SAN FRANCISCO, CA – CardSystems Solutions, MasterCard, Visa, and Merrick Bank found themselves on the receiving end of a class action suit filed on behalf of millions of credit card holders and card-accepting merchants on June 27, 2005.This latest, amended complaint, filed in San Francisco’s California Supreme Court, claims that the companies violated California law both by not securing their credit card systems and by not promptly informing customers of a security breach at CardSystems that was eventually announced publicly on June 17 by MasterCard. Further, it accuses MasterCard, Visa, and Merrick Bank of knowing that CardSystems had failed its security audits and did not comply with industry security standards, yet allowed the company to continue processing transactions. Although information concerning 40 million credit cards was revealed to intruders and records concerning 200,000 cards may have been transferred out of the CardSystems’ network, credit card companies have insisted that they had no obligation to notify their customers unless the accounts were actually misused.

Without notification of card holders, cards that are still active could be used by criminals, placing innocent consumers at credit rating risk even if they do not ultimately need to pay for unauthorized purchases. Retailers that unwittingly process fraudulent charges on these compromised accounts will be left with no alternative but to cover their financial losses.

The original suit listed Eric Parke, who held a number of MasterCard and Visa credit cards, and Royal Sleep Clearance Center as plaintiffs seeking to represent classes of consumers and merchants. The suit has expanded to specifically name a third plaintiff, Andrew Schultz, and now demands monetary damages be paid to affected consumers and merchants whose information was compromised and exposed by the security violation. Additionally, it requests that those who qualify for involvement in the class action suit be informed about the situation, be given access to a credit-card monitoring service, and have any charge-back penalties waived for fraudulent transactions associated with the security breach. A list of 200 unnamed defendants is included in the suit to allow for additional names in case it becomes necessary to expand the scope of the suit.