CardForum | PCI COMPLIANCE MAY BENEFIT BREACH-SUIT DEFENDANTS
PCI COMPLIANCE MAY BENEFIT BREACH-SUIT DEFENDANTSReported compliance with the Payment Card Industry Data Security Standard could help Heartland Payment Systems Inc. defend itself against class-action lawsuits filed in the aftermath of its reported card-data breach, according to Ronald Mann, a professor of law and co-chair of the Charles E. Gerber Transactional Studies Program at Columbia Law School.
Since Heartland announced the breach Jan. 20 (CardLine, 1/20), consumers have filed at least three lawsuits alleging the Princeton, N.J.-based merchant processor violated the Fair Credit Reporting Act and a variety of state data-breach notification and consumer-protection laws (CardLine, 1/29).
Plaintiffs could have difficulty proving the breach harmed them, given that, besides some cardholder names, the only breached information appears to have been card data, Mann says. Clearing fraudulent transactions from a card account can be a hassle for consumers, but issuers tend to cancel cards or reimburse cardholders for fraudulent transactions, he says. "In previous litigation in this area, class-action suits against the hacked merchant have suffered from the problem that the likelihood of identity theft or of substantial harm depends a great deal on the particular circumstances of the victims and of their card issuers," Mann says.
0 comments