Posted on May 2nd, 2009 by David Navetta InfoSecCompliance.com The last two plaintiff-banks still breathing after 1st Circuit Appeal
Little know (or at least discussed) fact: despite announcing settlements with VISA and Mastercard in 2007, the TJX data security litigation is still going. In fact most of the issuing banks impacted by the TJX breach are no longer pursuing TJX and/or have settled via VISA and Mastercard dispute resolution processes.
However, two financial institutions (Amerifirst Bank and SELCO Community Credit Union - hereinafter “Issuing Banks” or plaintiffs) have pressed forward with an appeal of various dismissals and class certification motions to the U.S Court of Appeals for the First Circuit (the “Appellate Court”). The 1st Circuit’s opinion sheds some more (high level) light on the liability risk of payment card data breach security cases. Ultimately, the Appellate Court allowed three theories of liability to proceed, including a previously dismissed theory alleging that TJX’s inadequate security amounted to an unfair business practices under Massachusetts’s unfair and deceptive business practices law.
The main issue on appeal was the ruling on a motion to dismiss by the U.S District Court for the District of Massachusetts (the “District Court”). TJX and Fifth Third Bank (TJX’s merchant bank; collectively referred to as “defendants”) had asked the District Court to dismiss all of the counts alleged in the Issuing Bank’s complaint, including: (1) negligence; (2) breach of contract; (3) negligent misrepresentation; and (4) unfair or deceptive business practices under chapter 93A (Massachusetts’s consumer fraud statute). The District Court dismissed the negligence and breach of contract claim, but allowed the negligent misrepresentation claim and the 93A claim (which was based on negligent misrepresentation) to proceed.
Negligent Misrepresentation
The Appellate Court ultimately refused to dismiss the plaintiff’s negligent misrepresentation claim. However, the Court took a different path than the District Court. First, the court noted that the plaintiffs were not alleging any actual misrepresentation, but rather the plaintiff’s “negligent misrepresentation” was based purely on the defendants’ conduct in performing credit card transactions (in fact, the Appellate Court also referenced the defendants’ conduct in the form of entering contracts requiring certain credit card security measures). While conduct can be part of a misrepresentation, the link between the conduct and the implication must be “tight.” This link may be established by a combination of words and conduct concerning the alleged misrepresentation.
Find out how our patented technology can empower your financial institution.
Our secure two-factor online banking authentication eliminates dangerous passwords and usernames and replicates the same trusted process used to access cash at ATM's. (Insert Bank Issued Card, Enter Bank Issued PIN)
There is an R.O.I. as FI's also earn recurring revenue from each transaction conducted using our PCI 2.0 Certified PIN Entry Device. Our technology also provides a unique real-time P2P "Instant-Transfer" which allows your online banking customer to transfer cash from ANY of their bankcards to ANY other bankcard...with the Swipe of a card.
Help your bank eliminate phishing and your customers avoid identity theft by providing them with the ability to stop typing and start swiping. There is no safer way to conduct financial transactions online than by 3DES DUKPT encrypting the cardholder details, which we do at the mag-head "inside the box/outside the browser."
The main issue on appeal was the ruling on a motion to dismiss by the U.S District Court for the District of Massachusetts (the “District Court”). TJX and Fifth Third Bank (TJX’s merchant bank; collectively referred to as “defendants”) had asked the District Court to dismiss all of the counts alleged in the Issuing Bank’s complaint, including: (1) negligence; (2) breach of contract; (3) negligent misrepresentation; and (4) unfair or deceptive business practices under chapter 93A (Massachusetts’s consumer fraud statute). The District Court dismissed the negligence and breach of contract claim, but allowed the negligent misrepresentation claim and the 93A claim (which was based on negligent misrepresentation) to proceed.
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_ur_xv7UJNMEQmPfYubcBcB0XsVBb6aTnOf21UHeJyOuQH9gxqGMx3P-oIP4I57irROQEqVN-EWlnL1vIYfo6Zj-MGSp-5CxnPbOjyZUnng40sK8R68YxXB3ICm0fPbG84F_FqZmVUYLjPZlkYlsZag=s0-d)
0 comments