Gregory Bautista and Melissa Ventrone of Wilson Elser write:
On January 15, 2015, the U.S. District Court for the Eastern District of Missouri ruled that fees, assessments and costs imposed by the credit card brands on Schnuck Markets, Inc. (Schnuck), a grocery chain estimated to have had 2.4 million customers’ credit and debit card information compromised by a malware attack on its point-of-sale system, were contractually limited to $500,000. Schnuck Markets, Inc. v. First Data Merchant Data Services Corp and Citicorp Payment Services, Inc., No. 4:13-CV-2226 (E.D. Mo. January 15, 2015). In its opinion, the Court ruled that Schnuck’s payments processor, First Data Merchant Services Corp. (First Data), and its acquiring bank, Citicorp Payment Services, Inc. (Citicorp), were contractually obligated for any assessments from the card brands in excess of $500,000 in connection with the security incident.
Read more on JDSupra.