June 27, 2005 7:50 PM PDT

Lawsuit seeks disclosure in credit card heist

A lawsuit filed Monday intends to help consumers and merchants who were left in the dark after a digital break-in that put millions of credit card accounts at risk of fraud.

The class-action suit was filed in California Superior Court in San Francisco against CardSystems Solutions, Visa and MasterCard on behalf of California credit card holders and card-accepting merchants, according to a copy of the suit.

The lawsuit accuses the companies of violating California law by neglecting to secure credit card systems and by failing to inform consumers in a timely manner about the security breach at payment processor CardSystems, which was disclosed publicly on June 17 by MasterCard.

In the break-in, intruders got access to details on about 40 million credit cards. Records covering about 200,000 cards are thought to have been transferred out of CardSystems' network. Despite this, credit card companies have said they would not notify customers unless the accounts are actually abused.

The lawsuit asks for CardSystems, Visa and MasterCard to inform consumers whose personal information was exposed and give special notice to those whose data was confirmed stolen. All involved should also get access to a credit-monitoring service, according to the suit.

Additionally, the credit card companies should waive any charge-back fees or penalties to merchants in the case of fraudulent transactions that involve any of the credit cards involved in the security breach, said Ira Rothken, the San Rafael, Calif.-based attorney who filed the suit.

Retailers may have more to lose than consumers by the lack of notification. If a criminal makes an unauthorized purchase on an individual's card, the cardholder is typically protected. Businesses, however, in many cases have to cover the loss.

And if consumers aren't alerted, that means the compromised cards could still be active and may be used by criminals.

"Millions of consumers have had their private credit card data compromised and are just going to have to wait and see to what extent the data will be used fraudulently or exploited it in other ways. This is causing consumers enormous apprehension and concern," Rothken said.

Visa is currently reviewing the lawsuit, company spokeswoman Rosetta Jones said.

"We believe that consumers are protected through our fraud-monitoring technologies as well as our zero-liability fraud policy," she said. Representatives for MasterCard and CardSystems were not immediately available for comment.

Pressure keeps mounting for credit card companies to alert individual consumers. Lawmakers are also fighting for full disclosure in the event of a data security breach. People should be able to decide themselves if they want to close their account after their personal information has been leaked, lawmakers have said.

The suit was filed on behalf of Eric Parke, an individual holder of several Visa and MasterCard credit cards, and Royal Sleep Clearance Center, a business that accepts the cards. Both seek to represent classes of consumers and merchants, according to the suit.

While CardSystems, Visa and MasterCard are targeted by the suit, more defendants could be added as the case proceeds, Rothken said. The suit lists 200 unnamed defendants for that purpose.

1 comment

Join the conversation!
Add your comment
This is a criminal act of theft by the credit card companies
If you know it is reasonable that a crime could occur (fraud) and you have the means to prevent it (cancel all the stolen cards) isn't it a crime to do nothing? Criminal Negligence???

This is exactly what the credit card companies are doing. It is possible that each and every card no. that was stolen could be used in a fraudulent transaction, yet the credit card companies are doing nothing to prevent this. Not only are they not notifying their customers, they are also allowing these fraudulent cards to stay in the system and be approved for any future transaction.

When a merchant accepts a card, they run the card thru their system and get an approval code from the processor. Based on this information, the merchant provides the product or service to the purchaser. Now, if this purchase was done with a stolen card, the merchant does not find out until the actual card holder reports the incident to their card company. By this time, the product or service is no longer recoverable. At this point, the credit card companies process a chargeback against the merchant. What this means is they deduct the original amount of the charge plus a fee of $25-50 from the merchants bank account. Now the merchant has lost the product or service, the payment received for that product or service and an additional fee of $25-50. This would be considered theft on the part of the fraudster. (Receiving goods or services with no intention of paying for them.)

Back to the credit card company&&it is reasonable and probable that a crime such as this will take place with the info that has been compromised. The only reason this crime occurred was because of the negligence of the credit card companies. Had they cancelled the card, there would never have been an approval given on the transaction and the merchant would still have his product. Looking at it this way, the credit card companies are basically an accessory to theft. It is their actions alone that allow the theft to occur and they are profiting from the transaction via the chargeback fees.

It is time we stop letting these companies walk all over us and finally do something about it. They are 100% responsible for every transaction that is made on these accounts. They complain that canceling all the cards would cost them roughly $35.00 a card. The expense is too high. What you dont see is the potential for the credit card companies to make $25-50 per transaction each time one of these cards is used. On 200,000 cards each used only once, that is a profit of $5-$10 million dollars. If a fraudster is able to complete a purchase with one of these cards, I can guarantee they will make more purchases. If each card was used in 5 fraudulent transactions, the credit card companies have the potential of raking in $50 million dollars or more. They are knowingly stealing from the merchants who agree to accept their cards as payment. With this kind of money involved, it almost makes me wonder if the credit card companies themselves did not plan this breach of data!
Posted by (1 comment )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.