Ct.App. 2/8 B238097 Super. Ct. No. BC463305 Court: Superior County: Los Angeles Judge: Carl J. West
The Song-Beverly Credit Card Act of 1971 (Credit Card Act) governs the issuance and use of credit cards. (Civ. Code, § 1747 et seq.; all further statutory references are to the Civil Code unless otherwise indicated.) One of its provisions, section 1747.08, prohibits retailers from "[r]equest[ing], or requir[ing] as a condition to accepting the credit card as payment . . . , the cardholder to write any personal identification information upon the credit card transaction form or otherwise." (§ 1747.08, subd. (a) (hereafter section 1747.08(a)).) It also prohibits retailers from requesting or requiring the cardholder "to provide personal identification information, which the [retailer] . . . writes, causes to be written, or otherwise records upon the credit card transaction form or otherwise," and from "[u]tiliz[ing] . . . a credit card form which contains preprinted spaces specifically designed for filling in any personal identification information of the cardholder." (Ibid.) In Pineda v. Williams-Sonoma Stores, Inc. (2011) 51 Cal.4th 524 (Pineda), we considered whether section 1747.08 is violated when a retailer requests and records a customer's ZIP code during a credit card transaction. Relying on the statute's language, legislative history, and purpose, we concluded that a ZIP code constitutes "personal identification information" within the meaning of the statute and that the Credit Card Act forbids a retailer from requesting or recording such information. (Pineda, at pp. 527-528.)
Like Pineda, this case involves an asserted violation of section 1747.08. David Krescent, the plaintiff in this case, alleged in his complaint that defendant Apple Inc. requested or required him to provide his address and telephone number as a condition of accepting his credit card as payment. However, unlike Pineda, which concerned the purchase of a physical product at a traditional "brick-and-mortar" business, this case concerns the purchase of an electronic download via the Internet. We must resolve whether section 1747.08 prohibits an online retailer from requesting or requiring personal identification information from a customer as a condition to accepting a credit card as payment for an electronically downloadable product. Upon careful consideration of the statute's text, structure, and purpose, we hold that section 1747.08 does not apply to online purchases in which the product is downloaded electronically.
Our dissenting colleagues warn that today's decision "relegate[s] to the dust heap" the " 'robust' consumer protection . . . at the heart of section 1747.08" (dis. opn. by Kennard, J., post, at p. 6) and represents a "major loss for consumers" (id. at p. 1) that "leaves online retailers free to collect and use the personal identification information of credit card users as they wish" (dis. opn. by Baxter, J., post, at p. 1). These ominous assertions, though eye-catching, do not withstand scrutiny. As we explain, existing state and federal laws provide consumers with a degree of protection against unwanted use or disclosure of personal identification information. The Legislature may believe these measures are inadequate and, if so, may enact additional protections. Or the Legislature may believe that existing laws, together with market forces reflecting consumer preferences, are sufficient. It is not our role to opine on this important policy issue. We merely hold that section 1747.08 does not govern online purchases of electronically downloadable products because this type of transaction does not fit within the statutory scheme.
Because this case comes to us following summary denial of a writ of mandate after the denial of a demurrer, we assume as true all facts alleged in the operative complaint. (Sheehan v. San Francisco 49ers, Ltd. (2009) 45 Cal.4th 992, 996.) Petitioner Apple Inc. (Apple), defendant below, operates an Internet Web site and an online iTunes store through which it sells digital media such as downloadable audio and video files. In June 2011, plaintiff below, David Krescent, sued Apple on behalf of himself and a putative class of similarly situated individuals for alleged violations of section 1747.08. Specifically, Krescent alleged that he purchased media downloads from Apple on various occasions and that, as a condition of receiving these downloads, he was required to provide his telephone number and address in order to complete his credit card purchase. He further alleged that Apple records each customer's personal information, is not contractually or legally obligated to collect a customer's telephone number or address in order to complete the credit card transaction, and does not require a customer's telephone number or address for any special purpose incidental but related to the individual credit card transaction, such as shipping or delivery. Although he alleged that "the credit card transaction would be permitted to proceed" without any personal identification information, Krescent also contended that "even if the credit card processing company or companies required a valid billing address and [credit card identification number], under no circumstance would [plaintiff's] telephone number be required to complete his transaction, that is, under no circumstance does [Apple] need [plaintiff's] phone number in order to complete a [media] download transaction."
In September 2011, Apple filed a demurrer, arguing that the Credit Card Act does not apply to online transactions and that deciding otherwise would undermine the prevention of identity theft and fraud. After a hearing, the trial court overruled the demurrer. The court noted that "the Act itself is silent on exempting online credit card transactions from its purview (and otherwise does not address online credit card transactions specifically)." While acknowledging that Apple's "assertions with respect to preventing fraud have definite appeal (a problem which the Court acknowledges is widespread in credit transactions generally, and in online credit card transactions specifically)," the trial court said it "is not prepared, at the pleading stage, to read the [Credit Card] Act as completely exempting online credit transactions from its reach." The court also found, pursuant to Code of Civil Procedure section 166.1, that appellate resolution of the issue might materially assist the resolution of the litigation.
Apple filed a petition for writ of mandate seeking review of the trial court's order, which the Court of Appeal summarily denied. We granted Apple's petition for review and ordered the trial court to show cause why the relief sought in the petition for writ of mandate should not be granted.
We review de novo questions of statutory construction. In doing so, " 'our fundamental task is to "ascertain the intent of the lawmakers so as to effectuate the purpose of the statute." ' " (Mays v. City of Los Angeles (2008) 43 Cal.4th 313, 321.) As always, we start with the language of the statute, "giv[ing] the words their usual and ordinary meaning [citation], while construing them in light of the statute as a whole and the statute's purpose [citation]." (Pineda, supra, 51 Cal.4th at pp. 529-530.)
We begin with the text of the statute. Section 1747.08(a) provides: "Except as provided in subdivision (c), no person, firm, partnership, association, or corporation that accepts credit cards for the transaction of business shall do any of the following: [¶] (1) Request, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to write any personal identification information upon the credit card transaction form or otherwise. [¶] (2) Request, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to provide personal identification information, which the person, firm, partnership, association, or corporation accepting the credit card writes, causes to be written, or otherwise records upon the credit card transaction form or otherwise. [¶] (3) Utilize, in any credit card transaction, a credit card form which contains preprinted spaces specifically designated for filling in any personal identification information of the cardholder." Section 1747.08, subdivision (b) (hereafter section 1747.08(b)) defines " 'personal identification information' " as "information concerning the cardholder, other than information set forth on the credit card, and including, but not limited to, the cardholder's address and telephone number."
The prohibitions codified in section 1747.08(a) are subject to various exceptions set forth in section 1747.08, subdivision (c) (hereafter section 1747.08(c)). Subdivision (c) provides that the requirements of subdivision (a) do not apply to "[c]ash advance transactions" or "[i]f the credit card is being used as a deposit to secure payment in the event of default . . . or other similar occurrence." (§ 1747.08(c)(1), (2).) Nor do the requirements of subdivision (a) apply if the person, firm, partnership, association, or corporation accepting the credit card "is contractually obligated to provide personal identification information in order to complete the credit card transaction"; "uses the Zip Code information solely for prevention of fraud, theft, or identity theft" in a "sales transaction at a retail motor fuel dispenser or retail motor fuel payment island automated cashier"; or "is obligated to collect and record the personal identification information by federal or state law or regulation." (§ 1747.08(c)(3)(A)-(C).) Personal identification information may also be collected if it "is required for a special purpose incidental but related to the individual credit card transaction, including, but not limited to, information relating to shipping, delivery, servicing, or installation of the purchased merchandise, or for special orders." (§ 1747.08(c)(4).)
Finally, section 1747.08, subdivision (d) (hereafter section 1747.08(d)) provides the following general qualification to the statute's requirements: "This section does not prohibit any person, firm, partnership, association, or corporation from requiring the cardholder, as a condition to accepting the credit card as payment in full or in part for goods or services, to provide reasonable forms of positive identification, which may include a driver's license or a California state identification card, or where one of these is not available, another form of photo identification, provided that none of the information contained thereon is written or recorded on the credit card transaction form or otherwise. If the cardholder pays for the transaction with a credit card number and does not make the credit card available upon request to verify the number, the cardholder's driver's license number or identification card number may be recorded on the credit card transaction form or otherwise."
At the outset, we observe that the text of section 1747.08 makes no reference to online transactions or the Internet. This is not surprising because former section 1747.8, section 1747.08's predecessor, was enacted in 1990 (Stats. 1990, ch. 999, § 1, p. 4191), before the privatization of the Internet (see Frischmann, Privatization and Commercialization of the Internet Infrastructure: Rethinking Market Intervention into Government and Government Intervention into the Market (2001) 2 Colum. Sci. & Tech. L.Rev. 1, 20) and almost a decade before online commercial transactions became widespread (see, e.g., McDonough v. Toys "R" Us, Inc. (E.D.Pa. 2009) 638 F.Supp.2d 461, 468).
Although section 1747.08 does not explicitly reference online transactions, both parties maintain that the Legislature's intent is apparent from the plain meaning of the statute's terms. Krescent contends that the language of section 1747.08(a) "must be read as an all-inclusive prohibition on every businesses [sic] regardless of the form of the transaction." According to Krescent, in directing the statutory prohibition at any "person, firm, partnership, association, or corporation that accepts credit cards for the transaction of business" (§ 1747.08(a)), the Legislature intended to include all retailers without exception. If the Legislature intended to exempt online retailers, he contends, it could have done so.
Apple, on the other hand, argues that the first sentence of section 1747.08(a) must be construed in light of other language in the statute indicating that the Legislature had in mind only in-person business transactions. For example, section 1747.08(a)(1) prohibits a retailer from requesting or requiring a "cardholder to write any personal identification information upon the credit card transaction form or otherwise." (Italics added.) Section 1747.08(a)(2) prohibits a retailer from requesting or requiring the cardholder to provide such information, which the retailer "writes, causes to be written, or otherwise records upon the credit card transaction form or otherwise." (Italics added.) And section 1747.08(a)(3) prohibits the retailer from utilizing "a credit card form which contains preprinted spaces." (Italics added.) Apple says the terms "write" and "forms" imply, by their physicality, that section 1747.08 applies only to in-person transactions. Apple further argues that the definition of "credit card" in section 1747.02 -- "any card, plate, coupon book, or other single credit device existing for the purpose of being used from time to time upon presentation to obtain money, property, labor, or services on credit" -- indicates that the Legislature contemplated only those transactions in which the card is physically presented or displayed to the retailer. (§ 1747.02, subd. (a), italics added.)
We think the text of section 1747.08(a) alone is not decisive on the question before us. The statutory language suggests that the Legislature, at the time it enacted former section 1747.8, did not contemplate commercial transactions conducted on the Internet. But it does not seem awkward or improper to describe the act of typing characters into a digital display as "writing" on a computerized "form." In construing statutes that predate their possible applicability to new technology, courts have not relied on wooden construction of their terms. Fidelity to legislative intent does not "make it impossible to apply a legal text to technologies that did not exist when the text was created. . . . Drafters of every era know that technological advances will proceed apace and that the rules they create will one day apply to all sorts of circumstances they could not possibly envision." (Scalia & Garner, Reading Law: The Interpretation of Legal Texts (2012) pp. 85-86.)
For example, in O'Grady v. Superior Court (2006) 139 Cal.App.4th 1423, the Court of Appeal considered whether an online news magazine constitutes a "periodical publication" for purposes of California's journalism shield law, which was enacted well before the advent of "digital magazines." (Id. at p. 1461.) The court considered the argument that "the shield law only applies to 'periodical publications' in print, because that was a common feature of newspapers and magazines at the time the law was enacted." (Id. at p. 1462.) But the court did not regard that meaning as dispositive, instead finding the statutory term ambiguous enough to encompass the Web site at issue. (Id. at pp. 1463-1466.) The court ultimately found the shield law applicable to the Web site through a careful examination of the Legislature's purpose in enacting the statute, not on the basis of the plain meaning of " 'periodical publication.' " (Id. at pp. 1462-1463; see id. at p. 1465 ["Given the numerous ambiguities presented by 'periodical publication' in this context, its applicability must ultimately depend on the purpose of the statute"].)
In Ni v. Slocum (2011) 196 Cal.App.4th 1636, 1649 (Slocum), the Court of Appeal considered "whether the use of electronic signature qualifies as 'personally affix[ing]' the signature" on an initiative petition as that phrase is used in the Elections Code. (See Elec. Code, § 100 ["Each signer shall at the time of signing the petition or paper personally affix his or her signature, printed name, and place of residence . . . ."].) The county argued that a signer must "physically 'attach' the signature to the petition by inscribing it with a writing utensil," whereas the petitioner claimed that the statutory requirement can be satisfied by "tracing one's signature and address on the face of a smartphone in response to online instructions accompanying a copy of the petition." (Slocum, supra, 196 Cal.App.4th at pp. 1649-1650.) Although the statute was enacted in 1933, long before electronic signatures existed, the Court of Appeal found "no reason to reject either of these definitions solely on the basis of the plain language of the statute." (Id. at p. 1650; see id. at p. 1652 ["Statutory interpretation must be prepared to accommodate technological innovation, if the technology is otherwise consistent with the statutory scheme"].)
Rather, the court in Slocum ultimately concluded that an electronic signature system was "not entirely consistent with the present statutory scheme for the endorsement of initiative petitions because . . . electronic signature software deletes the circulator from the signature collection process" by allowing "voters to gain access to petitions from the Internet and execute them without the assistance or intervention of a circulator." (Slocum, supra, 196 Cal.App.4th at pp. 1652-1653.) The court explained that the "Elections Code requires each petition submitted to county election officials to be accompanied by the declaration of the circulator, attesting to the genuineness of the signatures on the petition," and that "the Legislature viewed the participation of the circulator as a protection against fraud in the collection of signatures." (Id. at p. 1652.) Thus, the court concluded that "the electronic signature system is partially incompatible with the current statutory scheme" because it "eliminates from the signature collection system one of its primary protections against fraud." (Id. at p. 1653.)
In this case, as in O'Grady and Slocum, the plain meaning of the statute's text is not decisive. An examination of the statutory scheme as a whole is necessary to determine whether it is applicable to a transaction made possible by technology that the Legislature did not envision.
We recently considered the history and purpose of the Credit Card Act in Pineda, supra, 51 Cal.4th 524. There we said "[t]he statute's overriding purpose was to 'protect the personal privacy of consumers who pay for transactions with credit cards.' " (Id. at p. 534, quoting Assem. Com. on Finance and Ins., Analysis of Assem. Bill No. 2920 (1989-1990 Reg. Sess.) as amended Mar. 19, 1990, p. 2.) Specifically, the Legislature "sought to address the misuse of personal identification information for, inter alia, marketing purposes, and found that there would be no legitimate need to obtain such information from credit card customers if it was not necessary to the completion of the credit card transaction." (Absher v. AutoZone, Inc. (2008) 164 Cal.App.4th 332, 345, quoted in Pineda, at p. 535.) "To protect consumers, the Legislature sought to prohibit businesses from 'requiring information that merchants, banks or credit card companies do not require or need.' " (Pineda, at p. 534, quoting Assem. Com. on Finance and Ins., Analysis of Assem. Bill No. 2920 (1989-1990 Reg. Sess.) as amended Mar. 19, 1990, p. 2.)
While it is clear that the Legislature enacted the Credit Card Act to protect consumer privacy, it is also clear that the Legislature did not intend to achieve privacy protection without regard to exposing consumers and retailers to undue risk of fraud. The legislative history shows that the Legislature enacted the statute's prohibitions only after carefully considering and rejecting the possibility that the collection of personal identification information by brick-and-mortar retailers could serve a legitimate purpose such as fraud prevention. In particular, the Senate Judiciary Committee considered the standard procedure followed by brick-and-mortar retailers in the 1990s to verify the identity of credit card users -- which included "verify[ing] the identification of the cardholder by comparing the signature on the credit card transaction form with the signature on the back of the card" and "contact[ing] the credit card issuer's authorization center [to] obtain approval" for sales above a specified "floor limit" -- and concluded that the collection of personal identification information was not a necessary step in that procedure. (Sen. Judiciary Com., Analysis of Assem. Bill No. 2920 (1989-1990 Reg. Sess.) as amended June 27, 1990, p. 3.) This finding supported the Legislature's judgment that brick-and-mortar retailers in the 1990s had no genuine need to collect personal identification information and would instead use such information primarily for unsolicited marketing. (See id. at pp. 3-4 [noting that the "problem" the bill was designed to address was retailers' practice of leading consumers "to mistakenly believe that [personal identification information] is a necessary condition to complete the credit card transaction, when, in fact, it is not" and "acquir[ing] this additional personal information for their own business purposes -- for example, to build mailing or telephone lists which they can subsequently use for their own in-house marketing efforts, or sell to direct-mail or tele-marketing specialists, or to others"]; id. at pp. 5-7 [explaining that retailers had no genuine need for personal identification information to address problems such as billing errors, lost credit cards, and product problems].) We cannot assume that the Legislature, had it confronted a type of transaction in which the standard mechanisms for verifying a cardholder's identity were not available, would have made the same policy choice as it did with respect to transactions in which it found no tension between privacy protection and fraud prevention.
Further, the Legislature in 1991 "added a provision (former § 1747.8, subd. (d)) . . . substantially similar to the subdivision (d) now in section 1747.08, permitting businesses to require cardholders to provide identification so long as none of the information contained thereon was recorded." (Pineda, supra, 51 Cal.4th at p. 535, citing Stats. 1991, ch. 1089, § 2, p. 5042.) The adoption of this provision was described as "a clarifying, non-substantive change." (State and Consumer Services Agency, Enrolled Bill Rep. on Assem. Bill No. 1477 (1991-1992 Reg. Sess.) Sept. 9, 1991, p. 3.) As previously noted, section 1747.08(d) makes clear that nothing in the statute prevents retailers from requiring customers to provide positive identification -- "which may include a driver's license or a California state identification card, or where one of these is not available, another form of photo identification" -- as a condition of accepting a credit card as payment. In addition, although section 1747.08(d) generally prohibits a retailer from recording information contained on a customer's photo identification card, a retailer may record the customer's driver's license number or similar information when the customer does not make the credit card available for verification, presumably so that the customer may be identified and located in the event of a problem with the use of the credit card. Section 1747.08(d) shows that while the Legislature indeed sought to protect consumer privacy, it did not intend to do so at the cost of creating an undue risk of credit card fraud. Rather, section 1747.08(d) demonstrates the Legislature's intent to permit retailers to use and even record personal identification information when necessary to combat fraud and identity theft -- objectives that not only protect retailers but also promote consumer privacy.
The safeguards against fraud that are provided in section 1747.08(d) are not available to the online retailer selling an electronically downloadable product. Unlike a brick-and-mortar retailer, an online retailer cannot visually inspect the credit card, the signature on the back of the card, or the customer's photo identification. Thus, section 1747.08(d) -- the key antifraud mechanism in the statutory scheme -- has no practical application to online transactions involving electronically downloadable products. We cannot conclude that if the Legislature in 1990 had been prescient enough to anticipate online transactions involving electronically downloadable products, it would have intended section 1747.08(a)'s prohibitions to apply to such transactions despite the unavailability of section 1747.08(d)'s safeguards.
Krescent's complaint reinforces our conclusion insofar as it failed to allege that Apple does not require any personal identification information to verify the identity of the credit card user. His complaint merely alleged that "the credit card transaction would be permitted to proceed without any further information" and that Apple "is not contractually obligated to provide a consumer's telephone number and/or address in order to complete the credit card transaction," thereby rendering inapplicable the exception set forth in section 1747.08(c)(3)(A). Even if credit card transactions may proceed without any personal identification information under the contractual terms that bind retailers and credit card companies, the fact remains that the Legislature saw fit to include section 1747.08(d)'s safeguards against fraud in the statutory scheme. The inclusion of section 1747.08(d), separate and apart from the exception in section 1747.08(c)(3)(A), reflects the Legislature's judgment that consumers and retailers have an interest in combating fraud that is independent of whatever security measures are (or are not) required by contracts between retailers and credit card issuers. Consistent with this legislative judgment, both parties acknowledged at oral argument that retailers often bear the risk of loss from fraudulent credit card charges.
In addition, Krescent suggested in his complaint and expressly conceded at oral argument that Apple may need at least a valid billing address, if not a telephone number, to verify the credit card. However, according to Krescent's own allegations, there would be no way for Apple to collect this information under the statute. As noted, Krescent alleged that Apple is neither contractually nor legally obligated to collect such information; hence, the exceptions in section 1747.08(c)(3)(A) and (C) do not apply. Krescent also alleged that Apple does not require a customer's address for a special purpose incidental but related to the credit card transaction, such as shipping, because the product is electronically downloadable; hence, the exception in section 1747.08(c)(4) does not apply. Likewise, the exceptions concerning motor fuel retailers, cash advance transactions, and transactions in which a credit card is used as a form of security have no applicability to this case. (§ 1747.08(c)(1), (2), (3)(B).)
At oral argument, Krescent suggested that Apple might be able to collect a customer's billing address as a "reasonable form of positive identification" under section 1747.08(d). But section 1747.08(b) includes "the cardholder's address" as a type of personal identification information retailers are forbidden to collect. Moreover, Krescent's view cannot be squared with the full text of section 1747.08(d), which says retailers may require the cardholder "to provide reasonable forms of positive identification, which may include a driver's license or California state identification card, or where one of these is not available, another form of photo identification, provided that none of the information provided thereon is written or recorded on the credit card transaction form or otherwise." A billing address is not a "form of photo identification." (See Costco Wholesale Corp. v. Superior Court (2009) 47 Cal.4th 725, 743 ["Under the principle of statutory construction known as 'ejusdem generis,' the general term ordinarily is understood as being ' "restricted to those things that are similar to those which are enumerated specifically" ' "].) And Krescent's own complaint alleged that Apple "records each consumer's personal information, including, but not limited to a telephone number and address, in line with each credit card transaction, and keeps records of such personal information." In short, section 1747.08(d) does not permit Apple to collect a billing address in the course of an online transaction.
In his brief (but not in his complaint), Krescent argued that requiring a customer to provide his or her name, credit card number, card expiration date, and credit card identification number suffices to prevent fraud. But it is clear that the Legislature has disagreed. A customer's name, credit card number, expiration date, and security code are all apparent to a "brick-and-mortar" retailer on the credit card itself when the card is presented during an in-person transaction. Yet the Legislature expressly authorized retailers to request additional information -- namely, a driver's license, state identification card, or another form of photo identification -- in order to combat fraud. (§ 1747.08(d).) The Legislature has thus decided that the information on the credit card is not necessarily sufficient by itself to protect consumers and retailers against fraud.
Our dissenting colleagues offer various arguments against the conclusion that the statute, if applied to the online transaction in this case, would prohibit Apple from collecting information necessary to combat fraud. Justice Kennard cites section 1747.08(c)(3)(A), which allows retailers to collect personal identification information that they are "contractually obligated to provide . . . in order to complete the credit card transaction," as one "layer of protection against fraud." (Dis. opn. by Kennard, J., post, at p. 7.) But Krescent's complaint stated that Apple is not contractually obligated to collect any such information, and we must accept this allegation as true on demurrer. (See ante, at p. 13.) Justice Kennard also notes that the second sentence of section 1747.08(d) allows retailers "to record the number appearing on the buyer's driver's license or similar identification." (Dis. opn. by Kennard, J., post, at p. 7.) But the second sentence of section 1747.08(d) allows a retailer to record such information when a buyer "pays for the transaction with a credit card number and does not make the credit card available upon request," presumably so that the buyer may be tracked down if the use of the credit card number turns out to be improper. This provision contemplates that the retailer can verify that the driver's license or identification card belongs to the buyer; indeed, section 1747.08(d) makes clear that a driver's license or identification card has significance in this context as a "form of photo identification." In an online transaction, even if the retailer were to collect a driver's license number, the retailer has no way to verify that the number corresponds to the person using the credit card number.
In his dissent, Justice Baxter asserts that we indulge an unwarranted "factual assumption -- that the personal identification information defendant allegedly demanded and collected here, i.e., cardholder addresses and telephone numbers, are 'necessary to combat fraud and identity theft' in online credit card transactions." (Dis. opn. by Baxter, J., post, at pp. 7-8.) In fact, we do nothing of the sort. We express no view as to what type of information -- whether an address, telephone number, or something else -- is essential to verify a cardholder's identity. We hold only that the statutory scheme and legislative history make clear the Legislature's concern that there be some mechanism by which retailers can verify that a person using a credit card is authorized to do so. No such mechanism would exist in the context of online purchases of electronically downloadable products if the statute were read to apply to such transactions. Because the statutory scheme provides no means for online retailers selling electronically downloadable products to protect against credit card fraud, we conclude that the Legislature could not have intended section 1747.08 to apply to this type of transaction.
We have no occasion here to decide whether section 1747.08 applies to online transactions that do not involve electronically downloadable products or to any other transactions that do not involve in-person, face-to-face interaction between the customer and retailer. Our dissenting colleagues contend that section 1747.08 must apply to online transactions because the Legislature intended it to apply to "other card-not-present transactions" such as mail order and telephone order (MOTO) transactions. (Dis. opn. by Baxter, J., post, at pp. 9-10; see dis. opn. by Kennard, J., post, at pp. 4-6.) We express no view on whether the statute governs mail order or telephone order transactions, as that issue is not presented and has not been briefed in this case. In any event, even if the statute does apply to MOTO transactions, we do not think such transactions, which often involve "shipping [or] delivery . . . of the purchased merchandise" (§ 1747.08(c)(4)), are readily likened to online purchases of electronically downloadable products with respect to possible means of preventing or detecting fraud.
Krescent contends that the text and legislative history of a 2011 amendment to the Credit Card Act show that section 1747.08 applies to online ...