IT services company Savvis is being sued by US bank Merrick
following a data breach in 2006 at the bank's payment processor,
which had previously been vetted by the supplier.
The Courthouse News Service reported that Merrick Bank is
claiming it lost $16m after hackers stole unencrypted credit card
data from its payment processor, CardSystems.
The bank is alleging that Savvis had assessed CardSystems and
reported that its security processes met credit card regulations.
However, less than a year after the assessment, Merrick said the
CardSystems computers were broken into and millions of credit cards
were stolen, resulting in the bank having to pay a $16m to Visa and
Mastercard in fines.
Credit card companies are establishing stringent rules for
protecting card data under a set of regulations known as the
Payment Card
Industry Data Security Standard.
