Elizabeth Banicki reports:
The Lawrence Welk Resort says a tech company disabled its computer security system, making 1,427 customers’ credit cards vulnerable to ID theft. Welk says it paid Micros Systems $100,000 for the botched job, to “ensure compliance with evolving Visa and other industry security standards,” and that Visa, for “no legitimate reason,” ordered banks to withhold $500,000 that should have gone to the resort.
The Welk Resort, a large housing development in North San Diego County, sued Visa and Micros Systems in Superior Court.
Read more about the lawsuit on Courthouse News. A copy of the lawsuit can be found here.
The lawsuit alleges that as a result of the manner in which MICROS disabled the the security, not only were customers’ credit cards vulnerable to ID theft, there were actual reports of a “limited number of unauthorized charges.” The complaint also provides a description of VISA’s operating rules, which the complaint describes as an
obfuscatory, convoluted and malleable set of Rules in order to provide itself with a legitimizing cloak for arbitrary actions intended to maximize the profits of VISA and its members to the detriment of merchants and the general public.
The complaint goes into a lot of detail about how VISA operates and the experience from the perspective of a merchant (and breached entity). Keeping in mind that a complaint is untried allegations, it still makes for interesting reading.