[ISN] Rare Legal Fight Takes On Credit Card Company Security Standards and Fines

From: InfoSec News <alerts_at_private>
Date: Thu, 12 Jan 2012 03:39:59 -0600 (CST)

By Kim Zetter
Threat Level
January 11, 2012

A small celebrity-friendly restaurant in Utah is finally doing what many 
merchants have only dreamed of doing for a long time — taking on a part 
of the payment card industry’s powerful but flawed system for securing 
card data by fining merchants for failing to secure their data.

Stephen and Theodora “Cissy” McComb, owners of Cisero’s Ristorante and 
Nightclub in Park City, Utah, have filed a lawsuit against U.S. Bank 
claiming that the financial institution, which used to process the 
restaurant’s credit and debit card transactions, wrongfully seized money 
from the McCombs’ merchant bank account.

U.S. Bank seized about $10,000 from the McCombs’ account to pay $90,000 
in fines that Visa and MasterCard imposed after alleging that Cisero’s 
had failed to secure its network and suffered a data breach that 
resulted in fraudulent charges on customer bank cards. U.S. Bank sued 
the McCombs to obtain the remaining balance on the fines, saying a 
contract the McCombs signed with the bank makes them liable for such 

But in their countersuit against U.S. Bank (.pdf), the McCombs allege 
that the bank, and the payment card industry (PCI) in general, force 
merchants to sign one-sided contracts that are based on information that 
arbitrarily changes without notice, and that they impose random fines on 
merchants without providing proof of a breach or of fraudulent losses 
and without allowing merchants a meaningful opportunity to dispute 
claims before money is seized.


Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
Received on Thu Jan 12 2012 - 01:39:59 PST

This archive was generated by hypermail 2.2.0 : Thu Jan 12 2012 - 01:54:52 PST