A federal judge in California has denied a motion by Fiserv to dismiss a case brought against the company by a credit union that alleged the payments processor deceived clients about its security protocols.
The ruling Thursday by Judge John Walter in the U.S. District Court for Central California in Los Angeles allowed all eight of the credit union’s claims to move forward.
Walter canceled a hearing that had been scheduled Monday, saying it wasn’t necessary for his decision. The judge also said that Polam Federal Credit Union’s claims would be better made in a summary judgment filing, after evidence in the case is heard.
The case alleges that Fiserv breached its contract with the financial institution because the processor’s “deficient and misrepresented cybersecurity practices” has left its “systems and member information vulnerable to unauthorized access.”
The case is one of several cases brought by a group of credit unions, including the Self-Help Credit Union in North Carolina and FiCare Federal Credit Union in Florida. There are also cases pending in New York and Indiana.
Walter’s ruling was the first on a motion to dismiss in the pack of cases.
“Those of us working in the smaller credit union industry already face enough burdens and obstacles,” Polam’s CEO, Jennifer Audette, said in an emailed statement. “Fighting for our members’ right to a secure system should not be a battle we have to take on with a vendor who is supposed to be a partner.”
She added that a lawsuit was the credit union’s “last choice,” but she hopes the ruling will help Fiserv realize that a small union can stand up to a global payments processor.
Fiserv has disputed the allegations, with a spokesperson previously saying the company “disagrees with the claims and will vigorously defend itself in the lawsuit.” A Fiserv spokesperson for the company declined to comment on the latest court development.
In most cases, settlement talks happen behind the scenes, and any adverse ruling can change the tenor of those talks.
Polam alleged in its March complaint that Fiserv pledged to protect their information with the same rigorous standards that it protects its own data, but didn’t do that, and didn’t meet even “basic security controls” in place.
The credit union is seeking monetary damages, indemnification of its losses, recovery of money spent on the contract with Fiserv and payment of legal fees.
“Litigation lets financial institutions turn vendor frustrations into recoveries,” said Charles Nerko, one of the plaintiffs’ attorneys. “This ruling is likely to encourage others weighing similar claims against Fiserv,” he added in an emailed statement.
