BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

follow-up: Rare Legal Fight Takes On Credit Card Company Security Standards and Fines

From: security curmudgeon <jericho () attrition org>
Date: Thu, 12 Jan 2012 14:52:49 -0600 (CST)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.wired.com/threatlevel/2012/01/pci-lawsuit/

By Kim Zetter
Threat Level
Wired.com
January 11, 2012

A small celebrity-friendly restaurant in Utah is finally doing what many 
merchants have only dreamed of doing for a long time ? taking on a part of 
the payment card industry?s powerful but flawed system for securing card 
data by fining merchants for failing to secure their data.

Stephen and Theodora ?Cissy? McComb, owners of Cisero?s Ristorante and 
Nightclub in Park City, Utah, have filed a lawsuit against U.S. Bank 
claiming that the financial institution, which used to process the 
restaurant?s credit and debit card transactions, wrongfully seized money 
from the McCombs? merchant bank account.

U.S. Bank seized about $10,000 from the McCombs? account to pay $90,000 in 
fines that Visa and MasterCard imposed after alleging that Cisero?s had 
failed to secure its network and suffered a data breach that resulted in 
fraudulent charges on customer bank cards. U.S. Bank sued the McCombs to 
obtain the remaining balance on the fines, saying a contract the McCombs 
signed with the bank makes them liable for such fines.

But in their countersuit against U.S. Bank (.pdf), the McCombs allege that 
the bank, and the payment card industry (PCI) in general, force merchants 
to sign one-sided contracts that are based on information that arbitrarily 
changes without notice, and that they impose random fines on merchants 
without providing proof of a breach or of fraudulent losses and without 
allowing merchants a meaningful opportunity to dispute claims before money 
is seized.

[...]

_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Small, inexpensive USB drives pose huge threats to organizations left unprotected. 
Download Chapter 1 of CREDANT Technologies eBook
Data Protection to the Rescue
http://www.credant.com/campaigns/external_media_ebook/chapter1/lp/
Previous By Date Next
Previous By Thread Next

Current thread: