29 July 2022                                      

  1. Dispute

The Dispute relates to whether or not the Customer is entitled to receive a computer-generated receipt when making a payment by cash for his monthly Provider account at the (redacted) Provider store, without providing identification.

 

  1. Dispute outcome

The Customer’s complaint is not upheld.

 

  1. Final determination

Attached to this decision are the following supporting documents:

Appendix 1   (redacted)

Appendix 2   (redacted)  

Appendix 3   (redacted)

In making this determination I have considered the information provided by the Customer and Provider and

  • Fairness in all the circumstances
  • New Zealand law
  • The New Zealand Telecommunications Forum Customer Complaints Code (CCC) and its service standards, including position statements; and
  • Any other relevant telecommunications code.

Having discussed this with Customer and Provider on 27th and 28th July 2022 I am satisfied that there is no settlement of the dispute.  Therefore, I make the following determination:

 

  1. The Dispute

The Customer is wanting to pay his Provider account at the (redacted)  Provider store in cash and receive a computer-generated receipt. The store is not prepared to accept the Customer’s money and generate a receipt without first sighting identification.  The Customer is not willing to produce identification.

 

  1. Positions of the respective parties
Customers position

The Customer tells me he has been a loyal customer of the Provider. Over this time he has been paying for two or three Provider accounts.  When he was no longer able to pay his account by cheque, in approximately May 2021, he had been making payments in cash and, until recently, had received a computer-generated receipt.

On his last visit to the (redacted) Provider store the Customer was asked to provide identification and was told that this was a requirement before any customer information could be given out i.e. the information that would be provided on the receipt.  The Customer was not willing to show identification, nor was he willing to hand over cash without proof of payment.

The Customer was advised that the requirement for identification was a privacy issue. However, he has pointed out that the only difference between the payment slip and the receipt (copies of which were provided) is the address of the account holder which could easily be discovered by looking in White Pages.

The Customer is saying that as he is not purchasing anything on the account and ought to be able to make a cash payment without there being any privacy risk.

 

Provider’s position

The provider say that it takes the security and privacy of its customers’ information with the utmost seriousness. It has a strict authorisation check to confirm the identity of individuals before releasing or modifying the details of a customer’s account or providing information to or about individuals. The provider has no restrictions on who pays the accounts as it recognises there are various situations customers may be in.

When paying an account through a Provider store, it is possible to request a receipt for the payment and the Provider is happy to provide it to the account holder when the account holder has been appropriately identified.  The receipts include account specific, sensitive and personal details: ie Customer name, address, account number, payment date and amount. Should the individual not have ID, or decline to provide ID, Provider agents will offer to send a digital copy of the receipt to the email registered on the account. By providing a receipt without adhering to Provider’s security protocols it could risk the customer’s account being used for fraudulent purposes.

The Provider is not indicating that the Customer is in any way fraudulent, rather that the process is in place to protect him and others from possible scams and fraudulent activity.

 

  1. Reasons for the decision

It is understandable that the Customer is aggrieved that he is being told that he is no longer able to pay his account with cash and receive a store-generated receipt, without producing identification, when he has been doing that for the past several months.

The Provider has said the change occurred due to the (redacted) Provider store looking more closely at its security protocols and admit that it may not have been as rigorous as it ought to have been in the past.

The Customer has been advised that he can still make payment in store without producing identification and the receipt will be sent digitally to the account holder.  This is obviously unsatisfactory when cash is involved, and the Customer is also wise not to hand over cash without some form of receipt before leaving the store.

During the course of attempting to reach a resolution for the Customer, the Provider agreed that the Customer could make his payment in cash and the amount and date could be recorded in writing, initialled by the store agent who would also put his or her identification number on the account. A digital receipt could also follow this transaction if requested.  The Customer did not accept this as a resolution maintaining that he ought to be able to pay in cash and obtain a computer-generated receipt while in store without the need to provide identification.

There is no legal requirement in New Zealand for a receipt to be issued. However receipts are part of normal business practice and any prudent payee would be sensible to request confirmation of payment.  In this instance the Provider is not declining a receipt but merely abiding by its overall privacy policy when issuing a receipt that has confidential account information.

The Provider notes on its website that it complies with the Privacy Act 2020 and the Telecommunications Information Privacy Code 2020.  Rule 11 of the Code limits disclosure of telecommunications information to the individual concerned.  Asking for identity is the only way of confirming the above rule is complied with.

The Provider’s terms and conditions refers users to its privacy policy and outlines the steps taken to keep personal information safe and secure.

In today’s world where scamming and fraudulent transactions are becoming more sophisticated across digital platforms, any attempts to safeguard a customer’s account should be viewed as a positive step.  For this particular Customer, who is able to produce the payment slip containing most of the account information, there seems little risk of a privacy breach. However, by refusing an identity check the Customer is raising a ‘red flag’ of the type that Provider agents have been trained to take note of. Provider agents are trained to be helpful to customers but also to balance their interactions with the need to protect customer information. The Provider’s privacy policy is an overall policy designed to protect all customers and situations however small the risk may be.

This is not a case of Provider refusing to provide a receipt for a cash payment, but rather the type of receipt that they will hand to a person who does not want to offer proof of identity. Anyone can make a payment on behalf of someone else and identity checks are commonplace both in person and when communicating by telephone.

For the above reasons I determine that the Provider agent is acting correctly when requesting identification from the customer before issuing a computer-generated receipt.