Login Register (614) 442-5511 Contact Us

PCI DSS Compliance

Court Battle Weighing Midwestern Grocer’s Breach Liability Continues

(November 5, 2015) The legal battle regarding a 2013 data breach for Midwestern grocer Schnuck Markets’ continued this week as a pair of payment-processing companies asked the Eastern District of Missouri, U.S. District Judge John A. Ross to allow them to appeal a previous ruling earlier this year that Schnuck Markets’ 2013 data breach liability was limited to $500,000. Similar to most retailers Schnuck’s had a three-way processing agreement with a merchant bank and a payment processor. In the ruling earlier this year, for loses over the $500,000 cap, the Judge ordered that the payment-processing companies return money they had withheld for banks’ loses and ruled they must pay fines and fees from Visa and MasterCard. The payment-processing companies subsequently pushed U.S. District Judge Ross to allow them to appeal to the Eight Circuit. We will continue to monitor the ruling on this case as it may potentially impact similar cases in the future. We recommend contacting OGA’s preferred labor and employment attorney Matt Austin, from Roetzel & Andress for any questions on this case. You can reach Matt at MAustin@ralaw.com or by phone at 614-723-2010.

Payment Card Industry Data Security Standard (PCI DSS)

On at least two other occasions, the Ohio Grocers Association has done its best to communicate to our members the importance of credit card security in the process of being compliant. This is important stuff, and it needs every business that accepts VISA or MasterCard to pay close attention to it.

Don’t for one minute think that this is just a big company issue – it can happen to you or anyone who accepts credit cards as customer payment. In fact, there were several independent grocers that were involved in a potential security breach in Ohio and some of them involved small, single-store operators.

It’s this simple. There are bad guys out there that are trying to steal credit card data in order to perpetrate fraudulent activity through the use of identity theft, so it is important for any business that uses VISA or MasterCard to begin the compliance process, if they haven’t already. There are three things that we recommend as starting points: 1) Contact your technology partners and make sure that you are communicating clearly with them with regard to the compliance process.

The Ohio Grocers Association strongly urges you to seek the necessary help in the compliance process in order to protect your good name, your money and your ability to accept credit cards. Do not be the next “merchant victim!”