Last week, the Eighth Circuit Court of Appeals reversed the approval regarding the settlement class in a consumer class action arising from Target Corporation’s 2013 data breach.
The CFPB’s wide-ranging jurisdiction over the consumer financial industry has had banks and credit unions worried about potential punishment and fines for years. Up until this point, the vast majority of their enforcements have focused around credit card policies, lending and debt collection. But this summer’s enforcement against payment processor Intercept Corp. is the agency’s second big lawsuit against an entity for ignoring “clear signs of brazen fraud,” sending a clear signal that turning a blind eye to these practices is unacceptable.
The aftermath of headline-grabbing data breaches at deep-pocketed retailers is almost always characterized by litigants of all sizes lining up to seek reparation for their legal injuries. These litigants can come in the form of disgruntled financial institutions, who demand compensation for breach-related expenses, or unhappy consumers who have suffered from theft of personal/ financial information and unauthorized charges on their accounts. Although consumer class-action lawsuits are a dime a dozen, they typically do not fare well in court, as courts generally conclude that their losses are covered in full by banks. On the other hand, financial institutions have a much easier time proving the costs associated with data breaches, such as card reissuance and reimbursement on fraudulent transactions. Follow along as we discuss the most recent data breach lawsuits including Target, Home Depot, and Wendy’s, and their effect on consumers, financial institutions, and retailers.
The landscape of fraud between 2015 to 2016 is best characterized as uncertain and dynamic. As government institutions such as the CFPB and FFIEC begin to play a bigger role in cybersecurity regulation, it has yet to be seen what data security protocols will be required of financial institutions. Also, pending legislation in Congress surrounding data security has the potential to determine federal standards of information security for merchants. Finally, with back-and-forth lawsuits between retailers, payment card networks, and issuers over disputes regarding EMV compliance and liability shift, nobody is exactly sure who will come out on top.
At Rippleshot, we understand how difficult it can be to juggle so many moving parts and develop actionable insights from them. That’s why we created a timeline for you to get up to speed on recent developments in card fraud and payments security.
Yesterday, news broke that supermarket chain Kroger had filed a lawsuit against Visa due to disagreements over chip and PIN transactions. If this is starting to feel like an echo chamber, it’s because Kroger is far from being the first merchant to sue a card network over the EMV conversion. In March, a small grocery chain and liquor store in Florida filed an antitrust lawsuit against all four card networks and a dozen banks. This was followed by Wal-Mart filing a lawsuit against Visa in May, and Home Depot filing one of their own against Visa and MasterCard in mid-June. What’s the issue behind all of this litigation? Follow along as we break each one down.
A fiery debate has resurfaced between financial institutions, merchants, and consumer groups regarding the Data Security Act of 2015. The bipartisan bill introduced to Congress as H.R. 2205 by Representatives Randy Neugebauer and John Carney on May 1st, 2015 explicitly states two purposes: “to establish strong and uniform national data security and breach notification standards for electronic data” and “to expressly preempt any related State laws in order to provide the Federal Trade commission with authority to enforce such standards for entities covered under this Act.”
In 2013, the Target data breach had everyone from consumers, businesses, financial institutions and those who sit somewhere in-between, trying to navigate following a catastrophic data theft. Consumers frustrated by the retailer’s data security standards attempted to bring Target to justice through class action lawsuits. However, a recent court ruling has made it much easier for organizations that suffer a data breach to be sued by affected customers. Up until late July, breached companies were able to use a legal rule to shield them from potential damages related to class action lawsuits.
Since we last covered the Target lawsuit, we saw a potential $19 million settlement brought to the table by Mastercard, which was defeated by their issuing banks in May. The settlement would have forced an end to the class-action litigation, which is now moving forward, in parallel with MasterCard’s attempt to renegotiate their settlement deal. Late last week, the banks involved in the lawsuit filed a request with the U.S. District Court of Minnesota to unseal some documents that until now, Target has been attempting to keep classified as confidential.
While we’ve been busy keeping a close eye on the happenings of the Target lawsuit, issuers have filed another one - this time against Home Depot and the data breach that occured over the summer of 2014 and exposed 56 million payment cards.
Falling in line with Target, there are two lawsuit tracks - consumer and issuers. Now that both have been formally filed with the United States District Court in Georgia, follow along as we take a deep dive into the complaints and claims listed.
At last count, 140 lawsuits were filed against Target in the wake of the massive data breach that exposed credit and debit card payment information for tens of millions of consumers in late 2013. If your head is spinning at the thought of how this will all be handled and what it means for payment security, you’re not alone. Follow along as we take a deep dive.