July 7, 2005 6:25 AM PDT

Credit card suit now seeks damages

A class action lawsuit filed after millions of credit card accounts were compromised by a data breach at payment processor CardSystems Solutions now also demands unspecified monetary damages for consumers and merchants.

The amended complaint was filed on behalf of California credit card holders and card-accepting merchants Wednesday in California Superior Court in San Francisco.

The suit, originally filed on June 27, names as defendants CardSystems, MasterCard, Visa and Merrick Bank, a card-issuing bank that used CardSystems to process transactions. None of the defendants could be reached for comment late Wednesday.

The suit accuses the companies of violating California law by neglecting to secure credit card systems and by failing to inform consumers in a timely manner about a security breach at CardSystems, which was disclosed publicly on June 17 by MasterCard.

The suit asks for consumers whose information was exposed to be informed and granted access to a credit-monitoring service. Additionally, according to the suit, credit card companies should waive any charge-back fees or penalties to merchants in the case of fraudulent transactions that involve any of the credit cards involved in the security breach.

Intruders got access to details on about 40 million credit cards. Records covering about 200,000 cards are thought to have been transferred out of CardSystems' network. Credit card companies have said they would not notify customers unless the accounts are actually abused.

The updated complaint also charges that MasterCard, Visa and Merrick Bank knew or should have known that CardSystems failed security audits and did not comply with credit card industry security standards, said Ira Rothken, the San Rafael, Calif., lawyer who filed the suit. Yet they continued to allow the company to process transactions, he said.

"In light of the notion that CardSystems failed multiple security audits, this is much more serious than we originally thought," Rothken said in an interview Wednesday. "We're asking for damages against all the defendants proportionate to their wrongful conduct."

The amended suit also adds Andrew Schultz as a plaintiff. Schultz, a resident of Marin County, Calif., had his Visa debit card data compromised in the CardSystems breach, Rothken said.

The suit was originally filed on behalf of Eric Parke, a holder of several MasterCard and Visa credit cards, and Royal Sleep Clearance Center, a business that accepts the cards. The three plaintiffs seek to represent classes of consumers and merchants.

Retailers may have more to lose than consumers by the lack of notification. If a criminal makes an unauthorized purchase on an individual's card, the cardholder is typically protected. But in many cases, businesses have to cover the loss.

And if consumers aren't alerted, that means the compromised cards could still be active and may be used by criminals.

More defendants could be added as the case proceeds. The suit lists 200 unnamed defendants for that purpose.


Join the conversation!
Add your comment
Credit Card Companies and Retailers Contribute to Identity Theft
What you are seeing here his a misuse of the power of credit.
Credit Card companies like those named in the suit will continue
to do "business as usual", without the reprocussions that the
retailers and the consumers alike will feel.

As a web developer currently working on a merchant/shopping
cart system for a client, I will tell you that the process buy which
these bank's allow the merchants to process credit cards online
is just plain wrong.

It almost seems that there is very little requlation, if any, that is
used angainst the credit card companies, let alone the online
merchants. The only way to secure your online transactions is
way! There is not other way!

Here is my advice to all that is reading this article:
Don't use any, any, online service to buy your goods unless they
offer REAL TIME (meaning that the CC information is checked
immediatley at time of perchase).

This would ensure a safe transaction everytime and leave the
merchants with a sence of security knowing if a transaction were
to go through, it would be the Bank or Credit Card Companies
fault if anything went wrong.

Real Time Credit Card Processing, The only safe alternative to
online shopping!

Posted by OneWithTech (196 comments )
Reply Link Flag
None of the defendants could not be...
Well then where are their comments?
Posted by logic_ration (4 comments )
Reply Link Flag
Fixed, thanks
Thanks for pointing that out. It has been fixed. None could be reached late Wednesday.
Posted by JorisEvers (48 comments )
Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.