Restaurant POS System Lawsuits for Liability over Stolen Credit Card Information

Austin Kirk

By Austin Kirk
Posted December 29, 2009


The lawyers at Saiontz & Kirk, P.A. are reviewing potential claims on behalf of restaurant owners and other merchants who were exposed to thousands of dollars in fines and charge backs after customer credit card information was stolen due to out-of-compliance internet-based credit card POS systems that were sold and installed as compliant with current PCI-DSS security requirements.

Restaurant owners in several states have filed lawsuits against over problems with Radiant Systems’ internet-based Aloha POS software installed by Computer World.

The merchants were sold computer systems that were not compliant with industry security standards, known as the Payment Card Industry Data Security Standard (PCI-DSS). Computer World also allegedly added a remote access system to the Aloho POS that allowed them to remotely connect to the restaurants’ computer systems, using the same password for multiple restaurants.

After hackers were able to access thousands of customers’ credit card numbers, restaurants have had to pay thousands of dollars in penalties for having out of compliance systems and reimbursements for the charge backs issued for illegal purchases made by the hackers.

Lawsuits have been filed in Louisiana on behalf of several restaurant owners, but it is suspected that these credit card billing problems may impact restaurant owners and other merchants throughout the United States.

If your business has been exposed to potential liability as a result of the Aloho POS or other internet-based POS system that was not complaint with current PCI-DSS security requirements, contact our attorneys to review your legal rights.


1 Comment • Add Your Comments

  • Grace says:

    The importance of PCI and PA-DSS compliance cannot be overstated. Software and Hardware Vendors, Payment Processors, Merchant Account Resellers and the merchants their selves all have to take part in the chain of responsibility to protect the cardholders data.

    Though a POS Software System can be fully PA-DSS compliant, that does in fact not necessarily mean that the merchant is compliant by default. The POS system integrator must assure that they follow the implementation guide provided by the POS software company and the responsibility does not stop there. The merchant must assure they they perform quarterly network scans and submit their SAQ (Self-Assessment Questionnaire) to remain compliant. Additionally they are responsible for properly training their staff and taking responsibility to help assure their employees do not put their business nor their clients credit card information at risk.

    We all have to take part in protecting card-holder data. It is unfortunate that many merchant account holders simply feel that POS companies are trying to squeeze an extra dollar out of them when in reality they are often helping them protect their clients data with the latest in security standards that help thwart the threats in the computing environment in the 21st century.

    Posted on December 28, 2010 at 11:03 am

Add Your Comments

  • Have Your Comments Reviewed by a Lawyer

    Provide contact information below and additional private comments if you want an attorney to contact you to review a potential case.

    The information below will not be published to this page.

  • NOTE: Providing information for review by an attorney does not form an attorney-client relationship.

  • This field is for validation purposes and should be left unchanged.