September 27, 2005 4:09 PM PDT

Judge looks for links in credit card case

SAN FRANCISCO--A judge has asked Visa and MasterCard to disclose details about their relationship with CardSystems Solutions, the payment processor that was the subject of a high-profile data security breach.

The information, such as contracts between the companies, should help determine whether the credit card companies have responsibility under California law to notify consumers whose personal details were exposed in the CardSystems breach, San Francisco Superior Court Judge Richard Kramer said Tuesday during a court hearing here.

Visa, MasterCard, Merrick Bank and CardSystems were sued in June on behalf of California credit card holders and card-accepting merchants. The suit seeks to test a state law that requires consumer notification after personal information stored on computers is lost, stolen or breached.

On Friday, Kramer denied a request for a preliminary injunction that would have required the credit card companies to tell individual California credit card holders that their account information was exposed in the CardSystems breach.

The digital break-in at CardSystems was publicly disclosed by MasterCard on June 17. Intruders got access to details on about 40 million credit cards. Records of more than 200,000 cards are thought to have been transferred out of CardSystems' network. Visa and MasterCard maintain that notification responsibility falls with the banks that issue credit cards because they have direct relationships with the affected customers.

Kramer said he wants to be clear on which defendants fall under California civil code section 1798.82, the notification statute. While it is clear that the breach was at CardSystems, the law applies to entities that "own or license" personal information about Californians. Plaintiffs in the case say that includes Visa, MasterCard and Merrick.

"I believe we have to figure out whether indeed Visa, MasterCard and Merrick are covered by the statute. They don't seem to own the data, but the plaintiffs' view is that they are operating with a license," Kramer said. He ordered all parties to prepare for a trial on that matter and to exchange information.

Plaintiff attorney Ira Rothken said he was pleased with the outcome of Tuesday's hearing. "We're going to get to do some discovery and tee up the most important question in this case," he said. Rothken believes all defendants fall under the California law. "We believe they are all intimately intertwined," he said.

MasterCard, Merrick and Visa have argued that the statute does not apply to them.

Another hearing in the case has been scheduled for Oct. 24.

2 comments

Join the conversation!
Add your comment
Weasels
These guys are splitting hairs to divest themselves of all responsibilities, and are too cheap to instigate the requirements as required by California law! Weasels, can only be a polite description!
Posted by heystoopid (691 comments )
Reply Link Flag
Mean while back at the...
ranch, thousands of unsuspecting consumers are in jepardy. The judge has so far let the credit card companys. of the hook for months if not years while customers identities are stolen. Who is going to pay for that?
Posted by wtortorici (102 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.