A federal court’s interpretation of a merchant contract resulted in the merchant not being liable for card brand security breach assessments. It may be worthwhile to examine and revise your merchant agreement in light of that ruling.

In Specs v. First Data, decided June 2019, the US Court of Appeals for the Sixth Circuit ruled that the limitation of liability clause in First Data’s merchant agreement took precedence over the agreement’s indemnification clause, and therefore that the merchant was not liable for card brand penalties. The indemnity obligated the merchant to reimburse First Data for any losses arising out of merchant violations of card brand rules, whereas the limitation of liability exempted the parties from indirect and consequential damages. The court found that card brand penalties qualified as consequential damages.
Continue Reading Merchant Found Not Liable for Data Breach Assessments