The Spokesman-Review Newspaper
The Spokesman-Review Newspaper The Spokesman-Review
Spokane, Washington  Est. May 19, 1883
Current Temperature
35°F
Current Conditions
Clear sky
View complete weather report
Subscribe now

Credit card action tests consumer law

Associated Press

SAN FRANCISCO — Testing the bounds of consumer protection laws, Visa USA Inc. and MasterCard International Inc. are headed for court to determine whether they are obliged to notify 264,000 customers that a computer hacker stole their account information.

The dispute to be argued today in San Francisco County Superior Court revolves around a highly publicized security breakdown at CardSystems Solutions Inc., one of the nation’s largest payment processors.

Although a ruling in the class-action consumer lawsuit wouldn’t have legal standing outside the state, it would increase the pressure on Visa and MasterCard to notify all affected accountholders in this and any future breaches.

That would compound the headaches that the CardSystems imbroglio already has caused.

The breach, initially disclosed by MasterCard three months ago, exposed up to 40 million credit and debit card accounts to potential abuse between August 2004 and May 2005.

It’s the largest of more than 70 consumer information security breaches reported in the past seven months, according to the Privacy Rights Clearinghouse.

Although the scope of the CardSystems break-in has been generally outlined, the credit card associations haven’t sent warnings to the most vulnerable customers.

San Francisco-based Visa and Purchase, N.Y.-based MasterCard maintain that responsibility should fall to the myriad banks that administer the accounts because neither credit card association has direct relationships with the affected customers.

Both Visa and MasterCard provide processing and marketing services to thousands of banks nationwide. It’s a profitable endeavor. MasterCard’s parent company earned $213.5 million on revenue of $1.4 billion during the first half of this year, according to documents filed in preparation for an initial public offering of stock. Visa doesn’t disclose its profit.

Internal investigations have determined that the still-unknown thief grabbed enough sensitive details from CardSystems to defraud about 264,000 Visa and MasterCard accountholders nationwide, according to evidence gathered in the lawsuit, which was filed by San Rafael, Calif., attorney Ira Rothken.

No home addresses or Social Security numbers were stolen in the CardSystems breach, minimizing the risk for identity theft. But the hacking obtained customer names, account numbers and security codes that could be used to create bogus credit and debit cards.

The lawsuit seeks a court order requiring Visa and MasterCard to warn each Californian whose information was compromised.