[ISN] Michaels Breach: Who's Liable?

From: InfoSec News <alerts_at_private>
Date: Mon, 23 May 2011 04:09:21 -0500 (CDT)

By Tracy Kitten
Managing Editor
Bank Info Security
May 22, 2011 

A Chicago consumer affected by the Michaels card breach has filed a 
federal lawsuit against the crafts retailer, claiming it should have 
better protected customers' cards from breach and compromise.

Brandi F. Ramundo had more than $1,300 withdrawn from her checking 
account, after reportedly making a debit purchase worth less than $20 at 
Michaels. Her five-count suit seeks class-action status, a jury trial, 
compensatory damages, and consequential and statutory damages. It also 
includes an order for Michaels to pay for card-fraud monitoring services 
for consumers hit by the scam, as well as compensation and punitive 
damages for costs associated with the suit.

Ramundo's suit raises questions about liability after a card breach 
fraud. What role should merchants play, when it comes to ensuring 
transactional security, and how should financial institutions, as 
card-issuers, fall into the fray?

Attorney Randy Sabett, partner and co-chair of the Internet and Data 
Protection practice at law firm SNR Denton LLP, says the liability lines 
are often blurred and hard to define after a breach. Despite that card 
fraud usually occurs outside banking institutions' control, banks and 
credit unions, as the card issuers, usually absorb losses and expenses 
associated with breach recovery.


Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
Received on Mon May 23 2011 - 02:09:21 PDT

This archive was generated by hypermail 2.2.0 : Mon May 23 2011 - 02:13:34 PDT