Microsoft will cough up $1.2m to settle a class-action lawsuit after its retail stores leaked a little too much information about shoppers' payment cards.
On Friday, the Redmond giant agreed to give up roughly seven minutes of its quarterly revenue to a gaggle of Microsoft Store customers who claimed that their receipts displayed more of their payment card numbers than legally allowed.
The lawsuit [PDF], filed in the Southern Florida US District Court in 2015, was headed up by Carlos Guarisma, who made a purchase that year at the Microsoft Store in Aventura, Florida.
The receipt had, among other details on it, Guarisma's name, the name of the salesperson – and most importantly, the first six and last four digits of his payment card number. That's more than half the number of card number digits.
According to the 2003 US Fair and Accurate Credit Transactions Act (FACTA), retailers may only print the last five numbers of a payment card on the receipt. The law, designed to curb identity theft and fraud, has required compliance since 2006.
The lawsuit claims that, despite have known of the regulations for years and having an extensive staff dedicated to privacy and compliance, Microsoft looked the other way as its POS (point of service) terminals violated the law.
"Despite the clear language of the statute, Defendant willfully or knowingly chose not to comply," the claim reads. Guarisma filed suit against Microsoft on behalf of everyone who used a card to make a purchase at the Microsoft store between November 2013 and February 24 of this year.
According to the proposed terms of the settlement [PDF], Microsoft will kick over $1,194,696 to pay out to the affected shoppers in the US, who will individually be able to claim up to $100 if they come forward to complain. The payout will also cover attorneys' fees not to exceed one-third of the total package (roughly $400,000). Guarisma, as lead complainant, stands to get roughly $10,000.
The settlement is now awaiting approval and certification by Judge Cecilia Altonaga. ®
A Microsoft spokesperson contacted The Register to say: "This was a technical bug that we fixed immediately when it was brought to our attention. We're pleased this matter is resolved and are committed to protecting our customers."