San Francisco – Testing the bounds of consumer-protection laws, Visa USA Inc. and MasterCard International Inc. are headed for court to determine whether they are obliged to notify 264,000 customers that a computer hacker stole their account information.
The dispute, to be argued today in San Francisco County Superior Court, revolves around a highly publicized security breakdown at Card Systems Solutions Inc., one of the nation’s largest payment processors.
Although a ruling in the class-action consumer lawsuit wouldn’t have legal standing outside the state, it would increase the pressure on Visa and MasterCard to notify all affected account holders in this and any future breaches.
That would compound the headaches the Card Systems imbroglio already has caused.
The breach, initially disclosed by MasterCard three months ago, exposed up to 40 million credit- and debit- card accounts to potential abuse between August 2004 and May.
It’s the largest of more than 70 consumer-information security breaches reported in the past seven months, according to the Privacy Rights Clearinghouse.
Although the scope of the CardSystems break-in has been generally outlined, the credit-card associations haven’t sent warnings to the most vulnerable customers.
San Francisco-based Visa and Purchase, N.Y.-based MasterCard maintain that responsibility should fall to the myriad banks that administer the accounts.
The hacking obtained customer names, account numbers and security codes that could be used to create bogus credit and debit cards.
