A small restaurant in Park City, Utah, figures to play a big role in determining how card networks prove suspected card data security breaches and whether card processors rightfully can deduct funds from merchant accounts–without telling the merchants–to cover their own network fines for breaches allegedly stemming from a client failing to comply with Payment Card Industry data-security standards.
Owners of Cisero’s Ristorante and Nightclub filed a countersuit in September charging their former payment processors, Elavon Inc. and parent U.S. Bank National Association, with removing $10,000 from the restaurant business account without “proper notice and the opportunity to contest false assumptions” to cover a portion of PCI fines related to an alleged card-data breach at the restaurant.