July 7, 2005

A major class action lawsuit has been filed after millions of credit card accounts were seriously compromised by a hacker at third-party payment processor CardSystems Solutions. The suit now also asks for unspecified financial damages for both merchants and consumers alike.

The amended complaint was filed on behalf of California credit card holders and card-accepting merchants Wednesday in California Superior Court in San Francisco.

The suit, originally filed on June 27, names as defendants CardSystems, MasterCard, Visa and Merrick Bank, a card-issuing bank that used CardSystems to process transactions. None of the defendants could be reached for comment late Wednesday.

.... Advertisement ....

The suit accuses the companies of violating California law by neglecting to secure credit card systems and by failing to inform consumers in a timely manner about a security breach at CardSystems, which was disclosed publicly on June 17 by MasterCard.

The suit asks for consumers whose information was exposed to be informed and granted access to a credit-monitoring service. Additionally, according to the suit, credit card companies should waive any charge-back fees or penalties to merchants in the case of fraudulent transactions that involve any of the credit cards involved in the security breach.

Intruders got access to details on about 40 million credit cards. Records covering about 200,000 cards are thought to have been transferred out of CardSystems' network. Credit card companies have said they would not notify customers unless the accounts are actually abused.

The updated complaint also charges that MasterCard, Visa and Merrick Bank knew or should have known that CardSystems failed security audits and did not comply with credit card industry security standards, said Ira Rothken, the San Rafael, Calif., lawyer who filed the suit. Yet they continued to allow the company to process transactions, he said.

"In light of the notion that CardSystems failed multiple security audits, this is much more serious than we originally thought," Rothken said in an interview Wednesday. "We're asking for damages against all the defendants proportionate to their wrongful conduct."

The amended suit also adds Andrew Schultz as a plaintiff. Schultz, a resident of Marin County, Calif., had his Visa debit card data compromised in the CardSystems breach, Rothken said.

The suit was originally filed on behalf of Eric Parke, a holder of several MasterCard and Visa credit cards, and Royal Sleep Clearance Center, a business that accepts the cards. The three plaintiffs seek to represent classes of consumers and merchants.

Previous Next Retailers may have more to lose than consumers by the lack of notification. If a criminal makes an unauthorized purchase on an individual's card, the cardholder is typically protected. But in many cases, businesses have to cover the loss.

And if consumers aren't alerted, that means the compromised cards could still be active and may be used by criminals.

More defendants could be added as the case proceeds. The suit lists 200 unnamed defendants for that purpose.

Source: C-Net News

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.