John Sinibaldi v. Redbox Automated Retail

Opinion by Judge CLIFTON; Dissent by Judge REINHARDT.

OPINION

CLIFTON, Circuit Judge:

Plaintiffs John Sinibaldi and Nicolle Di-Simone appeal the dismissal of a putative class action alleging violations of California’s Song-Beverly Credit Card Act of 1971, which prohibits retailers from collecting personal identification information in connection with credit card transactions. See Cal. Civ.Code § 1747.08. Defendant Redbox Automated Retail, LLC operates self-service kiosks throughout California and elsewhere in the United States. Customers use the kiosks to rent movies and video games, using credit and debit cards to pay the charges. As part of the process, Redbox requires customers who obtain discs from the kiosks to provide their ZIP codes. Plaintiffs allege that, by imposing that requirement on customers using credit cards in California, Redbox has violated the Act.

We conclude that Redbox’s alleged conduct does not violate the Act. The statute exempts certain transactions, including those where “the credit card is being used as a deposit to secure payment in the event of default, loss, damage, or similar occurrence.” Cal. Civ.Code § 1747.08(c)(1). The Redbox transaction fits within that exception. We affirm the dismissal of the action.

I. Background

Redbox owns and operates more than 30,000 kiosks nationwide. The kiosks are usually located outside retail locations, including grocery stores, drug stores, and fast-food restaurants. Living up to the name, each Redbox kiosk is bright red. It can hold approximately 630 discs representing 200 unique movie titles or video games. No employee is present to tend to the kiosk on an ongoing basis. The transaction with the customer is fully automated.

To rent a movie or game at a Redbox kiosk, the customer uses a touch screen to select from the titles displayed. After selecting one or more titles and proceeding to the check-out screen, the customer is prompted to swipe a credit or debit card through a built-in card reader. The kiosk screen then displays the following statement: “For security reasons, please enter the ZIP code associated with your card’s billing address, and press ‘ENTER.’ ” After the customer enters a 5-digit number and the transaction representing one day’s worth of charges clears, the kiosk vends the selected titles.1

*705Most DVD rentals cost $1 per day. At the time of the rental, the customer’s card is charged the fee for one day. A customer may keep a rented disc longer at the same daily rate. When the customer returns the disc, the customer’s credit card is charged for any additional days beyond the initial one-day rental period, up to a maximum of $25 for DVDs, $34.50 for Blu-ray discs, and $60 for video games. If the disc is not returned before the maximum fee is reached, the customer’s credit card is charged that maximum fee. These additional charges are processed automatically from the credit card information on file. The customer is not required to swipe a credit card or enter a ZIP code upon returning rentals.

Based on these facts, Plaintiffs allege that Redbox violated § 1747.08 of the Act by requesting personal identification information in connection with a credit card transaction. Section 1747.08(a) provides that “no ... corporation that accepts credit cards for the transaction of business shall ... [r]equest, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to provide personal identification information.”2 The California Supreme Court has held that a ZIP code is personal identification information within the meaning of § 1747.08. Pineda v. Williams-Sonoma Stores, Inc., 51 Cal.4th 524, 120 Cal.Rptr.3d 531, 246 P.3d 612 (2011). Redbox’s request for a ZIP code prior to the completion of the rental transaction is thus a request for personal identification information within the meaning of the Act.

The district court held that the Act does not apply to Redbox’s unmanned kiosk transactions because, in light of the potential for fraud in such transactions, the legislature could not have meant for them to fall within the statutory privacy protection scheme. Mehrens v. Redbox Automated Retail LLC, 2012 WL 77220 at *3-4 (C.D.Cal. Jan. 6, 2012) (citing Saulic v. Symantec Corp., 596 F.Supp.2d 1323, 1333-34 (C.D.Cal.2009)). See also Apple, Inc. v. Superior Court, 56 Cal.4th 128, 151 Cal.Rptr.3d 841, 292 P.3d 883, 884 (2013) *706(holding that § 1747.08 does not apply to online purchases of electronically down-loadable products).

On appeal, Plaintiffs challenge the district court’s holding, contending that § 1747.08 applies to Redbox kiosk transactions because they are in-person, card-present transactions that present less risk of fraud than online purchases. We decline to decide that question. Instead, we affirm on an alternative ground: the statute’s rental deposit exception.

II. Discussion

We review dismissal under Rule 12(b)(6) de novo. Metzler Inv. GMBH v. Corinthian Colleges, Inc., 540 F.3d 1049, 1061 (9th Cir.2008). For this purpose, we accept factual allegations in the complaint as true. Tellabs, Inc. v. Makor Issues & Rights, Ltd., 551 U.S. 308, 322, 127 S.Ct. 2499, 168 L.Ed.2d 179 (2007). If support exists in the record, a dismissal may be affirmed on any proper ground. Johnson v. Riverside Healthcare Sys., LP, 534 F.3d 1116, 1121 (9th Cir.2008).

The Act, in Section § 1747.08(a) of the California Civil Code, prohibits the collection of personal information in connection with a credit card transaction, “[ejxcept as provided in subdivision (c).” Section 1747.08(c), in turn, specifies that the prohibition in subdivision (a) does not apply in certain instances.3 One of those instances is “[i]f the credit card is being used as a deposit to secure payment in the event of default, loss, damage, or other similar occurrence.” Cal. Civ.Code § 1747.08(c)(1).

The California Supreme Court has not addressed the scope of that exception. “When the state’s highest court has not squarely addressed an issue, we must predict how [it] would decide the issue using intermediate appellate court decisions, decisions from other jurisdictions, statutes, treatises and restatements for guidance.” Alliance for Prop. Rights & Fiscal Responsibility v. City of Idaho Falls, 742 F.3d 1100, 1102 (9th Cir.2013) (internal quotation marks omitted). As we are aware of no intermediate appellate decisions, decisions from other jurisdictions, treatises, or restatements interpreting the rental deposit exception, we focus on the language of the statute itself to predict how the California Supreme Court would decide the issue, and conclude that it would hold that the exception applies here.

When a customer swipes his credit card at a Redbox kiosk, Redbox immediately charges the credit card for the first day’s rental. Redbox also stores the cred*707it card information. The credit card information permits Redbox to collect the additional amount owed should the customer choose to keep the movie or game for additional days or if it is never returned. In other words, the credit card is “being used as a deposit to secure payment in the event of default, loss, damage, or other similar occurrence.” We conclude that the California Supreme Court would hold Red-box’s collection of personal identification information in connection with kiosk rental transactions exempt under § 1747.08(c)(1), if that court held such transactions were covered under § 1747.08(a) in the first place.

Plaintiffs argue that the Redbox transaction does not involve a “deposit” by defining the term “deposit” to mean “a prospective, contingent payment of money or value to a seller of goods or services to secure against some potential loss.” To fit within § 1747.08(c)(1), Plaintiffs contend, Redbox would have to charge the credit card a certain amount as a “deposit” in advance and then credit any excess funds back when the customer returns the DVD. If Redbox did that, plaintiffs acknowledge, “an actual deposit would have ‘secure[d] payment in the event of default, loss, damage.’ ” Because that is not what Redbox does, according to Plaintiffs, the credit card is not being used by Redbox as a deposit.

We reject Plaintiffs’ artificially narrow definition of using a credit card as a deposit to secure payment. Vendors such as rental ear companies, hotels, or Redbox, may use a customer’s credit card to secure payment in multiple ways. One way would be in the manner acknowledged by Plaintiffs to involve a deposit—charging the credit card a certain amount in advance and refunding any excess when the product is returned or the hotel room is vacated. But a credit card can provide security whether or not money is drawn from the credit card account in advance. A vendor can also put a hold on part of the credit limit available under the credit card, by “preauthorizing” a charge of that amount without actually drawing those funds. A third variation, the one used by Redbox, is simply to hold the credit card information on file with the authorization to charge the card for any additional amounts owing later. The different methods might vary in their transaction costs, level of security, and the amount of remaining credit balance available to the customer, but in each instance the credit card is “being used as a deposit to secure payment in the event of default, loss, damage, or other similar occurrence.” All the methods fall within the language of the statutory exclusion, both logically and literally.4

The dictionary definition of “deposit” also supports a broader reading than that which Plaintiffs propose. That term is defined in Webster’s Third New International Dictionary (2002), for example, to include “something given as a pledge or security.”5 The credit card of the Redbox customer is given as a pledge or security, *708whether or not any funds are actually drawn by Redbox from the customer’s account in advance. Plaintiffs cite the online Merriam-Webster Dictionary, defining “deposit” as “something placed for safekeeping: as a) money deposited in a bank or b) money given as a pledge or down payment.”6 Even under that definition, though, the use of a credit card may qualify as “something placed for safekeeping” or “given as a pledge.”

Plaintiffs cite additional illustrations provided along with that definition by online Merriam-Webster Dictionary and argue that “[e]ach definition and example involved movement, a transfer of some kind.” But that is not necessarily the case. One of the illustrations cited by Plaintiffs is: “The rental car company requires a deposit for drivers under the age of 25.” When a rental car customer rents a car, the customer pledges the credit limit on his or her credit card as a deposit. That is true even if the rental car company does not actually draw money from the credit card account in advance. Even in instances where the company places a hold on some portion of the customer’s credit limit under the card, the hold does not entail an actual transfer of funds. Moreover, the actual charges may be more than the hold amount should, for example, the car be damaged or never returned. As long as the company can draw upon the customer’s credit line later if necessary, the associated credit card is serving to provide security to the rental car company.

When a Redbox customer swipes a credit card at the time of rental, the customer promises to be responsible for additional charges that might be owed if the disc is returned late or not at all. That promise is secured with the credit card. Redbox will use the credit card information already provided by the customer to charge the customer’s credit card account for the balance owed. In both literal and practical terms, the credit card serves as security.

Plaintiffs argue that Redbox might not always succeed in drawing upon a customer’s credit card later. They posit, for example, the case of a customer who uses a credit card with only $1.00 in available credit remaining to rent a DVD, noting that Redbox would be unable to charge anything further to that card in the future. Even in that rare scenario, Redbox could charge something later if the customer made a payment to bring down the outstanding credit card debt in the meantime. More importantly, something deposited to secure an obligation is pledged even if it turns out that it does not have enough value to cover the obligation. A watch presented to a pawn shop might be incorrectly valued and turn out not to be worth the money paid out, or could turn out to be stolen and be subsequently reclaimed by the rightful owner, but that doesn’t mean that the watch was never deposited at the pawn shop in the first place. The same is true for Plaintiffs’ scenario: even if Red-box might not ultimately be able to collect from the customer’s credit card in the future, the credit card is being used as a deposit.

There is no reason to think that the legislature, in enacting the statutory exception, limited it only to transactions where money is actually drawn from the customer’s credit card account in advance by the retailer, the form acknowledged by Plaintiffs to fit within the definition. We see no reason to differentiate between particular forms of credit card deposits, whether they be a current transfer, a hold, or merely the ability to run a charge in the *709future. Nothing indicates that the legislature intended such a distinction, and Plaintiffs have not provided a logical explanation for such a distinction. We decline to read it into the statute.

The dissenting opinion presents an alternative theory for why the rental deposit exception should not apply to the Redbox transaction, but it is no more persuasive than the argument offered by Plaintiffs. That theory is that, even if the credit card is used as a deposit, none of the later charges by Redbox to the customer’s credit card qualify under the statutory exception because the various contingencies are all part of the primary agreement between the customer and Redbox. But the statutory exception is not limited to a deposit to secure payment “in the event of default.” By its terms, it also applies “in the event of ... loss, damage, or similar occurrence.” No breach of the agreement between the customer and Redbox is required for the exception to apply.

Upon renting a DVD from Redbox, the customer agrees to pay the fee for one day, and that is all that Redbox initially charges the customer’s credit card. If the customer does not return the DVD after the first day, for whatever reason, it is effectively lost for each additional day because it is not available to be rented to someone else. That the additional charges, including the maximum cap, may be spelled out in the Redbox agreement does not change that fact. It is not beyond the contemplation of agreements between the parties in other rental contexts—for a car, a hotel room, or whatever—that a customer will be held responsible for loss or damage or similar additional charges. Rental agreements routinely provide that the renter is responsible for those charges. The credit card provided by the customer necessarily serves to secure any additional sum that might become owing. To say that additional charges are not covered because they might be contemplated in the agreement between the parties is to read the exception so narrowly as to make it disappear.

III. Conclusion

We hold that Redbox’s collection of personal information in connection with a kiosk rental transaction falls outside the reach of § 1747.08(a) of California’s Song-Beverly Credit Card Act because the customer’s credit card is used as a deposit to secure payment in the event of loss or late return.

Because the transaction is exempted under § 1747.08(c)(1), we affirm the dismissal of the action.

AFFIRMED.

. According to the complaint, it is not necessary to enter the ZIP code associated with the card's billing address for the transaction to clear. If the customer enters a random string of 5 digits, the kiosk will still accept the card and vend the disc. Plaintiffs therefore allege that the collection of personal information in the form of a ZIP code is not for security purposes but rather for market research: specifically, to determine where to locate future Redbox kiosks. We accept this allegation as true but do not discuss its implications because our holding does not depend on what Redbox does with the information it collects.

. The full text reads:

(a) Except as provided in subdivision (c), no person, firm, partnership, association, or corporation that accepts credit cards for the transaction of business shall do any of the following:
(1)Request, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to write any personal identification information upon the credit card transaction form or otherwise.
(2) Request, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to provide personal identification information, which the ... corporation accepting the credit card writes, causes to be written, or otherwise records upon the credit card transaction form or otherwise.
(3) Utilize, in any credit card transaction, a credit card form which contains preprinted spaces specifically designated for filling in any personal identification information of the cardholder.

Cal. Civ.Code § 1747.08(a). We take no position as to whether Redbox's alleged conduct, falls under any or all subsections of § 1747.08(a).

. The full text of the subdivision reads:

(c) Subdivision (a) does not apply in the following instances:
(1) If the credit card is being used as a deposit to secure payment in the event of default, loss, damage, or other similar occurrence.
(2) Cash advance transactions.
(3) If any of the following applies:
(A) The person, firm, partnership, association, or corporation accepting the credit card is contractually obligated to provide personal identification information in order to complete the credit card transaction.
(B) The person, firm, partnership, association, or corporation accepting the credit card in a sales transaction at a retail motor fuel dispenser or retail motor fuel payment island automated cashier uses the Zip Code information solely for prevention of fraud, theft, or identity theft.
(C)The person, firm, partnership, association, or corporation accepting the credit card is obligated to collect and record the personal identification information by federal or state law or regulation.
(4)If personal identification information is required for a special purpose incidental but related to the individual credit card transaction, including, but not limited to, information relating to shipping, delivery, servicing, or installation of the purchased merchandise, or for special orders.

Cal. Civ.Code § 1747.08(c)(1).

. Indeed, if a transfer of money were required to constitute a “deposit,” then it would arguably be the money drawn in advance that served as the deposit, not the credit card. The Redbox method might fit the language of the statutory exception more perfectly than the form of transaction acknowledged by Plaintiffs to fit within the statutory exception because Redbox is counting on the credit card to secure payment, not on money that it has already debited from the customer’s credit card account.

. Similarly, the Oxford American English Dictionary defines "deposit” as "a sum payable as a first installment on the purchase of something or as a pledge for a contract, the balance being payable later" (emphasis added). See http ://www. oxforddictionaries. com/us/ definition/american_english/deposit (last visited April 11, 2014).

. The citation provided by Plaintiffs is to Merriam-Webster, “Deposit,” available at http:// www.merriamwebster.com/dictionaiy/deposit (last visited June 28, 2013).