SAN FRANCISCO, CA – In a case that will test the limits of consumer-protection laws, MasterCard International Inc. and Visa USA Inc. are headed to San Francisco Superior Court to assess whether the companies are obligated to notify more than a quarter million customers that a hacker accessed their account information.The lawsuit, which was filed by California attorney Ira Rothken, has its roots in a much-publicized security lapse at CardSystems Solutions Inc. The suit seeks a court order requiring the credit card giants to notify each Californian whose account was compromised. Rothken is seeking the order under a state law that requires notification be made to consumers whenever personal information stored on computers is stolen, lost, or otherwise breached.

Even though a ruling in the class-action lawsuit won’t have legal standing outside the state of California, it could serve to ratchet up the public pressure on MasterCard and Visa to notify affected account holders of any future breaches.

Both Visa and MasterCard argue that there’s little chance that the affected consumers will lose any money due to the breach, because of their long-standing policies to reverse any and all fraudulent transactions. MasterCard spokeswoman Sharon Gamsin said such a “zero liability” policy reduces the need to alert individual customers about fraud risks.

An internal investigation determined that the unknown hacker accessed enough data from CardSystems to defraud approximately 260,000 MasterCard and Visa cardholders across the country, according to evidence presented in the lawsuit. No Social Security numbers or home addresses were stolen in the breach, which serves to minimize the risk for identity theft, but the data obtained by the hacker could be used to create functioning but fraudulent debit and credit cards.

In a statement issued by the company, Visa said it is satisfied with its current anti-fraud measures, and both representatives of both companies have expressed concerned that the opposite message could be communicated if they are ordered by the court to warn individual customers.

“Such an order would harm the banks’ goodwill because some customers would certainly be confused by the notice and believe the issuing banks were somehow to blame for the security breach,” counsel for Visa argued in their brief.

The anti-fraud measures and zero-liability promises don’t satisfy consumers who are joined in the case, however. In his sworn declaration, Eric Parke, a resident of Marin County who is representing consumer interests in the suit, said he has been worrying about his fraud exposure since the CardSystems story first hit the news.

“I do not think it’s fair for … me to have to look through cryptic credit card statements with (an) eye toward forensically determining if fraud was committed … when Visa and MasterCard can just tell me if my data was compromised,” said Parke.