updated 9/28/2005 1:09:43 PM ET 2005-09-28T17:09:43

A California judge ruled Friday that Visa USA Inc. and MasterCard International Inc. don't have to send individual warnings to thousands of consumers whose personal account information was stolen during a high-tech heist uncovered earlier this year.

"I don't see the emergency," San Francisco Superior Court Judge Richard Kramer said in rejecting a request for a preliminary injunction against the nation's two largest credit card associations. "I don't think there is an immediate threat of irreparable injury" to consumers.

The ruling represents a setback for a pending consumer lawsuit targeting Visa and MasterCard for a computer security breakdown that occurred between August 2004 and May at CardSystems Solutions Inc., a payment processor for merchants.

The breach, initially disclosed by MasterCard three months ago, exposed up to 40 million credit and debit accounts to potential abuse. The still-unknown computer hacker grabbed enough sensitive account information to defraud at least 264,000 accountholders, according to evidence gathered in the case so far.

Although the scope of the CardSystems break-in has been generally outlined, the credit card associations haven't sent warnings to the most vulnerable customers. The preliminary injunction sought would have required the warnings be sent ahead of the actual trial, for which a date has not been set.

San Rafael, Calif., attorney Ira Rothken, who filed the lawsuit, argued Visa and MasterCard at least should be required to notify the Californians whose account information was stolen.

The notification request was made under a 2-year-old California law that has been widely copied across the country to help ensure consumers are alerted when their personal or financial information stored on a computer is lost, stolen or breached.

Rothken argued that the law will be rendered "ineffectual" if the most vulnerable customers affected by the CardSystems breach aren't warned about their exposure to fraud.

Both Visa and MasterCard argued they shouldn't be obligated to send the notices because they don't have direct relationships with the accountholders, whose cards were issued by thousands of banks that belong to the associations.

San Francisco-based Visa and Purchase, N.Y.-based MasterCard provide processing and marketing services to the banks.

Rothken contends California law requires warning notices be issued as quickly as possible so customers can take the necessary steps to protect themselves. "They (shouldn't) have to sit there and pray nothing bad happens to them," he told Kramer.

MasterCard attorney Gary Halling countered that the law's disclosure intent had already been satisfied because the mid-June press release that announced the CardSystems breach had attracted prominent media coverage throughout California and spurred a hearing in U.S. Congress.

If individual notices were sent, more customers might request a replacement card — something that could be expensive for the industry. Each replacement accounts costs about $35.

Visa and MasterCard have maintained there is little financial risk to even the most vulnerable accountholders because of their "zero liability" policies that reverse all fraudulent charges.

What's more, the chances of identity theft are minimal, Visa and MasterCard said, because Social Security numbers and home addresses weren't taken in the CardSystems breach. The theft involved customer names, account numbers and security codes, providing the tools for criminals to make bogus credit and debit cards.

In his oral ruling, Kramer criticized the consumer lawsuit for being too vague.

"We have a complex case with complex legal questions that got wrapped into a ball and rolled in here," Kramer said. "It's just not presented in a way that a court can rationally deal with at this time."

Copyright 2005 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Discuss:

Discussion comments

,

Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments