Restaurants file lawsuit against payment terminal vendor after identity theft

Powered by SC Magazine
 

Lack of PCI DSS compliance proves troublesome.

A group of US restaurants have filed a class action lawsuit against a point of sale vendor after customers had their identities stolen by using uncompliant terminals.

According to a report on Finextra, seven restaurants in Louisiana and Mississippi are seeking millions of dollars in damages from vendor Radiant and its distributor Computer World after hundreds of their customers had their identities stolen as a result of payments terminals that were not PCI DSS compliant.

One of the attorneys acting as a legal advisor to the restaurants in the lawsuit, Charles Hoff, said in a statement that a special investigation by the United States Secret Service found that Computer World, the exclusive area distributor of Radiant Systems' ‘Aloha' POS software, violated PCI DSS provisions.

Hoff said: “When major players in the hospitality industry such as Radiant Systems and its distributors say their software and business practices are PCI-DSS compliant, our clients trust them.

“When those claims of compliance and proper security practices turn out to be false, the restaurants are left to suffer huge financial losses due to financial penalties imposed by the credit card companies. Their reputations are tarnished. We're determined not to let Radiant and Computer World simply walk away from their responsibilities.”

The plaintiffs said that they were sold earlier model POS systems despite being told they were new. In addition, Computer World is accused of violating PCI standards by using a remote access system that did not have adequate security patches, using the same password for at least 200 operators, and failing to remove prior sensitive customer credit data upon installation of Radiant POS systems.

As a result, the lawsuit's plaintiffs are alleging that Radiant Systems' negligence and failure to either instruct or monitor Computer World's actions led to systems being compromised, leaving customers vulnerable to identity theft and fraud.

The suit also claimed that and Computer World were warned by Visa in 2007 that their programs were non-compliant, although the restaurants were not aware of this when they signed for the Aloha system.

It is seeking compensation to repay the penalties levied by the credit card companies and costs to track down and repair the POS system problems.

See original article on scmagazineuk.com

Copyright © SC Magazine, US edition


 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  26%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  22%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  25%
TOTAL VOTES: 346

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  58%
 
No
  42%
TOTAL VOTES: 144

Vote