April 10, 2012

Heartland Suit Dismissed

A lingering lawsuit against Heartland Payment Systems and two acquiring banks, KeyBank and Heartland Bank, appears to have been put to rest.

On March 14, a federal judge in Houston dismissed, for a second time, a suit filed by a group of financial institutions against Heartland and its acquirers for breach of contract, breach of fiduciary duty and negligence, based on the banks' "alleged failure to monitor Heartland's computer-system security." The suit was one of several filed against Heartland in 2009 after a data breach, which went undetected for more than a year, gave cyberhackers access to 130 million payment card accounts.

As the Heartland breach saga unfolded, it was eventually linked to card compromises impacting thousands of banking institutions. Many of those institutions absorbed the losses; others sought legal action.

The opinion, handed down by Judge Lee H. Rosenthal, of the U.S. District Court for the Southern District of Texas, says the plaintiffs' amended complaint "fails to plead that the Visa and MasterCard networks created a joint venture among the issuers and acquirers, which include the [plaintiffs] and KeyBank."

IT security and privacy lawyer David Navetta says the court's ruling is not a surprise. "I think it's pretty much been a pattern," he says. "Issuing banks don't have a direct remedy to recover the amounts that they lost."

Issuing institutions do get a percentage of what payment card companies such as Visa and MasterCard recover in fines levied after a breach. Navetta says decisions passed down from the court reflect the acknowledgment that the compensation provided by Visa and MasterCard is sufficient.

"Looking at the case law - you would have expected more lawsuits in Heartland, if they thought they could win," he says. "Most issuing banks, unless they've lost a ton of money, are not excited to file lawsuits."

In the case of this multi-institution suit, KeyBank moved to dismiss the complaint, and the court granted the motion. According to Rosenthal, the institutions that filed the suit - Lone Star National Bank, Sea Board Federal Credit Union, O Bee Credit Union, PBC Credit Union and Pennsylvania State Employees Credit Union - failed to amend deficiencies in their pleading from an earlier complaint.
Case Background

In an earlier decision, the judge had ruled that the five financial institutions involved in the lawsuit were not protected as "third-party beneficiaries" in contracts between Heartland and the acquiring banks, KeyBank and Heartland Bank.

KeyBank contracted with Heartland to process Visa and MasterCard payment-card transactions sent by participating merchants. The plaintiffs in the case alleged that KeyBank breached its duties under that contract and that they are third-party beneficiaries. They also alleged that KeyBank breached "its fiduciary duty as a member of the Visa and MasterCard networks," which the plaintiffs characterize as joint ventures.

Other claims were that KeyBank acted negligently by failing to ensure that Heartland complied with the Payment Card Industry Data Security Standard, and that KeyBank is vicariously liable for Heartland's negligence.
Legal Precedent?

The timing of the ruling is interesting, given the newly-revealed Global Payments Inc. breach. Similarities between the Global breach and the Heartland breach are striking in some areas. [See A Tale of Two Breaches.]

But Steve Elefant, the former chief information officer at Heartland who now serves on the counsel team at The Strawhecker Group, says the legal precedents set by suits filed in the Heartland case will likely discourage banks and credit unions from filing similar claims against Global.

"We had lawsuits from everyone from issuers to shareholders to cardholders," Elefant says. "Many of those were frivolous, because the brands protect the issuers, and cardholders are not really affected at all beyond having to use a new card."

This final case, brought against the processor by five issuing banks, is nothing special, Elefant adds. "The only thing about it that stands out is that it dragged out for a while, but that's about it," he says.



The above statements do not represent those of Weston Legal or Michael Weston and they have not been reviewed for accuracy. The statements have been published by a third party and are being linked to by our website only because they contain information relating to debt. Nothing in this article should be construed as legal advice given by Weston Legal or Michael Weston. To view the source of the article, please following the link to the website that published the article. Articles written by Michael W. Weston can be viewed here: To report any problem with this article please email creditcardlawsuit@westonlegal.com



5001 Bissonnet,
Suite 200
Bellaire, Texas 77401

Phone 713.623.4242
Fax 866-579-6411
Principal Office
9901 I.H. 10 West
Suite 800
San Antonio, Texas 78230

Phone 210.787.3539
Fax 866-579-6411
by appointment only
106 E. Sixth Street
Suite 900
Austin, Texas 78701

Phone 512.782.4377
Fax 866-579-6411
by appointment only
320 Decker Drive ,
Suite 100
Dallas, Texas 75062

Phone 214.329.9837
Fax 866-579-6411
by appointment only


May 20, 2014

FTC Permanently Shuts Down Debt Collection Business






2202 N West Shore Blvd,
Ste 200
Tampa, FL 33607

Phone 813.227.4965
Fax 866-579-6411
by appointment only
841 Prudential Drive,
12th Floor
Jacksonville, FL 32207

Phone 904.380.6922
Fax 866-579-6411
by appointment only
618 East South Street
Ste 500
Orlando, FL 32801

Phone 407.241.2380
by appointment only
1111 Brickell Avenue
Miami, FL

Phone 305.913.3725
Fax 866-579-6411
by appointment only




2375 East Camelback Road
Suite 600
Phoenix, Arizona 85016

Phone 602.308.0300
Fax 866-579-6411
by appointment only