WebProNews

A consumer class action suit has been filed in California against Visa, MasterCard, and now-notorious third-party payment processor CardSystems Solutions.

On the same day a massive lawsuit against the two biggest names in credit cards as well as CardSystems, the California Attorney General said he would consider filing a subpoena against CardSystems to demand more information about the incredible security lapses there.

An outside party exploited an existing security vulnerability in CardSystems' network. A piece of software was then illegally installed on the system.

And, unknown to MasterCard and Visa, CardSystems was retaining credit card information counter to credit card company requirements. About 40 million credit card numbers, expiration dates, and security numbers were exposed.

Authorities believe at least 200,000 of those numbers were removed from the system. Fraudulent transactions have affected cardholders around the globe.

The National Australia Bank claims to have discovered the problem in December 2004, but investigators would not take action at that time without more evidence.

Lockyer is seeking information from CardSystems about whether it complied with California law, which requires timely notification of consumers about privacy breaches and which requires that companies safely store personal information, according to attorney general's office spokesman Tom Dresslar.

Apparently CardSystems has not responded to letters requesting more information. Mr. Dresslar noted that under California law, the AG's office can use a subpoena to compel a response.

David Utter is a staff writer for WebProNews covering technology and business. Email him here.