When it Comes to Merchant Liability, Bogart Is Spot On

August 1, 2017 at 9:36 am Leave a comment

Don’t let a string of high-profile settlements fool you: Like Rick in Casablanca,  your credit union is contractually bound with all the gin joints in all the towns in all the world that your member comes into this Summer; at least if she uses  a credit card  you issued her.

This means that your credit union’s ability to recover for losses suffered as  a result of a data breach caused by merchant malfeasance remains fundamentally limited:  It is  dependent on a patchwork of state laws and legal nuances. This is not a new development. But every so often a case pops up that demonstrates yet again why Congress needs to impose national data protection standards on merchants.

The latest example is SELCO COMMUNITY CREDIT UNION, v. NOODLES & COMPANY, Defendant., No. 16-CV-02247-RBJ, 2017 WL 3116335, (D. Colo. July 21, 2017).   The case involves  a group of credit unions that sued Noodles & Company for negligence after  members were allegedly  victimized by a data breach. The credit unions contended that the restaurant failed to upgrade so that it could accept chip card technology and failed to comply with standard industry data protection baselines such as the PCI Standards.

Nevertheless their lawsuit was dismissed last week. By accepting and issuing Visa and MasterCard the  restaurant chain and credit unions agreed to  abide by Visa and MasterCard  network rules, including those spelling out the  remedies available  to card issuers when a merchant is accused of negligence.  No lawsuit for negligence allowed.

There are exceptions to this rule.  For example, Minnesota has a law giving banks and credit unions the right to sue merchants for their negligent card practices and some states give businesses greater flexibility than others to sue each other for negligence resulting in economic harm.  But that still leaves issuers with too much uncertainty when it comes to figuring out  their plastic costs and provides too few incentives for merchants to adequately protect debit and credit cards from cyber criminals.

Entry filed under: Legal Watch. Tags: .

Is Wells Fargo The Citizen Kane of Banking ? Account Screening Protocols Under The Microscope

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


Authored By:

Henry Meier, Esq., General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 453 other followers

Archives