my Dad's computer and they gave me the MSN help line number. When I finally reached a human being at MSN, they said the only way they'll tell us the password is if Dad can tell them the last four digits of the credit card to which he originally had the account billed. But he's changed American Express cards a couple times and can't find that old card. Call American Express, MSN says. Ok. The first woman I reach at American Express tells me they can only tell me the old 4-digit account number if I can read her the security code from the card. DUHHH. If I had the card, I wouldn't need to call and ask her the last four numbers! I hang up. I called back and reached another drone who says they simply don't keep that old historical information and don't have the old numbers. In these days of computers, I know that can't be right. I ask for a supervisor. She says they are awfully busy and can the supervisor call me back in a half an hour? It's been 90 minutes. No phone call. So we're stuck in a no-win situation: American Express won't tell us the 4 digit number and MSN won't tell the password. We got so fed up we called MSN and asked to just cancel the account. HERE'S THE PUNCH LINE: MSN said they can't cancel the account unless we give them the 4 digits of the credit card to which the account was originally billed. So they won't let Dad get his email and will keep billing him for eternity all because he threw away 5-year-old credit card bills. No wonder Microsoft has such great profit margins! Greater profits through ripoffs!

Kim

"They ask for my ID like normal and I looked down on the EB counter and saw a few printed copies of some Massachusetts IDs. They were plainly visible, easily readable and not nicely stacked (so I could see three or four of them). So, I asked the guy, you scan IDs? and he simply said, Yes."

My concerns here are two: 1) They leave photocopies of IDs on the countertop for any evildoer to see? Not very secure. 2) They're scanning IDs of people trading in used games and they don't bother telling anyone that they're doing it?

This seems like a legitimate ID theft risk, if it's true. Does anyone else have any information about this issue? — MEGHANN MARCO

Read the rest of Ben's email inside.

Reader Mike wrote us in with some excellent advice on what to do when any so called representative comes a-knockin', claiming to be from your electricity company.

Ask for an ID with Picture. Never let anyone cover the ID. Ask them and Fight to see an ID. NEVER TRUST ANY REPRESENTATIVE! IDT Energy Representatives are supposed to have 2 ID's. One with the Picture and another sayin "We Are NOT the Utility company, We're from IDT Energy, a supply company" If The rep says he/she is from conEdison or other utility company, Ask for the ID. Otherwise, do NOT let them in, OR.... Just call the Police or any force.

Or, more hilariously, grab them by their lapels and propel them down a flight of steps with a coccyx-shattering kick to the buttocks.

We aim to be compleatists about this story, so the post in its entirety after the fudged jump. Click on the first 'Read More', not the second!

Read More... and comment!

Message to all Soldiers

As you are likely aware, the Department of Veterans Affairs recently lost a computer drive with the identifying information (names, SSNs and dates of birth) of as many as 20 million veterans. We now know
that many active and reserve servicemembers may be affected. Although there is no evidence that the data has been used illegally, all Soldiers should be extra vigilant with regard to their financial
well-being.

You should closely monitor your personal financial affairs while the DoD, VA and the Military Services work in earnest to determine the details and impacts of the compromise. We ask that you carefully
monitor your bank accounts, credit card accounts and any other financial accounts for suspicious activity. For more information on how to protect yourself, contact DoD's Military One Source at
www.militaryonesource.com or 1-800-342-9647.

The Army will work to keep you informed and ensure that you are aware of the resources available to help deal with this issue.

Peter J. Schoomaker Kenneth O. Preston
General, United States Army Sergeant Major of the Army
Chief of Staff