Visa, MasterCard win court case
By Michael Liedtke
Associated Press
SAN FRANCISCO — A California judge ruled yesterday that Visa USA Inc. and MasterCard International Inc. don't have to send individual warnings to thousands of consumers whose personal account information was stolen during a high-tech heist uncovered earlier this year.
"I don't see the emergency," San Francisco Superior Court Judge Richard Kramer said in rejecting a request for an order against the nation's two largest credit card associations. "I don't think there is an immediate threat of irreparable injury" to consumers.
The ruling represents a setback for a consumer lawsuit targeting Visa and MasterCard for a computer security breakdown that occurred between August 2004 and May at CardSystems Solutions Inc., a payment processor for merchants.
The breach, initially disclosed by MasterCard three months ago, exposed up to 40 million credit and debit accounts to potential abuse. The still-unknown computer hacker grabbed enough sensitive account information to defraud at least 264,000 accountholders, according to evidence gathered in the case so far.
Although the scope of the CardSystems break-in has been generally outlined, the credit card associations haven't sent warnings to the most vulnerable customers.
San Rafael, Calif., attorney Ira Rothken, who filed the lawsuit, argued Visa and MasterCard at least should be required to notify the Californians whose account information was stolen.
The notification request was made under a 2-year-old California law that has been widely copied across the country to help ensure consumers are alerted when their personal or financial information stored on a computer is lost, stolen or breached.
Rothken argued that the law will be rendered "ineffectual" if the most vulnerable customers affected by the CardSystems breach aren't warned about their exposure to fraud.
Both Visa and MasterCard argued they shouldn't be obligated to send the notices because they don't have direct relationships with the accountholders.
San Francisco-based Visa and Purchase, N.Y.-based MasterCard provide processing and marketing services to the banks.
Rothken contends California law requires warning notices be issued as quickly as possible so customers can take the necessary steps to protect themselves. "They (shouldn't) have to sit there and pray nothing bad happens to them," he told Kramer.
MasterCard attorney Gary Halling countered that the law's disclosure intent had already been satisfied because the mid-June press release that announced the CardSystems breach had attracted prominent media coverage throughout California and spurred a hearing in U.S. Congress.
If individual notices were sent, more customers might request a replacement card — something that could be expensive for the industry. Each replacement account costs about $35.