ST. LOUIS—A retailer has won a court ruling against a payments processor and a merchant bank, with a $500,000 cap set on how much it must pay for a POS breach the company suffered in 2012.
Winning the court ruling was Schnucks Markets, which the U.S. District Court for the Eastern District of Missouri said is liable for the half-million dollars and that the payments processor and its bank are liable for all remaining costs related to the breach.
Analysts in some media have suggested they do not believe the case will set a precedent for other breach-related cases, but that it could have a bearing on how contracts are written moving forward.
In this case, the court ruled that Schnucks' contractual obligations for breach recovery and losses were limited to $500,000 because the retailer's payments processor, First Data Merchant Services Corp., and its merchant bank, Citicorp Payment Services Inc., did not specify in their contracts that breach liability unrelated to PCI compliance could exceed $500,000.
Related
NASCUS CU Cyber Security Symposium