Court Rules For Visa, MasterCard In CardBreach

SAN FRANCISCO - (09/26/05) – A state judge ruled Friday thatVisa USA and MasterCard International don’t have to sendindividual warnings to hundreds of thousands of cardholders whosepersonal information was stolen from a third-party processorearlier this year. The ruling represents a setback for consumerswho are suing the two card giants over last year’s securitybreach at CardSystems Solutions, during which data from anestimated 40 million consumers was stolen. As many as 264,000accounts have been breached because of the situation. Both Visa andMasterCard argued they shouldn’t have to notify cardholdersbecause they don’t have direct relationships with thecardholders, whose cards are issued by thousands of credit unionsand banks. Both card associations insisted there is littlefinancial risk to cardholders because of their ‘zeroliability’ policies that reverse all fraudulent charges.Meantime, CardSystems, which has been left on the bring ofinsolvency after Visa and MasterCard threatened to fire them forthe breach, said it has agreed to sell its assets to CyberSourceCorp., of Mountain View, Calif.