May 4, 2010 at 9:00 AM ET
Shopping online became a little safer this weekend when Visa banned a long-standing practice that Sen. Jay Rockefeller had blasted as "deceptive," saying it triggered $1.4 billion in unauthorized charges on 30 million Americans' credit card bills.
The tale provides a good reminder of the importance of scouring your credit card bills every month.
Millions of consumers ended up paying monthly charges for useless travel clubs and similar services after shopping at popular Web sites like 1-800-Flowers.com, Buy.com, Classmates.com and around 450 other sites, staffers for Rockefeller, D-W. Va., concluded in a report issued last year.
Consumers who shopped at the sites were enticed to click on an advertisement that offered free shipping or a discount. In many cases, merely clicking on the link to find more information led to enrollment in a monthly service – even though there was not so much as a sign-up page or a place to enter a credit card number. Many consumers were surprised to find that their credit card numbers had been furnished to the third-party site without their permission -- a tactic called "data pass."
A new Visa ban against data passing took effect on Saturday. Visa will now require that Web merchants prompt consumers to re-enter all 16 digits of their credit card number before allowing any third-party charges.
"Consumers who shop online using their Visa cards should be confident that they will only be charged for the products and services they legitimately intend to purchase -- not those that are foisted on them through deceptive data pass schemes," Martin Elliott, a Visa spokesman, said in a statement.
Rockefeller said he was glad Visa banned the practice, but said he would still push for legislation that would make data passing illegal.
"Tricking consumers into buying goods and services they do not want is completely unacceptable," he said. "It's not ethical, it's not right and it is not the way business should be done in America."
Rockefeller's staff found that 88 electronic commerce firms had earned more than $1 million each in commissions by passing consumers' credit card information to three Connecticut-based companies -- Affinion, Vertrue and Webloyalty.
In an e-mail, Webloyalty spokesman Adam Weiner said that the company offers numerous discounts that help consumers. He also said the firm has recently changed its sign-up procedure.
"Since January, the Webloyalty enrollment process occurs only if the consumer enters their entire 16 digit credit or debit card number," he said. "Accordingly, no additional changes by Webloyalty were necessary in order to conform to Visa's recently announced policy concerning data pass."
A spokeswoman for Vertrue pointed to a statement the company issued last year when the Rockefeller investigation began, indicating the company had begun requiring new customers to enter the last four digits of their credit card numbers before joining their clubs.
"This new layer of enhanced consumer protection reinforces the company's existing, longstanding pro-consumer Internet marketing policies," the statement said. More recently, the firm has required new customers to enter all 16 digits of their credit cards.
Affinion did not respond to requests for comment.
Brand-name companies like Priceline.com, Hotwire.com and 1-800-Flowers exploited the trust of consumers to trick them into signing up for the unwanted services.
Even as the U.S. Senate Committee on Commerce, Science and Transportation was holding its hearing on the practice, 1-800-Flowers tried a slight variation on the theme: It sent checks to consumers for small amounts, such as $9.30, in official-looking mailers. The checks (one of which was sent to this reporter) could easily be mistaken for refunds, and they were sent out at the same time that 1-800-Flowers customers were receiving e-mails about $10 coupons that were available as the result of a class-action lawsuit. But consumers who endorsed the checks and cashed them were enrolled in a fee-based travel discount service, using the same data-pass technique.
According to the check, the travel program -- called Elite Excursions -- was offered by Trilegiant Corp., part of Affinion. Connecticut-based Trilegiant paid $25 million in 2008 to settle a class-action lawsuit accusing it of billing consumers for products and subscriptions they'd never requested.
Joseph D. Pititto, spokesman for 1-800-Flowers, described the checks as an "old program, mailed out by a third party" and said the program was discontinued in December.
The Rockefeller report found that many consumers failed to complain to the original Web site they'd used because they often had no idea how they'd signed up for the travel club service. And the loyalty club companies went to great pains to keep consumers from making the connection.
An e-mail written by an Affinion executive to a 1-800-Flowers executive in November 2008, and obtained by Rockefeller's staff, revealed just how far the loyalty club firm would go to insulate clients from complaints.
"(Revealing partner information) is a STRICT no-no in our centers. We tell agents not to do it and don't give them our client's phone numbers and so on," the e-mail read. "If we hear instances (of) it in our monitoring/test calls, they will fail that call and get dinged on their incentive payments."
Other major credit card processors are also taking action against the data pass tactic. Lisa Anselmo, a spokeswoman for American Express, said the firm already monitors merchants for "excessive disputes" and potentially deceptive or unfair practices. The firm's merchant regulations will soon be amended to require that merchants to "directly" obtain card information from card members.
"Card members will have to re-enter their card information ... in order to process the transaction," she said.
Chris Montero of MasterCard said that his firm's rules already prohibit data pass tactics. Firms that engaged in the practice were violating those rules, he said.
"There is awareness now, and enforcement of (the rules)," he said.