Financial institutions suing merchants over data breaches is starting to become common place. Just this last week, as reported in Credit Union Times, First Choice FCU took Wendy’s to court in a class action suit over card data stolen through malware that was present on the restaurant chain’s POS devices and captured magnetic stripe data:
With that data, unknown perpetrators were able to make hundreds of thousands or even millions of fraudulent undetected purchases on credit and debit cards that had been issued by plaintiff and members of the class,” First Choice said in its complaint.
The breach resulted in the credit union and thousands of other card issuers having to cancel and reissue compromised cards, change or close accounts, notify cardholders about the compromise, investigate claims of fraudulent activity, increase fraud monitoring activities, as well as reimburse cardholders for fraudulent charges, according to First Choice, which is headquartered in New Castle, Penn.
Issuers use to accept a per card payment from merchants distributed by the global networks to help cover costs of reissuance after events like this. With the breadth of compromises of late, financial institutions are no longer happy with a couple of dollars a card repayment and are taking merchants, who they believe have been negligent in managing the security of their systems to court to extract higher damages:
The suit also claims that, among other things, Wendy’s failed to delete cardholder information from its systems after authorizing transactions, failed to protect against malware and viruses, didn’t have an adequate firewall, didn’t limit or track access to the card data, failed to disclose the breach in a timely manner and didn’t convert to EMV. First Choice also alleged the POS systems at Wendy’s were out of date.
The credit union said the hackers specifically targeted and drained debit accounts with large amounts of money in them, concentrating the damages and causing individual financial institutions to suffer losses greater than what was experienced after the Home Depot or Target data breaches.
Overview by Sarah Grotta, Director, Debit Advisory Service at Mercator Advisory Group
Read the full story here