A judge in San Francisco has thrown out a lawsuit that targeted Visa and MasterCard for a security breach at CardSystems, a payment processor. Here are some relevant quotes to make your blood sizzle:

A California judge ruled Friday that Visa and MasterCard don’t have to send individual warnings to thousands of consumers whose personal account information was stolen during a high-tech heist uncovered earlier this year.

“I don’t see the emergency,” San Francisco Superior Court Judge Richard Kramer said in rejecting a request for an order against the nation’s two largest credit card associations. “I don’t think there is an immediate threat of irreparable injury” to consumers.

The ruling represents a setback for a consumer lawsuit targeting Visa and MasterCard for a computer security Security, strength, a lower TCO: find out about all the advantages of IBM Middleware on Linux. breakdown that occurred between August 2004 and May at CardSystems Solutions, a payment processor for merchants.

He doesn’t see an emergency. Let that one sink in. He doesn’t see an emergency and he doesn’t think there’s a possibility of irreparable damage to consumers from having their credit card information stolen from a payment processing firm for the two largest credit card companies in the country. It gets worse:

Both Visa and MasterCard argued they shouldn’t be obligated to send the notices because they don’t have direct relationships with the account holders, whose cards were issued by thousands of banks that belong to the associations.

So Visa and Mastercard both don’t have direct relationships with me, the consumer. I’m sorry, but if you’re passing transactions with my name on them through your systems, that’s direct enough for me. If you contract out the idiots who can’t keep their data safe, that’s direct enough for me. And if you contract someone out who’s retaining data they shouldn’t be, that’s direct enough for me.

Just for a refresher, CardSystems processes card transactions for MasterCard and Visa. The breach in question occured when data that was stored at CardSystems was stolen from their servers. The clincher is that CardSystems was never supposed to have this information beyond the point of the transaction. In fact, they’re supposed to purge their systems after the transaction and not keep any records of it.

They didn’t. And because of it, thousands of cardholders had their information exposed.

This judge seems to think, however, that the information doesn’t present a real problem, and agrees with the card companies that a press release is good enough. The card companies also panicked that…

If individual notices were sent, more customers might request a replacement card — something that could be expensive for the industry. Each replacement account costs about US$35.

So… To recap… A card company’s transaction processing firm screws up and Mastercard and Visa, who don’t have a direct relationship with you despite having all your information, don’t want to cop to the mistake because it’s expensive to fix it. Can you imagine if everyone had that mentality?

In his oral ruling, Kramer criticized the consumer lawsuit for being too vague.

“We have a complex case with complex legal questions that got wrapped into a ball and rolled in here,” Kramer said. “It’s just not presented in a way that a court can rationally deal with at this time.”

Sure. Whatever. This definitely couldn’t have been dealt with. At least not when you have a judge who seems to think stealing credit cards is okay. Hey judge… Why don’t you leave your cards taped to the front of the bench so everyone can read the numbers? I mean, since it’s not a big problem and all, and you have nothing to worry about in the end…

Source: Technews World via Dvorak