Dive Brief:
- Tampa, Florida’s FiCare Federal Credit Union initiated legal proceedings against Fiserv last week, accusing the payment processing titan of providing insufficient cybersecurity via its online banking platform, tailored for smaller financial institutions.
- According to a complaint filed on Tuesday, hackers infiltrated the Virtual Branch Next system, seizing control of customer accounts and misappropriating funds. This breach prompted Fiserv to impose additional charges on the credit union for purported security enhancements, an allegation that Fiserv refuted in a statement issued to the media.
- FiCare is pursuing not only financial restitution for the losses incurred but also aims to compel Fiserv to bolster its security measures. Charles Nerko, legal counsel for FiCare, emphasized the importance of litigation in enforcing accountability and securing compensation, adding, “If Fiserv billed for protections it failed to deliver, its customers deserve restitution.”
Dive Insight:
The cyber assaults on FiCare commenced in 2024, as outlined by Nerko. Reportedly, customers faced losses amounting to hundreds of thousands due to account takeovers, though Nerko refrained from disclosing the exact figures in the complaint lodged with the U.S. District Court for the Middle District of Florida.
While FiCare reimbursed affected customers and alerted Fiserv regarding the breaches, the payment processor did not compensate the credit union for the disruption caused, according to the allegations.
In its lawsuit, FiCare stated that Fiserv’s infrastructure lacks elementary security measures, exposing member data to critical vulnerabilities.
They facilitate unauthorized access, enabling hackers to illicitly extract considerable sums from financial entities. Despite these shortcomings, Fiserv continued to market its systems, assuring FiCare that all was secure.
Fiserv has contested the assertions laid out in the lawsuit.
“Fiserv disputes the claims and intends to mount a robust defense against the lawsuit,” remarked a representative of the company in an email.
Particularly, FiCare contends that Fiserv neglected to implement essential security protocols, including biometric safeguards and multifactor authentication, as referenced in the complaint.
In December, Fiserv informed customers about impending charges for a security upgrade, stipulating that they must consent to a new agreement by March to receive enhanced protection, according to the allegations.
Fiserv has faced an escalating wave of litigation in recent months. Notably, Self-Help Credit Union, based in Durham, North Carolina, has raised similar concerns regarding lax online security practices on the part of the payment processor.
Furthermore, shareholders have leveled accusations against Fiserv for allegedly misleading investors about the performance of its Clover point-of-sale system by compelling new customers to adopt it.
A separate lawsuit concerning Clover was filed on the same day in a federal court in Wisconsin, claiming that Fiserv improperly redirected merchants to Clover from another point-of-sale service to artificially inflate Clover’s revenue, as reported by Bloomberg Law.
Virtual Branch Next, the system at the heart of FiCare’s lawsuit, is designed to facilitate various online services for credit unions, including bill payment and financial management tools.
Fiserv’s stock experienced a significant decline in late October, following disappointing earnings that fell short of analyst predictions, with shares plummeting nearly 49% since October 28.
CEO Mike Lyons, who succeeded Frank Bisignano last year, has acknowledged certain strategic missteps yet continues to defend the overall performance of the company, particularly with regard to the migration processes associated with its Clover point-of-sale offering.
Source link: Bankingdive.com.
