Recent class action lawsuits against MAPCO Express, a convenience store chain, and Schnuck Markets, Inc., a St. Louis-based grocery store chain, illustrate a growing trend in lawsuits against retailers for failure to adequately protect consumer credit card information.  In the case of MAPCO Express, according to a press release issued by the company on May 6, 2013, hackers used malware to access its payment card processing systems throughout periods in March and April, 2013.  All 377 of the MAPCO Express convenience stores are said to have possibly been affected.  Three class action suits were commenced in the wake of the security breach, alleging millions in damages.  Schnuck Markets is also in litigation as a result of its network being attached by a computer code designed to secure payment card details. These lawsuits were brought on behalf of consumers but it is expected that banks may soon join the mix as well to recover the substantial costs in remedying fraudulent transactions for their customers.  Banks feel retailers are not doing enough to protect cardholder information, according to one recent blog post found on  ( ).

The industry standard for data security appears to be the Payment Card Industry Data Security Standard (“PCI”) set forth by the Security Standards Council.  According to the Security Standards Council’s website, the PCI provides a framework for creating a data security process to prevent and detect incidents.  In order to participate in the PCI program, the Security Standards Council requires a fee of $3,500, which gets you the minimum participation.  The fees only increase from there, quickly totaling in the tens of thousands for added certifications and encryption programs.

For more information about the PCI and the Security Standards Council go to

For information regarding the MAPCO Express or Schnuck’s Market lawsuits, visit:


In a case against JCPenney pending in federal District Court in Pennsylvania, the court ruled that retailer telephone systems that have the ability to automatically dial and send text messages violate the Telephone Consumer Protection Act (the “Act”).  The Act prohibits the use of telephone systems that use automated dialers to randomly dial telephone numbers, except for emergency purposes.  U.S. District Judge Irma E. Gonzalez opining that the Act states an automatic telephone dialing system “need not actually store, produce or call randomly or sequentially generated telephone numbers.  It need only have the capacity to do it.”  This decision stands to expose retailers to potential liability if their telephone equipment has thecapacity to randomly or sequentially dial telephone numbers, regardless of whether such a feature is actually used.  In this case, the customer actually gave her cell phone number to JCPenney and agreed to be contacted by JCPenney at that number.  Still, the court allowed the case to survive JCPenney’s motion to dismiss based on the Act.

Other retailers like Papa Johns and WalMart has been similarly subjected to litigation surrounding their use of customer telephone numbers, however, in those cases the issue was whether the customer gave knowing consent to the use of his or her telephone number and whether that consent extended to text messages; not whether their telephone systems violated the Act.

For more information, visit:


The Massachusetts Supreme Court recently determined customer zip codes are “personal identification information” and that retailers are prohibited from collecting this information during credit card transactions.  Retailers collecting customer zip codes and selling the information or using the information to send unsolicited marketing materials are particularly vulnerable.  The class action lawsuit before the Massachusetts Supreme Court was against Michaels Stores, Inc. (“Michaels”).  The plaintiff (and other class members) alleged Michaels used her name and zip code to find her address and telephone number and sent unsolicited marketing materials.  Massachusetts law prohibits retailers from collecting any “personal identification information” in credit card transactions beyond that which is required by the credit card issuer. (See Massachusetts General Laws Ch. 93, Sec. 105(a)).  The court found that the purpose of the law is to protect against invasion into consumer privacy by merchants and operates to bar retailers from collecting personal identification information, which now includes zip codes.

This decision has already led to lawsuits against Williams Sonoma and Restoration Hardware in Massachusetts.  The Supreme Court of California similarly held in 2011 that retailers are barred from collecting customer zip codes in credit card transactions.  For more information about California’s law visit:


Plaintiff filed a slip and fall action against a hospital and housekeeping contractor and allegedly suffered serious injuries.facebook

The hospital claims that plaintiff’s public Facebook page contained post-incident pictures undermining the seriousness of her injuries.  Plaintiff contended the pictures were taken before the incident.

The Pennsylvania state court ordered that a “neutral expert” download and review plaintiff’s private Facebook account for a 17-day period after the alleged fall to determine whether the pictures or other evidence shed light on the seriousness of the injury.  Defendants had to pay the expert.

This approach is similar to an in camera inspection that is typically employed by judges.  But it is a good, balanced approach to allow discovery while protecting a party’s confidences.


The National Insurance Crime Bureau (NICB) has issued its annual report of questionable claims in the United States.  Questionable claims are those claims that NICB member insurance companies refer to NICB for closer review and investigation based on one or more indicators of possible fraud.  Questionable claims have increased each year over the last three years.   The findings ranked the states and cities with the highest number of questionable claims over a three year period: (1) California (58,415); Florida (29,086); (3) Texas (27,107); (4) New York (23,402); and (5) Maryland (10,315).  The top five cities were New York (13,564); Los Angeles (7,779); Miami (5,503); Houston (5,464) and Baltimore (3,690).

The top five reasons for questionable claims classifications were:  (1) casualty-faked/exaggerated injury (50,472); (2) vehicle-questionable auto/boat/heavy equipment theft (35,508); (3) miscellaneous-prior loss/damage (29,646); (4) miscellaneous-fictitious loss (29,017); and (5) property-suspicious theft/loss non-vehicle (24,867).

NICB’s full report can be viewed and downloaded here.


Certain LED light bulbs imported by Lighting Science Group were recently recalled because the bulbs can overheat during use, posing a fire hazard.  The 120-volt LED bulbs, sold as 6- 8- and 9-watt bulbs (equivalent to 40 or 50 watts), were marketed under the brand names Definity, EcoSmart, Sylvania and Westinghouse.  Lighting Science Group is aware of 68 incidents of product failures.  There have been no reports of personal injuries, according to information listed on the Consumer Product Safety Commission website.

Store maintenance and loss prevention teams should send bulletins to stores that may be using recalled products.  A robust plan to monitor, track, and alert stores to recalled products is a valuable way to minimize risk.

To read more:

(Post by Josh Rockwell, an associate at Perez & Morris, LLC. Josh’s practice focuses on retail risk management issues, property loss recovery, and cargo/transport issues. Josh manages cases nationwide.)


It is an unfortunate fact that retailers have to contend with false claims or outright scams.

More and more, stores are using surveillance cameras in their claims review process, to catch and deter scam artists.

Good Morning America has reported on how some of these scammers have been caught using video footage.

Risk managers should carefully review their procedures on claims preparation to utilize surveillance footage to its full extent.


(Post by Josh Rockwell, an associate at Perez & Morris, LLC. Josh’s practice focuses on retail risk management issues, property loss recovery, and cargo/transport issues. Josh manages cases nationwide.)


One of America’s largest malls, the Mall of America, has deemphasized the exclusive reliance upon cameras and metal detectors and instead adopted Israel’s profiling techniques.

“…it uses the same three components as [Israel’s] Ben Gurion airport: detecting suspicious indicators, security interviewing … and operational deployment.”

The program is grounded in behavior profiling.  That is, it uses trained officers to identify “behavior that isn’t considered normal in the mall’s setting.”  According to MOA’s director of security:  ”We want this to be the new industry standard.”


A Walmart customer in Florida was awarded nearly $1.3 million by a jury for injuries sustained when he slipped on a Gatorade sign that had fallen on the floor.  The injuries were severe and included an abnormally bulging arm – known as Popeye Deformity.

Surveillance footage recorded the Gatorade sign falling and … [the customer] slipping on it minutes later.  Walmart argued that its employees didn’t have time to pick up the fallen display.  But, the plaintiff argued – apparently successfully – that if the display had been put together in accordance with Gatorade’s instructions the sign could not have fallen.

So, this is a case of liability turning on the retailer’s creation of the hazard, regardless of its knowledge that the sign had fallen.
Read more: