A few months ago, I wrote about banks’ recent attempts to recoup losses from retailers following data breaches. Now, a bank has filed suit against a payday lender for negligence stemming from a failure to safeguard financial information from checks cashed by the payday lender. USAA filed the lawsuit against PLS Financial Services and The Payday Loan Store in Chicago federal court on August 5.
PLS offers check cashing services, and as part of the process of cashing checks, it collects and stores the account number and routing number of each check cashed. According to USAA, PLS failed to keep this information secure. As a result, fraudsters were able to obtain check images and account information, which enabled them to create and spend counterfeit checks. Many of the checks counterfeited by fraudsters came from USAA account holders, requiring USAA to reimburse the fraud victims and damaging USAA’s reputation. USAA contends that “PLS had an obligation to protect the financial information that it collected relating to USAA FSB. PLS did not do that, and it is liable to USAA FSB for that failure. USAA FSB brings this action to recover its damages.”
This case has important implications on both sides. On the one hand, it is another example of how banks can seek to recoup losses suffered as a result of fraud. On the other, it is a reminder that banks and other entities that store customer financial data must be vigilant in securing that financial data.