The Green Sheet Online Edition
November 12, 2012 • Issue 12:11:01
Cisero's amends counterclaim in Elavon case
A recent ruling in the US Bank and Elavon Inc. v. Cisero's Ristorante Inc. litigation is seen by Cisero's as a positive development in the lawsuit plaintiffs filed in 2010 to collect data breach fines from the restaurant.
The action, filed with the Third District Court of Utah, is an attempt to recover more than $82,000 in penalties imposed on Cisero's after a 2008 card company investigation deduced data stolen from cards used at Cisero's resulted in $1.26 million in fraud losses.
In a 2011 counterclaim, Cisero's argued that plaintiffs US Bank and Elavon - Cisero's acquiring bank and processor, respectively - owed it duties that were independent of the parties' merchant services agreement and that said duties were not fulfilled. It also argued that the contract was an unfair contract of adhesion; as a result, the merchant services contract is not enforceable, and Cisero's should not have to pay data breach fines sought by the plaintiffs.
In a September 2012 ruling, Judge Todd Shaughnessy ruled that Cisero's could amend its counterclaim to "more particularly identify the independent duties it contends US Bank owed it." Days later, Cisero's submitted its amended counterclaim.
The Cisero's merchant contract allows the restaurant to be fined if it is determined, as it was by Visa Inc. and MasterCard Worldwide in this case, that the restaurant's POS system was not in compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) at the time of the alleged data thefts.
The Cisero's counterclaim
In its original counterclaim, Cisero's said its merchant contract is an unfair contract of adhesion because the plaintiffs' services were so critical to the restaurant's success that Cisero's had little choice but to accept the plaintiffs' terms. Cisero's also noted that when it signed the contract, the contract's terms were not negotiable, Visa rules were not available to merchants and the PCI DSS had not yet been adopted.
The counterclaim also stated that after an investigation concluded Cisero's was the source of the data breach, Elavon accepted card company fines and passed them on to the restaurant without giving Cisero's the chance to defend itself or challenge the assessments. Cisero's said two independent forensic exams of its POS system found no evidence its terminals had been breached.
In addition, Cisero's asserted that because US Bank and Elavon had a much better knowledge of the card companies and their rules, they had a duty independent of the merchant agreement to ensure the restaurant had access to a full hearing process.
Principles at issue
In its amended counterclaim, Cisero's listed the duties allegedly owed it by the plaintiffs. Among them are the duty to:
- Warn Cisero's its system may not have been in compliance with the PCI DSS and was vulnerable to data theft
- See that Cicero's was in compliance with the PCI DSS
- Disclose known defects in the restaurant's POS system
- Disclose "material facts" about network rules and security standards
- Inform Cisero's of its right to appeal and challenge fines in a timely manner
- Help Cisero's get a fair hearing and ensure it was neither unjustly nor arbitrarily fined
Constantine Cannon LLP, which represents Cisero's, was the lead firm in a class-action antitrust claim brought by a group of national retailers that resulted in a $3 billion settlement with Visa and MasterCard in 2003.
After the ruling in favor of Cisero's, Steve Cannon, Chairman of Constantine Cannon, told The Green Sheet, "I believe these are very important principles at issue here. This goes to the basic issues in the merchant acquiring world. We think the indemnification power of the contract is void."
US Bank and Elavon did not reply to a request for comment. For more background on this case, see "Elavon versus Cisero's dispute could have major repercussions," The Green Sheet, Feb. 13, 2012, issue 12:02:01.
For additional news stories, please visit www.greensheet.com and click on "Read the Entire Story" in the center column below the latest news story excerpt. This will take you to the full text of that story, followed by all other news stories posted online.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.