Clicky

Header graphic for print
InfoLawGroup privacy. security. technology. media. advertising. intellectual property.

Security Assessor Sued in CardSystems Breach: Merrick Bank v. Savvis

Posted in Breach Notice, Payment Card Breach Laws, PCI, Plastic Card Protection Laws, Pleadings

I had missed the original filing of this complaint, but have now been able to obtain a copy of it.  Essentially a lawsuit by a bank against Savvis for allegedly making a mistake in certifying CardSystems as CISP compliant.  The complaint alleges $16 milion in damages, which essentially are the amounts that Merrick (acquiring bank) paid to the various card associations to satisfy claims by issuing banks arising out of the CardSystems breach. The compliant was filed in May 2008, so it is somewhat odd that news outlets are just now reporting it.

  • http://infoseccompliance.com/2009/06/03/merrick-bank-v-savvis-analysis-of-the-merrick-bank-complaint/ InfoSecCompliance.com – Technology, Privacy and Security Law & Risk Management » Blog Archive » Merrick Bank v. Savvis: Analysis of the Merrick Bank Complaint