Credit card firms don't have to warn individuals - AfroChat - African American

charliekilothree · September 26th, 2005, 09:36 PM

Judge rejects injunction request, finding no 'emergency' on data breach

SAN FRANCISCO - A California judge ruled Friday that Visa USA Inc. and MasterCard International Inc. don't have to send individual warnings to thousands of consumers whose personal account information was stolen during a high-tech heist uncovered earlier this year.

"I don't see the emergency," San Francisco Superior Court Judge Richard Kramer said in rejecting a request for a preliminary injunction against the nation's two largest credit card associations. "I don't think there is an immediate threat of irreparable injury" to consumers.

The ruling represents a setback for a pending consumer lawsuit targeting Visa and MasterCard for a computer security breakdown that occurred between August 2004 and May at CardSystems Solutions Inc., a payment processor for merchants.

The breach, initially disclosed by MasterCard three months ago, exposed up to 40 million credit and debit accounts to potential abuse. The still-unknown computer hacker grabbed enough sensitive account information to defraud at least 264,000 accountholders, according to evidence gathered in the case so far.

Although the scope of the CardSystems break-in has been generally outlined, the credit card associations haven't sent warnings to the most vulnerable customers. The preliminary injunction sought would have required the warnings be sent ahead of the actual trial, for which a date has not been set.

San Rafael, Calif., attorney Ira Rothken, who filed the lawsuit, argued Visa and MasterCard at least should be required to notify the Californians whose account information was stolen.

The notification request was made under a 2-year-old California law that has been widely copied across the country to help ensure consumers are alerted when their personal or financial information stored on a computer is lost, stolen or breached.

Rothken argued that the law will be rendered "ineffectual" if the most vulnerable customers affected by the CardSystems breach aren't warned about their exposure to fraud.

Both Visa and MasterCard argued they shouldn't be obligated to send the notices because they don't have direct relationships with the accountholders, whose cards were issued by thousands of banks that belong to the associations.

San Francisco-based Visa and Purchase, N.Y.-based MasterCard provide processing and marketing services to the banks.

Rothken contends California law requires warning notices be issued as quickly as possible so customers can take the necessary steps to protect themselves. "They (shouldn't) have to sit there and pray nothing bad happens to them," he told Kramer.

MasterCard attorney Gary Halling countered that the law's disclosure intent had already been satisfied because the mid-June press release that announced the CardSystems breach had attracted prominent media coverage throughout California and spurred a hearing in U.S. Congress.

If individual notices were sent, more customers might request a replacement card — something that could be expensive for the industry. Each replacement accounts costs about $35.

Visa and MasterCard have maintained there is little financial risk to even the most vulnerable accountholders because of their "zero liability" policies that reverse all fraudulent charges.

What's more, the chances of identity theft are minimal, Visa and MasterCard said, because Social Security numbers and home addresses weren't taken in the CardSystems breach. The theft involved customer names, account numbers and security codes, providing the tools for criminals to make bogus credit and debit cards.

In his oral ruling, Kramer criticized the consumer lawsuit for being too vague.

"We have a complex case with complex legal questions that got wrapped into a ball and rolled in here," Kramer said. "It's just not presented in a way that a court can rationally deal with at this time."

http://www.msnbc.msn.com/id/9492659/

CK3: I don't know what is wrong with this judge. If somebody stole my account information and maxxed out my credit card, I would expect Visa or Mastercard to send me the bill. It would be funny if the same judge that made the ruling fell victim to the hacker's scheme.

Gorilla · September 26th, 2005, 09:50 PM

Further proof that our legislation has yet to evolve to meet the needs of our society

Aqueelah · September 27th, 2005, 11:29 AM

Quote:

Originally Posted by charliekilothree

Judge rejects injunction request, finding no 'emergency' on data breach

SAN FRANCISCO - A California judge ruled Friday that Visa USA Inc. and MasterCard International Inc. don't have to send individual warnings to thousands of consumers whose personal account information was stolen during a high-tech heist uncovered earlier this year.

"I don't see the emergency," San Francisco Superior Court Judge Richard Kramer said in rejecting a request for a preliminary injunction against the nation's two largest credit card associations. "I don't think there is an immediate threat of irreparable injury" to consumers.

The ruling represents a setback for a pending consumer lawsuit targeting Visa and MasterCard for a computer security breakdown that occurred between August 2004 and May at CardSystems Solutions Inc., a payment processor for merchants.

The breach, initially disclosed by MasterCard three months ago, exposed up to 40 million credit and debit accounts to potential abuse. The still-unknown computer hacker grabbed enough sensitive account information to defraud at least 264,000 accountholders, according to evidence gathered in the case so far.

Although the scope of the CardSystems break-in has been generally outlined, the credit card associations haven't sent warnings to the most vulnerable customers. The preliminary injunction sought would have required the warnings be sent ahead of the actual trial, for which a date has not been set.

San Rafael, Calif., attorney Ira Rothken, who filed the lawsuit, argued Visa and MasterCard at least should be required to notify the Californians whose account information was stolen.

The notification request was made under a 2-year-old California law that has been widely copied across the country to help ensure consumers are alerted when their personal or financial information stored on a computer is lost, stolen or breached.

Rothken argued that the law will be rendered "ineffectual" if the most vulnerable customers affected by the CardSystems breach aren't warned about their exposure to fraud.

Both Visa and MasterCard argued they shouldn't be obligated to send the notices because they don't have direct relationships with the accountholders, whose cards were issued by thousands of banks that belong to the associations.

San Francisco-based Visa and Purchase, N.Y.-based MasterCard provide processing and marketing services to the banks.

Rothken contends California law requires warning notices be issued as quickly as possible so customers can take the necessary steps to protect themselves. "They (shouldn't) have to sit there and pray nothing bad happens to them," he told Kramer.

MasterCard attorney Gary Halling countered that the law's disclosure intent had already been satisfied because the mid-June press release that announced the CardSystems breach had attracted prominent media coverage throughout California and spurred a hearing in U.S. Congress.

If individual notices were sent, more customers might request a replacement card — something that could be expensive for the industry. Each replacement accounts costs about $35.

Visa and MasterCard have maintained there is little financial risk to even the most vulnerable accountholders because of their "zero liability" policies that reverse all fraudulent charges.

What's more, the chances of identity theft are minimal, Visa and MasterCard said, because Social Security numbers and home addresses weren't taken in the CardSystems breach. The theft involved customer names, account numbers and security codes, providing the tools for criminals to make bogus credit and debit cards.

In his oral ruling, Kramer criticized the consumer lawsuit for being too vague.

"We have a complex case with complex legal questions that got wrapped into a ball and rolled in here," Kramer said. "It's just not presented in a way that a court can rationally deal with at this time."

http://www.msnbc.msn.com/id/9492659/

CK3: I don't know what is wrong with this judge. If somebody stole my account information and maxxed out my credit card, I would expect Visa or Mastercard to send me the bill. It would be funny if the same judge that made the ruling fell victim to the hacker's scheme.

That's usually when most rulings get overturned and laws get passed anyway, isn't it?

One simple word describes our legislative system: Triflin'. :coffee-n-

jstrud · September 27th, 2005, 03:00 PM

Quote:

Originally Posted by charliekilothree

"I don't see the emergency," San Francisco Superior Court Judge Richard Kramer said in rejecting a request for a preliminary injunction against the nation's two largest credit card associations. "I don't think there is an immediate threat of irreparable injury" to consumers.

The ruling represents a setback for a pending consumer lawsuit targeting Visa and MasterCard for a computer security breakdown that occurred between August 2004 and May at CardSystems Solutions Inc., a payment processor for merchants.

In this case the credit card associations (Visa & MC), have at least for now have been successful in shifting much of the burden of credit protection onto the individual consumers. This should prompt consumers to be pro-active in monitoring their credit card statements for unauthorized charges.

DBlack · September 27th, 2005, 04:25 PM

They just don't get it. Still; technology and crime married with the internet opens up a whole new fronteir of vulnerabilities. If our government doesn't get a handle on technology and crime, this country will have it's economy and security severely impacted by it.