GameStop Sued Over Privacy Violations

[Master_Fubar23]

It used to be common practice for some retailers to request that kind of information with every purchase; Radio Shack was notorious for it back in the day. Evolving privacy laws have largely brought such practices to a halt, although not everywhere and not under all circumstances. Yet I can't help thinking that if you're truly uncomfortable handing out such information, perhaps instead of filing a lawsuit you should just say no.
Permalink

wow I can't help thinking he's ever tried saying "no" before. I've had this issue as well with gamestop. I went in to buy a 3 games none of which were rated "M" so they didn't need to see any ID. I tried to pay with my credit card and when they asked for some idenification I said no. Then there was a discussion about how they can't process the purchase even though the law states that they have too. After I told them what the law states the employee said I was wrong and that there was no such thing. I laughed and asked for a manager but he said he wasn't there and even if he was its gamestops "policy". I said screw it and left the store. About 4 days, a filed complaint, and a talk with gamestops regional manager later I was given an apology. The manager assured me he would inform his empolyees about california state laws and it wouldn't happen again. This is an issue that needs to be dealt with. Now before anyone says why didn't you do this or that, its simply about knowing one's rights and using them.

 

[JDKJ]

Don't Gamestop's everywhere do this? And all I get asked when I pre-order something is my phone number... and my license to show I'm 18(actually 19, but old enough to buy M rated games). When I buy I just get asked for the ID.

Yep: If you're buying something with a credit card you need to present it so the last four numbers of it can be punched in. That's everywhere though, as far as I know, so long as the purchase is $15 - $25 or more.

At gamestop however (in Maryland at least) you now also need to provide two forms of ID, anything issued by the state (well...any state really) and anything else be it a credit card or something.

Anyway: This whole things sounds stupid. It could have either been easily avoided or, it's something the customer is blowing up for no good reason. I've had people get uppity about me asking for their phone number and/or, their e-mail while trying to sign them up for power-up rewards. Sorry, I've been working retail since about 09. I have kind of a Randal outlook where customers are concerned.


Granted, that video applies more to when I was working at Blockbuster...

I think GameStop went beyond the last four digits of the card number. It looks like they record the entire card number. Which they have no need to do that I can see. When the swipe the card or enter it's number at the terminal connected to the card-issuer, all the information that the card-issuer needs to honor the debt on behalf on their cardholder is transmitted. Why does GameStop need my full card number and personal information in order for the transaction to be honored by my cardholder? They don't. They're just fishing for information they can use for their own personal purposes (mailing lists, complying customer demographic statistics, etc., etc.)

I agree, they deserve a slap on the wrist for this.

You have to agree that $1000 a person is absolutely bat fuck insane though

That depends on why GameStop wants the information and what they plan to do with it. If that use -- whatever it is -- is of great financial value to them (which I suspect it is or they wouldn't be doing it the first place), then the financial penalty for their wrongdoing needs to be greater than their financial gain from the wrongdoing or there's no incentive for them to cease doing wrong. They'll do the cost-benefit analysis and conclude that even with the slap on the wrist, there's still financial gain in continuing their illegal conduct.

If I steal $100 and get caught and fined $75, why should I stop stealing? I'm still $25 ahead of the game (no pun intended).

 

[SilverUchiha]

Why are they suing over such a trivial thing? It's like facebook. If you really don't want your information being released. Shut up and just don't give it out. You miss out on some shit, maybe, but who cares? Deal with it.

 

[Zefar]

This person did without a doubt have this in mind with the lawsuit already. Or it's the most paranoid person out there.

Also if she knew it was stored, why didn't she just ask them to remove it?

Simple, couldn't sue them then can you.

 

[Danpascooch]

Don't Gamestop's everywhere do this? And all I get asked when I pre-order something is my phone number... and my license to show I'm 18(actually 19, but old enough to buy M rated games). When I buy I just get asked for the ID.

Yep: If you're buying something with a credit card you need to present it so the last four numbers of it can be punched in. That's everywhere though, as far as I know, so long as the purchase is $15 - $25 or more.

At gamestop however (in Maryland at least) you now also need to provide two forms of ID, anything issued by the state (well...any state really) and anything else be it a credit card or something.

Anyway: This whole things sounds stupid. It could have either been easily avoided or, it's something the customer is blowing up for no good reason. I've had people get uppity about me asking for their phone number and/or, their e-mail while trying to sign them up for power-up rewards. Sorry, I've been working retail since about 09. I have kind of a Randal outlook where customers are concerned.


Granted, that video applies more to when I was working at Blockbuster...

I think GameStop went beyond the last four digits of the card number. It looks like they record the entire card number. Which they have no need to do that I can see. When the swipe the card or enter it's number at the terminal connected to the card-issuer, all the information that the card-issuer needs to honor the debt on behalf on their cardholder is transmitted. Why does GameStop need my full card number and personal information in order for the transaction to be honored by my cardholder? They don't. They're just fishing for information they can use for their own personal purposes (mailing lists, complying customer demographic statistics, etc., etc.)

I agree, they deserve a slap on the wrist for this.

You have to agree that $1000 a person is absolutely bat fuck insane though

That depends on why GameStop wants the information and what they plan to do with it. If that use -- whatever it is -- is of great financial value to them (which I suspect it is or they wouldn't be doing it the first place), then the financial penalty for their wrongdoing needs to be greater than their financial gain from the wrongdoing or there's no incentive for them to cease doing wrong. They'll do the cost-benefit analysis and conclude that even with the slap on the wrist, there's still financial gain in continuing their illegal conduct.

If I steal $100 and get caught and fined $75, why should I stop stealing? I'm still $25 ahead of the game (no pun intended).

I wouldn't worry about that, they could be harvesting and selling the blood of each customer and they wouldn't come anywhere near $1000 a person.

How much do you think a name and phone number is worth anyway? They obviously aren't selling the credit card information to criminals otherwise this headline would look more like Angry Customers With Stolen Identities Burn Down Gamestop

I think they deserve some sort of penalty, but $1000 a person? Absolutely insane.

 

[Catalyst6]

Don't Gamestop's everywhere do this? And all I get asked when I pre-order something is my phone number... and my license to show I'm 18(actually 19, but old enough to buy M rated games). When I buy I just get asked for the ID.

Yeah, that's pretty much it. Admittedly, it makes more sense for them to hold on to the credit card number, since that's the most relevant piece of info to them and it allows the customer to be easily identified.

Their practices have always weireded me out. Not when you're pre-order, when you're selling games. I can't remember whether it's your address or phone number that they ask for (it has been a while since I've sold a game) but they always want some kind of info like that, and it's creepy. What are they using it for?

 

[Sniper Team 4]

Was she trading in a game? If that's the case--or reserving one--I'm pretty sure her case just got shot in the head. If they just asked for all that stuff, then well, don't give it out if it bothers you. I get annoyed with Barns & Noble because every time I go in there, they get on the very edge of demanding my e-mail address. It's gotten to the point where I don't shop there anymore because I don't want to give it to them...

Um...where was I going with this?

 

[gimmly22]

I think GameStop went beyond the last four digits of the card number. It looks like they record the entire card number. Which they have no need to do that I can see. When the swipe the card or enter it's number at the terminal connected to the card-issuer, all the information that the card-issuer needs to honor the debt on behalf on their cardholder is transmitted. Why does GameStop need my full card number and personal information in order for the transaction to be honored by my cardholder? They don't. They're just fishing for information they can use for their own personal purposes (mailing lists, complying customer demographic statistics, etc., etc.)

In-store transactions do not need personal information, however, they need all card digits to complete the transaction, whether swiped or manually imputed. When a card is swiped or entered they need all digits because:

The first digit is the system number.
(Visa/MC) Digits two through six are the bank number, The digits after the bank number up through digit 15 are the account number, and digit 16 is a check digit (used with the CVV2 number).
(AmEx) Digits three and four are type and currency, digits five through 11 are the account number, digits 12 through 14 are the card number within the account and digit 15 is a check digit.

Also, the mag stripe carries the name, address and telephone number of the holder to verify information with the issuing bank. This is why some transactions require a person to enter their zip code or telephone number.

This GameStop person was an idiot to ask. A person does not need to vocalize their private information for a transaction, but the plaintiff is even more of an idiot for giving it. And if California law says

that the information can't be requested and recorded by the seller in order to effect a credit card transaction.

, then all online retailers are violating said law. Therefore, as an online retailer, I should stop selling to California.

 

[Baresark]

How do they have proof that the Gamestop actually did this? Something is missing in this article. And aren't all things done through the POS? I mean, the register is hooked to it, but you might as well sue the POS company for doing it. They don't actually process sales through their computer system, they only use it to track purchases as far as I can tell.

Gamestops everywhere ask your name, address and phone number. They asked her for it, and then she gave it to them. She could have declined or asked them what it was for first. This is not their fault. I get asked the same thing every time I buy something at Best Buy, at which time I decline to give them the information simply because I barely shop at their overpriced stores. Amazon probably has her personal information as well as any other place she may have shopped at online.

 

[JDKJ]

Don't Gamestop's everywhere do this? And all I get asked when I pre-order something is my phone number... and my license to show I'm 18(actually 19, but old enough to buy M rated games). When I buy I just get asked for the ID.

Yep: If you're buying something with a credit card you need to present it so the last four numbers of it can be punched in. That's everywhere though, as far as I know, so long as the purchase is $15 - $25 or more.

At gamestop however (in Maryland at least) you now also need to provide two forms of ID, anything issued by the state (well...any state really) and anything else be it a credit card or something.

Anyway: This whole things sounds stupid. It could have either been easily avoided or, it's something the customer is blowing up for no good reason. I've had people get uppity about me asking for their phone number and/or, their e-mail while trying to sign them up for power-up rewards. Sorry, I've been working retail since about 09. I have kind of a Randal outlook where customers are concerned.


Granted, that video applies more to when I was working at Blockbuster...

I think GameStop went beyond the last four digits of the card number. It looks like they record the entire card number. Which they have no need to do that I can see. When the swipe the card or enter it's number at the terminal connected to the card-issuer, all the information that the card-issuer needs to honor the debt on behalf on their cardholder is transmitted. Why does GameStop need my full card number and personal information in order for the transaction to be honored by my cardholder? They don't. They're just fishing for information they can use for their own personal purposes (mailing lists, complying customer demographic statistics, etc., etc.)

I agree, they deserve a slap on the wrist for this.

You have to agree that $1000 a person is absolutely bat fuck insane though

That depends on why GameStop wants the information and what they plan to do with it. If that use -- whatever it is -- is of great financial value to them (which I suspect it is or they wouldn't be doing it the first place), then the financial penalty for their wrongdoing needs to be greater than their financial gain from the wrongdoing or there's no incentive for them to cease doing wrong. They'll do the cost-benefit analysis and conclude that even with the slap on the wrist, there's still financial gain in continuing their illegal conduct.

If I steal $100 and get caught and fined $75, why should I stop stealing? I'm still $25 ahead of the game (no pun intended).

I wouldn't worry about that, they could be harvesting and selling the blood of each customer and they wouldn't come anywhere near $1000 a person.

How much do you think a name and phone number is worth anyway? They obviously aren't selling the credit card information to criminals otherwise this headline would look more like Angry Customers With Stolen Identities Burn Down Gamestop

I think they deserve some sort of penalty, but $1000 a person? Absolutely insane.

I dunno about that. If they're using the information to compile mailing lists and then selling or trading those mailing lists to or with other companies (which many businesses do), the financial benefit from that (either in terms of sales generated by mailing list campaigns or from the outright sale of lists) could be worth well in excess of $1000 a pop. A mailing list of consumers with credit cards who have been positively identified as willing to plop down their cards on a particular product or service can be worth its weight in gold.

 

[Krantos]

perhaps instead of filing a lawsuit you should just say no.

Sadly, that would be the socially responsible thing to do, and this is America. It seems we still haven't gotten over the whole sue-happy phase. It's not as common anymore, but it's still there.

 

[gimmly22]

Was she trading in a game? If that's the case--or reserving one--I'm pretty sure her case just got shot in the head. If they just asked for all that stuff, then well, don't give it out if it bothers you. I get annoyed with Barns & Noble because every time I go in there, they get on the very edge of demanding my e-mail address. It's gotten to the point where I don't shop there anymore because I don't want to give it to them...

Um...where was I going with this?

I do not know if GameStop has a rewards program, but if they do, they need that information sans CC number. You B&N reference reminded me of this.

 

[JDKJ]

I think GameStop went beyond the last four digits of the card number. It looks like they record the entire card number. Which they have no need to do that I can see. When the swipe the card or enter it's number at the terminal connected to the card-issuer, all the information that the card-issuer needs to honor the debt on behalf on their cardholder is transmitted. Why does GameStop need my full card number and personal information in order for the transaction to be honored by my cardholder? They don't. They're just fishing for information they can use for their own personal purposes (mailing lists, complying customer demographic statistics, etc., etc.)

In-store transactions do not need personal information, however, they need all card digits to complete the transaction, whether swiped or manually imputed. When a card is swiped or entered they need all digits because:

The first digit is the system number.
(Visa/MC) Digits two through six are the bank number, The digits after the bank number up through digit 15 are the account number, and digit 16 is a check digit (used with the CVV2 number).
(AmEx) Digits three and four are type and currency, digits five through 11 are the account number, digits 12 through 14 are the card number within the account and digit 15 is a check digit.

Also, the mag stripe carries the name, address and telephone number of the holder to verify information with the issuing bank. This is why some transactions require a person to enter their zip code or telephone number.

This GameStop person was an idiot to ask. A person does not need to vocalize their private information for a transaction, but the plaintiff is even more of an idiot for giving it. And if California law says

that the information can't be requested and recorded by the seller in order to effect a credit card transaction.

, then all online retailers are violating said law. Therefore, as an online retailer, I should stop selling to California.

What makes you think that an online retailer records the personal information provided for any longer than it takes to effect the transaction? And the analogy is a bit off, if you ask me. It's kinda difficult to purchase and receive something online without giving a name, mailing address, and some contact information (e.g., e-mail address or phone number, etc.). A brick and mortar store doesn't need to know where I live in order to sell me something. I'm standing right in front of them, willing to walk my purchase out of their store on my own.

 

[xyrafhoan]

I've never used a credit card at Gamestop, although my dad has, and they have never asked my dad for his personal information. The only time I have even been asked for personal information is if I was preordering a game/picking up my preorder, trading in a game, or buying an M-rated game. And the only time I see the employees store that information is for the former two options. Honestly, I've learned to not care because as long as I'm not getting spam mail or phonecalls, I feel they're being responsible with the information they're being given. Any business that accepts trade-ins keeps your information close at hand because they want to ensure they aren't reselling stolen goods. And I get the feeling with such low margins for new games, they also want to make sure no one is committing credit card fraud. It's a lot easier to spoof a signature than it is to spoof a photo ID. After a certain threshold, even at Starbucks we're supposed to ask for photo ID to confirm the card holder's identity.

On that note, I have no idea how this woman would be able to tell whether or not Gamestop was indeed hanging onto her credit card number after the transaction. What did she do, lean over the counter for the next 8 hours and watch the cashier's every move? Does she know whether or not the system itself automatically purges credit card numbers after verifying the sale? Did she base her hypothesis after repeat visits and finding out that her personal information is kept so Gamestop can easily track preorders and holds for the customer?

I hate sue-happy people.

 

[gimmly22]

I think GameStop went beyond the last four digits of the card number. It looks like they record the entire card number. Which they have no need to do that I can see. When the swipe the card or enter it's number at the terminal connected to the card-issuer, all the information that the card-issuer needs to honor the debt on behalf on their cardholder is transmitted. Why does GameStop need my full card number and personal information in order for the transaction to be honored by my cardholder? They don't. They're just fishing for information they can use for their own personal purposes (mailing lists, complying customer demographic statistics, etc., etc.)

In-store transactions do not need personal information, however, they need all card digits to complete the transaction, whether swiped or manually imputed. When a card is swiped or entered they need all digits because:

The first digit is the system number.
(Visa/MC) Digits two through six are the bank number, The digits after the bank number up through digit 15 are the account number, and digit 16 is a check digit (used with the CVV2 number).
(AmEx) Digits three and four are type and currency, digits five through 11 are the account number, digits 12 through 14 are the card number within the account and digit 15 is a check digit.

Also, the mag stripe carries the name, address and telephone number of the holder to verify information with the issuing bank. This is why some transactions require a person to enter their zip code or telephone number.

This GameStop person was an idiot to ask. A person does not need to vocalize their private information for a transaction, but the plaintiff is even more of an idiot for giving it. And if California law says

that the information can't be requested and recorded by the seller in order to effect a credit card transaction.

, then all online retailers are violating said law. Therefore, as an online retailer, I should stop selling to California.

What makes you think that an online retailer records the personal information provided for any longer than it takes to effect the transaction? And the analogy is a bit off, if you ask me. It's kinda difficult to purchase and receive something online without giving a name, mailing address, and some contact information (e.g., e-mail address or phone number, etc.) A brick and mortar store doesn't need to know where I live in order to sell me something. I'm standing right in front of them, willing to walk my purchase out of their store on my own.

You do not remember the TJMax.com incident three years ago. The online portion of the retailer stored the credit card and personal information on their servers, as part of their PCI DSS 1.0 compliance. Their servers were hacked and millions of people had their information stolen. Do you frequent an online store that asks to store your billing information to speed up your transaction? How about completing your car loan payment online?

 

[Danpascooch]

Don't Gamestop's everywhere do this? And all I get asked when I pre-order something is my phone number... and my license to show I'm 18(actually 19, but old enough to buy M rated games). When I buy I just get asked for the ID.

Yep: If you're buying something with a credit card you need to present it so the last four numbers of it can be punched in. That's everywhere though, as far as I know, so long as the purchase is $15 - $25 or more.

At gamestop however (in Maryland at least) you now also need to provide two forms of ID, anything issued by the state (well...any state really) and anything else be it a credit card or something.

Anyway: This whole things sounds stupid. It could have either been easily avoided or, it's something the customer is blowing up for no good reason. I've had people get uppity about me asking for their phone number and/or, their e-mail while trying to sign them up for power-up rewards. Sorry, I've been working retail since about 09. I have kind of a Randal outlook where customers are concerned.


Granted, that video applies more to when I was working at Blockbuster...

I think GameStop went beyond the last four digits of the card number. It looks like they record the entire card number. Which they have no need to do that I can see. When the swipe the card or enter it's number at the terminal connected to the card-issuer, all the information that the card-issuer needs to honor the debt on behalf on their cardholder is transmitted. Why does GameStop need my full card number and personal information in order for the transaction to be honored by my cardholder? They don't. They're just fishing for information they can use for their own personal purposes (mailing lists, complying customer demographic statistics, etc., etc.)

I agree, they deserve a slap on the wrist for this.

You have to agree that $1000 a person is absolutely bat fuck insane though

That depends on why GameStop wants the information and what they plan to do with it. If that use -- whatever it is -- is of great financial value to them (which I suspect it is or they wouldn't be doing it the first place), then the financial penalty for their wrongdoing needs to be greater than their financial gain from the wrongdoing or there's no incentive for them to cease doing wrong. They'll do the cost-benefit analysis and conclude that even with the slap on the wrist, there's still financial gain in continuing their illegal conduct.

If I steal $100 and get caught and fined $75, why should I stop stealing? I'm still $25 ahead of the game (no pun intended).

I wouldn't worry about that, they could be harvesting and selling the blood of each customer and they wouldn't come anywhere near $1000 a person.

How much do you think a name and phone number is worth anyway? They obviously aren't selling the credit card information to criminals otherwise this headline would look more like Angry Customers With Stolen Identities Burn Down Gamestop

I think they deserve some sort of penalty, but $1000 a person? Absolutely insane.

I dunno about that. If they're using the information to compile mailing lists and then selling or trading those mailing lists to or with other companies (which many businesses do), the financial benefit from that (either in terms of sales generated by mailing list campaigns or from the outright sale of lists) could be worth well in excess of $1000 a pop. A mailing list of consumers with credit cards who have been positively identified as willing to plop down their cards on a particular product or service can be worth its weight in gold.

No mailing list in the history of the world has ever been worth $1000 a person for a name and phone number, ever. It's clear they aren't selling the credit card numbers or else identity theft would be rampant among their customers.

If you can show any evidence otherwise I'll eat my own face.

 

[risenbone]

Look you ask for the most you can in this situation to give yourself negotiation room. Thats all it is you don't start negotiating from what your willing to get out of it you start from the most you can and work your way down. Gamestop obviously would rather not pay anything and so thats their starting point fro negotiation.

In the end the only real winners are the bloody lawyers again.

 

[fanklok]

Gamestop asked for my address when I got my rewards card I think they may still have it in their system I should sue them so hard.

 

[Amphoteric]

Nice job America, keeping up the reputation for suing anyone over anything.

 

[hansari]

perhaps instead of filing a lawsuit you should just say no.

Who do you think you are to just go off and speak sensibly?

And on the internet of all things...