Lawsuit Brewing Against Popular POS Software Provider and Reseller
Attorneys are on the verge of announcing the official filing of a national lawsuit against one of the hospitality industry’s biggest point-of-sale (POS) technology providers and one of its system resellers.
By: MItch Leff
Restaurants in multiple states alleging negligence and PCI-DSS violations in security breaches
ATLANTA, May 26, 2010 — With evidence mounting of flagrant abuses of PCI-DSS security standards, two attorneys are on the verge of announcing the official filing of a national lawsuit against one of the hospitality industry’s biggest point-of-sale (POS) technology providers and one of its system resellers. The targets of the upcoming legal action will be Restaurant Data Concepts, Inc. of Warwick, Rhode Island – creators of the POSitouch™ system - and CC Productions of Hoboken, New Jersey, the reseller. POSitouch technology is installed in more than 20,000 restaurants nationwide.
According to the attorneys preparing the lawsuit, Charles Hoff (the Law Offices of Charles Y. Hoff, PC, Atlanta) and Shiel Gallagher (Gallagher & Gupta, PC, Chicago), the companies allegedly sold and installed POS systems that contributed to identity thefts at multiple restaurant locations. Gallagher and Hoff are still being contacted by new plaintiffs who wish to join the lawsuit, and there is hope that RDC and CC Productions will decide to resolve the situation before it goes to court.
“Frankly, I have seen all kinds of abuses of PCI standards in the industry, but this is as flagrant as it gets,” said Hoff. “POS vendors have a responsibility to do their part to ensure that their customers use only PCI-certified system applications. These systems should never store sensitive customer credit card information that could be stolen by hackers.” In addition to his hospitality law practice, Hoff lectures on PCI-DSS issues to the restaurant industry and is called in by restaurant associations to assist their members when security breaches occur.
Hoff and Gallagher have issued notification letters about the developing lawsuit to restaurant associations in all 50 states so that they may alert members.
PCI-DSS is a comprehensive set of technological requirements and consumer protections created primarily by the major credit card companies as part of a PCI Security Council to safeguard merchants from internal security breaches and identity theft. POS system vendors must follow these standards, and any businesses accepting credit cards for payments (such as restaurants)
At the core of the allegations in the developing lawsuit:
1) POSitouch’s POS system failure: The facts emanating from a forensic audit reveal that POSitouch sold a system that was non-compliant with PCI-DSS.
2) CC Productions’
“POSitouch and CC Productions have not been responsive to our efforts to resolve this situation on behalf of their customers,” said Gallagher. “We know there are many more restaurants across the country that have used these companies and could potentially be facing similar frustrations. Our goal is to give all of these customers a voice and resolve the issues that are putting diners at risk.”
While the exact amount of the identify theft losses to banks, the financial losses to the restaurants, fines, investigatory costs, fines imposed by the credit card companies and other costs attributed to fixing the computer systems’ security breaches are still being tallied, the lawsuit is seeking compensation to repay the penalties levied by the credit card companies and the massive costs to track down and repair the POS system problems. According to the attorneys, damages “could run well into seven figures.”
“There are many restaurant owners who are not aware that there may be a potential crisis lurking in their systems and that their businesses and customers may be at risk due to these companies,” said Gallagher.
Restaurant owners using POSitouch and/or CC Productions who are concerned about risk exposure can contact Gallagher and Gupta – (312) 841-1141, positouchclaim@