http://www.wired.com/threatlevel/2012/01/pci-lawsuit/ By Kim Zetter Threat Level Wired.com January 11, 2012 A small celebrity-friendly restaurant in Utah is finally doing what many merchants have only dreamed of doing for a long time — taking on a part of the payment card industry’s powerful but flawed system for securing card data by fining merchants for failing to secure their data. Stephen and Theodora “Cissy” McComb, owners of Cisero’s Ristorante and Nightclub in Park City, Utah, have filed a lawsuit against U.S. Bank claiming that the financial institution, which used to process the restaurant’s credit and debit card transactions, wrongfully seized money from the McCombs’ merchant bank account. U.S. Bank seized about $10,000 from the McCombs’ account to pay $90,000 in fines that Visa and MasterCard imposed after alleging that Cisero’s had failed to secure its network and suffered a data breach that resulted in fraudulent charges on customer bank cards. U.S. Bank sued the McCombs to obtain the remaining balance on the fines, saying a contract the McCombs signed with the bank makes them liable for such fines. But in their countersuit against U.S. Bank (.pdf), the McCombs allege that the bank, and the payment card industry (PCI) in general, force merchants to sign one-sided contracts that are based on information that arbitrarily changes without notice, and that they impose random fines on merchants without providing proof of a breach or of fraudulent losses and without allowing merchants a meaningful opportunity to dispute claims before money is seized. [...] _____________________________________________________ Did a friend send you this article? Make it your New Year's Resolution to subscribe to InfoSec News! http://www.infosecnews.org/mailman/listinfo/isnReceived on Thu Jan 12 2012 - 01:39:59 PST
This archive was generated by hypermail 2.2.0 : Thu Jan 12 2012 - 01:54:52 PST