A new lawsuit, filed by the $37 million Bessemer System Federal Credit Union, makes sweeping allegations that a Fiserv’s technology solution inaccurately reported member account records and information, failed to secure confidential member information and financial records against access by unauthorized third parties and that the Fortune 500 corporation threatened to take civil and criminal actions against the Greenville, Pa.-based credit union.
In 2016, Fiserv allegedly had a security breach and improperly and unlawfully provided Bessemer’s confidential member information, including members’ names, tax ID numbers and portions of account numbers to an unauthorized third party, according to the lawsuit.
“We believe the allegations have no merit and will respond to the claims as part of the legal process,” Ann S. Cave, Fiserv’s public relations director, said.
After complaining that Fiserv’s account processing system, called the Charlotte platform, contained a litany of bugs and defects, Johnette Preddy, a former Fiserv employee who was vice president of credit union solutions, acknowledged in an email to Bessemer System FCU President/CEO Joy Peterson that the credit union “experienced an extreme number of issues,” according to the lawsuit.
“Everyone on our team is aware of these issues and we continue to work for resolution,” Preddy wrote in the email. “I sincerely apologize for the inconveniences and impact to your business.”
However, Bessemer System FCU claims in its lawsuit that even after knowing that there were an extreme number of issues, the problems persisted.
For example, the lawsuit claims Fiserv failed to promptly update and patch affected systems to protect against commonly known security vulnerabilities and exposures, including delaying remediation of high-security vulnerabilities for more than 30 days after publication.
The credit union hired New York-based security ratings company, Security Scorecard Inc., to conduct a review of Fiserv. The review uncovered more than 40 weaknesses in Fiserv’s security.
Security Scorecard rated Fiserv a C on an A to F scale.
“A company such as Fiserv rated below a B is 5.4 times more likely to suffer a consequential breach, a dismal state of security for a company such as Fiserv that is entrusted with safeguarding highly sensitive information pertaining to the customers of more than one in three financial institutions in the United States” according to the lawsuit.
The 79-page lawsuit also alleged Fiserv falsified and misrepresented Bessemer’s member and transactional records. For example, Fiserv sent members federal 1098 mortgage statements that falsely reported the principal balance of the loans in the field for private mortgage insurance even though the credit union provided Fiserv with accurate information for these statements. The technology company assured the credit union that it would issue corrected statements, but Fiserv allegedly never provided documents of these corrected statements, according to the lawsuit.
Bessemer System FCU also alleges that Fiserv knowingly and repeatedly printed false mortgage interest, late fees on receipts and other documents provided to members and misrepresented due dates for loans. Bessemer members have reported that their bill payments were not made in accordance with their instructions, a defect in its account processing system that Fiserv allegedly acknowledged.
The technology problems also affected the credit union’s internal operations.
On many occasions, the lawsuit claims, Fiserv’s Charlotte system was unavailable, which meant the credit union could not access account records and information needed to process member transactions. Bessemer’s staff members were constantly locked out of the system and unable to log on to or log off the system, and that staff members also reported “frequent latency” with the Charlotte teller platform.
Bessemer System FCU is seeking unspecified punitive damages and is demanding a jury hear the case.
“Bessemer System Federal Credit Union values its members and is committed to providing them with the highest levels of service,” Charles J. Nerko, a New York-based lawyer, said who is representing the credit union. “To protect the credit union’s members, the credit union is replacing its core processing vendor and will be taking appropriate legal action against the vendor.”
In 2017, Fiserv reached an out-of-court settlement with the $29 million Parks Heritage Federal Credit Union in Glen Falls, N.Y., which made allegations that Fiserv’s account processing system was inundated with flaws and defects that affected the credit union’s operations and integrity.
Read the entire court document here.