The story outlines the misfortunes of a successful Park City, Utah restaurant called Cisero’s that is best known for serving the movie stars and film glitterati attending the nearby Sundance film festival. The restaurant is engaged in a legal battle with its bank, but the larger struggle is between the restaurant and major credit cards like Visa and MasterCard.
It’s a complex tale, but the gist of it is that the credit-card companies invoked arcane provisions of operating contracts with the merchant, and unilaterally “fined” the restaurant for enormous sums of money without proving any of the charges. Some of that money was actually debited from the merchants’ account before they managed to close it.
When a restaurant opens for business, it signs service contracts with middleman firms that allow them to accept charges from Visa and MasterCards. These middleman firms process the charges on behalf of the issuing cards, and also debit the accounts of merchants for things like debit fees.
The problem is that when merchants like these restaurant owners in Utah sign their service contracts, they also have to agree to a series of draconian security rules, under which they are automatically liable to the card companies if the card companies suspect fraud or lax security procedures.
In the case of the Utah restaurant, Visa and Mastercard both claimed that the restaurant allowed charges from fraudulently used cards, and also violated security rules by keeping the data for too many customer accounts on their company computer.
From Weidlich’s piece:
Unknown to [the owners of Cisero’s], data on 8,107 customers’ accounts had been stored in their computer system, they said. That was fewer than the 10,000 threshold for a fine to be imposed under Visa’s rules that certain customer data shouldn’t be stored on a merchant’s computer, they said.
Visa later said 32,581 accounts were on Cisero’s computer, without explaining how it got that number…
The credit companies never proved any of these allegations, never gave the restaurant an opportunity to answer the charges, and simply moved, through their middleman firms, straight to debiting the restaurant’s account.
The two credit card companies each ultimately claimed preposterous levels of fraud:
Visa decided the “actual fraud” was $1.26 million and calculated Cisero’s total liability for noncompliance at $1.33 million, according to court papers. The restaurant’s “total pre-cap liability” was put at $511,513, the couple said in court papers, and ultimately Visa said Cisero’s owed $55,000…
MasterCard said it could assess $100,000 against the restaurant but was imposing only $15,000, they said. The card company later added $13,850 in loss claims by issuing banks based on fraudulent cards supposedly made with data stolen from Cisero’s system…
As Cisero’s lawyers pointed out, the way the numbers kept shifting, as though Visa and MasterCard were simply making them up as they went along, suggested strongly that the whole business was less about merchant fraud and a lot more about just randomly taking money from small business owners who can’t fight back:
“These various shifting numbers based on unexplained calculations” show that the “process is little more than a scheme to extract steep financial penalties from small merchants,” Cisero’s said in court papers.
The most galling part of the story is that the “fines” claimed by Visa and Mastercard were part of a fine-print arrangement that is virtually impossible for merchants to learn about, much less defend against. If you want to have a restaurant, you must allow credit card charges — but if you allow credit card charges, you have to sign, sight unseen, an agreement that says you can be fined tens of thousands of dollars every time a credit card firm thinks your security procedures are bad:
When the restaurant and US Bancorp entered their first contract, “arcane operating rules — over 1,000 pages in length — were not publicly available to merchants and did not contain provisions on data security,” the McCombs said in their complaint.
The couple said they had no chance to negotiate over terms and no choice but to sign.
“Restaurants must be able to accept electronic payments from Visa and MasterCard to stay in business,” they said in the complaint. Not accepting customers’ cards “is simply not an option for Cisero’s.”
This story is another example of the central complaint against financial companies. They occupy a place in society in which they are a trusted part of our infrastructure. We allow many of our creditors to debit our bank accounts freely because we trust them not to simply steal our money without justification.
But the Bloomberg piece is just one more example of financial companies violating that trust. Episodes like the Utah business are apparently not uncommon, and other merchants have complained in recent years of an increasing tendency toward systematic overcharging in other areas:
The dispute is the latest in the contentious relationship between merchants and the card networks.
In 2003, in a suit brought by Cannon’s firm, New York-based Constantine Cannon LLP, Visa and MasterCard agreed to pay $3 billion to settle claims they overcharged on debit-card swipe fees.
Merchants last year successfully lobbied for federal legislation limiting the debit fees. Trade groups and merchants including the National Restaurant Association have filed an antitrust suit against the networks in federal court in Brooklyn, New York that is still pending.
Nobody minds banks and creditors being greedy. But we can’t live with big firms simply taking money out of bank accounts for no reason, and daring people to sue to get the money back. That’s theft by bureaucratic force, not mere greed.