September 27, 2005
A state judge in California ruled last week that credit card companies
MasterCard and Visa won't have to send specific individual warnings
to the thousands of consumers whose personal account details were
stolen during an Internet security breach uncovered earlier in 2005.
Lawyer Ira Rothken said a California state law will be rendered
"ineffective" if the most vulnerable users affected by the CardSystems
Internet security breach aren't warned first-hand about their exposure
to credit card fraud.
In turn, the ruling judge criticized the consumer lawsuit brought
by Rothken for being too vague and open to confusion.
"I don't see the emergency," San Francisco Superior Court Judge Richard Kramer said in rejecting a request for an order against the nation's two largest credit card associations. "I don't think there is an immediate threat of irreparable injury" to consumers.
The ruling represents a setback for a consumer lawsuit targeting Visa and MasterCard for a computer security breakdown that occurred between August 2004 and May at CardSystems Solutions, a payment processor for merchants.
The breach, initially disclosed by MasterCard three months ago, exposed up to 40 million credit and debit accounts to potential abuse. The still-unknown computer hacker grabbed enough sensitive account information to defraud at least 264,000 account holders, according to evidence gathered in the case so far.
Although the scope of the CardSystems break-in has been generally outlined, the credit card associations haven't sent warnings to the most vulnerable customers.
San Rafael, Calif., attorney Ira Rothken, who filed the lawsuit, argued that Visa and MasterCard at least should be required to notify the Californians whose account information was stolen.
The notification request was made under a 2-year-old California law that has been widely copied across the country to help ensure consumers are alerted when their personal or financial information stored on a computer is lost, stolen or breached.
Rothken argued that the law will be rendered "ineffectual" if the most vulnerable customers affected by the CardSystems breach aren't warned about their exposure to fraud.
Both Visa and MasterCard argued they shouldn't be obligated to send the notices because they don't have direct relationships with the account holders, whose cards were issued by thousands of banks that belong to the associations.
San Francisco-based Visa and Purchase, N.Y.-based MasterCard provide processing and marketing services to the banks.
Rothken contends California law requires warning notices be issued as quickly as possible so customers can take the necessary steps to protect themselves. "They [shouldn't] have to sit there and pray nothing bad happens to them," he told Kramer.
MasterCard attorney Gary Halling countered that the law's disclosure intent had already been satisfied because the mid-June press release that announced the CardSystems breach had attracted prominent media coverage throughout California and spurred a hearing in U.S. Congress.
If individual notices were sent, more customers might request a replacement card -- something that could be expensive for the industry. Each replacement account costs about US$35.
.... Advertisement ....
Visa and MasterCard have maintained there is little financial risk to even the most vulnerable account holders because of their "zero liability" policies that reverse all fraudulent charges.
What's more, the chances of identity theft are minimal, Visa and MasterCard said, because Social Security numbers and home addresses weren't taken in the CardSystems breach. The theft involved customer names, account numbers and security codes, providing the tools for criminals to make bogus credit and debit cards.
In his oral ruling, Kramer criticized the consumer lawsuit for being too vague.
"We have a complex case with complex legal questions that got wrapped into a ball and rolled in here," Kramer said. "It's just not presented in a way that a court can rationally deal with at this time."
Source: eCommerce Times
Advertise on E-Commerce News
If you have a product or service that deals with the ecommerce
or ebusiness field, advertising on E-Commerce News can bring
you new sales leads and close new marketing channels. This news
portal is read by over 25,000 people a week.
Businessmen and woman that either own an ecommerce website, an
ebusiness franchise, a B2B commercial exchange or by people in all walks
of life that need to keep abreast of this fast-changing field. For
more information on the many advantages of advertising on our news
portal or to request pricing information, please send us an
and a marketing representative will be glad to answer you