Recent class action lawsuits against MAPCO Express, a convenience store chain, and Schnuck Markets, Inc., a St. Louis-based grocery store chain, illustrate a growing trend in lawsuits against retailers for failure to adequately protect consumer credit card information. In the case of MAPCO Express, according to a press release issued by the company on May 6, 2013, hackers used malware to access its payment card processing systems throughout periods in March and April, 2013. All 377 of the MAPCO Express convenience stores are said to have possibly been affected. Three class action suits were commenced in the wake of the security breach, alleging millions in damages. Schnuck Markets is also in litigation as a result of its network being attached by a computer code designed to secure payment card details. These lawsuits were brought on behalf of consumers but it is expected that banks may soon join the mix as well to recover the substantial costs in remedying fraudulent transactions for their customers. Banks feel retailers are not doing enough to protect cardholder information, according to one recent blog post found on BankSecurityInfo.com. (http://www.bankinfosecurity.com/interviews/more-litigation-against-retailers-expected-i-2009 ).
The industry standard for data security appears to be the Payment Card Industry Data Security Standard (“PCI”) set forth by the Security Standards Council. According to the Security Standards Council’s website, the PCI provides a framework for creating a data security process to prevent and detect incidents. In order to participate in the PCI program, the Security Standards Council requires a fee of $3,500, which gets you the minimum participation. The fees only increase from there, quickly totaling in the tens of thousands for added certifications and encryption programs.
For more information about the PCI and the Security Standards Council go tohttp://www.pcisecuritystandards.org.
For information regarding the MAPCO Express or Schnuck’s Market lawsuits, visit: