Just came back from a trip to Scotland and before throwing a receipt away in the bin noticed that this one printed everything except the last 4 digits of the card whereas another receipt I had only contained the last 4 digits. Not good having these two receipts together.

Coincidently on digg last week the following story on WSJ explains how consumers are bringing class action lawsuits against large retailers for printing too many digits on receipts. The story states:

In the US,

as of Dec. 4, retailers are prohibited from printing more than the last five digits of a credit-card or debit-card account number on receipts that are handed to customers. The receipts also can’t include the account’s expiration date. The law applies only to electronically printed receipts, rather than those that are written by hand or imprinted on old-fashioned manual machines.

So you are now liable as a retailers for using a product that vendors fail to meet current laws and regulations, instead of the vendors of the point of sale systems themselves. Privacy is such a concern for consumers, as it should be, that we are doing anything in order to protect our personal data. Imagine this in another context, where a user of system is liable for a fault by the manufacturer/vendor.

So far “100 federal lawsuits seeking class-action status against big merchants such as Rite Aid Corp., Wendy’s International Inc., FedEx Corp., TJX Cos. and Inter Ikea Systems BV.”

The best case would if other countries adopted something similar as law or the requirement became part of PCI. This should be a catalyst for Point of Sale vendors to step up and address this insecurity or they themselves can also face legal liability the same way retailers are, we’ll just have to wait and see what happens in this space.