Credit Cards Don't Just Steal From Cardholders
By Matt Taibbi
January 10, 2012
Great story out this morning by Bloomberg reporter Thom
Weidlich, detailing yet another devious and dirty scheme in
the consumer credit industry.
The story outlines the misfortunes of a successful Park City,
Utah restaurant called Cisero's that is best known for
serving the movie stars and film glitterati attending the
nearby Sundance film festival. The restaurant is engaged in a
legal battle with its bank, but the larger struggle is
between the restaurant and major credit cards like Visa and
It's a complex tale, but the gist of it is that the credit-
card companies invoked arcane provisions of operating
contracts with the merchant, and unilaterally "fined" the
restaurant for enormous sums of money without proving any of
the charges. Some of that money was actually debited from the
merchants' account before they managed to close it.
When a restaurant opens for business, it signs service
contracts with middleman firms that allow them to accept
charges from Visa and MasterCards. These middleman firms
process the charges on behalf of the issuing cards, and also
debit the accounts of merchants for things like debit fees.
The problem is that when merchants like these restaurant
owners in Utah sign their service contracts, they also have
to agree to a series of draconian security rules, under which
they are automatically liable to the card companies if the
card companies suspect fraud or lax security procedures.
In the case of the Utah restaurant, Visa and Mastercard both
claimed that the restaurant allowed charges from fraudulently
used cards, and also violated security rules by keeping the
data for too many customer accounts on their company
From Weidlich's piece:
Unknown to [the owners of Cisero's], data on 8,107 customers'
accounts had been stored in their computer system, they said.
That was fewer than the 10,000 threshold for a fine to be
imposed under Visa's rules that certain customer data
shouldn't be stored on a merchant's computer, they said.
Visa later said 32,581 accounts were on Cisero's computer,
without explaining how it got that number...
The credit companies never proved any of these allegations,
never gave the restaurant an opportunity to answer the
charges, and simply moved, through their middleman firms,
straight to debiting the restaurant's account.
The two credit card companies each ultimately claimed
preposterous levels of fraud:
Visa decided the "actual fraud" was $1.26 million and
calculated Cisero's total liability for noncompliance at
$1.33 million, according to court papers. The restaurant's
"total pre-cap liability" was put at $511,513, the couple
said in court papers, and ultimately Visa said Cisero's owed
MasterCard said it could assess $100,000 against the
restaurant but was imposing only $15,000, they said. The
card company later added $13,850 in loss claims by issuing
banks based on fraudulent cards supposedly made with data
stolen from Cisero's system...
As Cisero's lawyers pointed out, the way the numbers kept
shifting, as though Visa and MasterCard were simply making
them up as they went along, suggested strongly that the whole
business was less about merchant fraud and a lot more about
just randomly taking money from small business owners who
can't fight back:
"These various shifting numbers based on unexplained
calculations" show that the "process is little more than a
scheme to extract steep financial penalties from small
merchants," Cisero's said in court papers.
The most galling part of the story is that the "fines"
claimed by Visa and Mastercard were part of a fine-print
arrangement that is virtually impossible for merchants to
learn about, much less defend against. If you want to have a
restaurant, you must allow credit card charges - but if you
allow credit card charges, you have to sign, sight unseen, an
agreement that says you can be fined tens of thousands of
dollars every time a credit card firm thinks your security
procedures are bad:
When the restaurant and US Bancorp entered their first
contract, "arcane operating rules - over 1,000 pages in
length - were not publicly available to merchants and did not
contain provisions on data security," the McCombs said in
The couple said they had no chance to negotiate over terms
and no choice but to sign.
"Restaurants must be able to accept electronic payments from
Visa and MasterCard to stay in business," they said in the
complaint. Not accepting customers' cards "is simply not an
option for Cisero's."
This story is another example of the central complaint
against financial companies. They occupy a place in society
in which they are a trusted part of our infrastructure. We
allow many of our creditors to debit our bank accounts freely
because we trust them not to simply steal our money without
But the Bloomberg piece is just one more example of financial
companies violating that trust. Episodes like the Utah
business are apparently not uncommon, and other merchants
have complained in recent years of an increasing tendency
toward systematic overcharging in other areas:
The dispute is the latest in the contentious relationship
between merchants and the card networks.
In 2003, in a suit brought by Cannon's firm, New York-based
Constantine Cannon LLP, Visa and MasterCard agreed to pay $3
billion to settle claims they overcharged on debit-card
Merchants last year successfully lobbied for federal
legislation limiting the debit fees. Trade groups and
merchants including the National Restaurant Association have
filed an antitrust suit against the networks in federal court
in Brooklyn, New York that is still pending.
Nobody minds banks and creditors being greedy. But we can't
live with big firms simply taking money out of bank accounts
for no reason, and daring people to sue to get the money
back. That's theft by bureaucratic force, not mere greed.
Portside aims to provide material of interest to people
on the left that will help them to interpret the world
and to change it.
Submit via email: [log in to unmask]
Submit via the Web: http://portside.org/submittous3
Frequently asked questions: http://portside.org/faq
Search Portside archives: http://portside.org/archive
Contribute to Portside: https://portside.org/donate