BoA, VISA Sued for Patent Infringement by Every Penny Counts

Bank of American and VISA were recently sued by Every Penny Counts, Inc. which alleges that BoA's "Keep the Change" program infringes upon its 1995 patent for a "Method and system to create and distribute excess funds from consumer spending transactions." When a participant in "Keep the Change" makes a purchase with his or her debit card, the Bank "rounds up" the amount deducted from the card holder's account to the nearest dollar and then puts that extra change into a savings account. In the UK, the idea has been copied by Lloyds TSB.

Last summer, BusinessWeekOnline did a big write up on how BoA, wanting to bring in new accounts, hired "an innovation and design research firm" to "conduct ethnographic research on boomer-age women with children." Women with children apparently have a tendency to round off entries in their checkbooks to an even amount, and they have a hard time saving money. Taking this important information, BoA

put together a team of product managers, finance experts, software engineers, and operations gurus and held 20 brainstorming sessions. The team generated 80 product concepts, boiled them down to 12, and overwhelmingly favored one: rounding up the financial transactions of consumers and transferring the difference to their savings.

The final little twist to this story is that at least one report in the blogosphere suggests that BoA filed for a patent on the "Keep the Change" idea itself.

Stop & Shop Data Breach -- POS Devices Tampered With

The Boston Globe reports that point-of-sale (POS) devices at several Stop & Shop locations in Rhode Island and Massachusetts were tampered with allowing thieves to steal credit and debit card information and PIN numbers. Stop & Shop issued a public letter to its customers about the incident and published Frequently Asked Questions on its website. While the Stop & Shop FAQs state that "no fraudulent transactions relating to debit or credit cards used at these store locations have been reported to Stop & Shop," the Boston Globe story says that a "bank notified Quincy, Mass.-based Stop & Shop this week that illegal purchases were made."

So far, no information on the make or model of the POS devices or how they were tampered with. If litigation ensues, one wonders if the hardware manufacturer will brought into the fight.

TJX Class Action Lawsuits

At this point in time, there are 5 class action lawsuits filed against TJX and, in some cases, its acquiring bank Fifth Third. Four of the cases attempt to assert claims on behalf of all individuals whose personal information was compromised by TJX. The fifth case (Amerifirst) asserts claims on behalf of all financial institutions which issued credit and/or debit cards that were compromised by the TJX data breach. The cases are summarized in the chart below.

Plaintiff(s)	Defendant(s)	Court	CA number	Filed
Wood,Willoughby	TJX, Fifth Third	N.D.Ala.	07-cv-00147 (RDP)	01-19-07
Miranda, Farley, Jenkins	TJX, Fifth Third	D.P.R.	07-cv-01075 (FAB)	01-26-07
Mace	TJX	D.Mass.	07-cv-10162 (WGY)	01-29-07
Amerifirst Bank	TJX, TJ Maxx, Fifth Third	D.Mass.	07-cv-10169 (JLT)	01-29-07
Gaydos	TJX, Fifth Third	D.Mass.	07-ca-10215 (WGY)	02-05-07

For some reason, not all of the columns in the chart are viewable on the blog. You can view the entire chart here.

I'll post the complaints as well as an analysis of each case in the next few days.

The Economist Announces the End of the Cash Era

The cover of the February 17-23, 2007 issue of the The Economist announces "the end of the cash era" with a cute graphic of dinosaurs made of coins and bills. In an editorial, the magazine acknowledges that the trend of electronic payments replacing cash transactions is unstoppable, but urges that payment systems be designed to preserve anonymity. A second article explores new technology for making payments by smart card and mobile phone. Interesting details on new products in Europe and Asia. The article focuses mostly on technology, but the last few paragraphs address the primary business issue -- who is going to control (and make money) from these transactions: banks, card associations, wireless companies. The editorial is available on-line but requires a subscription.

The article is available for free.

Identity Theft is Down. Who Knew?

Last week Javelin issued a study on identity theft it conducted for Wells Fargo, VISA and Checkfree. They found the number of people reporting they have been victims of identity theft has gone down in recent years. Javelin calculated the number of cases of fraudulent use of personal data (such as credit card numbers or social security numbers) per year as follows:

• 10.1 million cases in 2003
• 8.9 million cases in 2005
• 8.4 million cases in 2006

Their conclusions are based on data gathered by a telephone survey. It will be interesting to see whether the TJX incident has any effect on this trend.

Massachusetts AG to Lead 30 State Probe Into TJX Data Breach

Massachusetts Attorney General Martha Coakley announced her office will lead a multi-state civil investigation into the recent data breach at TJX Companies, parent to TJMaxx, Marshalls, HomeGoods and a number of other well known retail chains. Coakley has asserted control of the investigation because TJX is based in Framingham, MA. Eweek.com reports that 30 other states have joined the probe.

The Massachusetts Bankers Association reports that thieves have made fraudulent use of credit and debit card information from the TJX incident in Florida, Georgia and Louisiana, as well as in Hong Kong and Sweden. Nearly 60 banks in Massachusetts have been contacted by the card associations and told that information about their card holders was disclosed. Banks are notifying their customers and in many cases are reissuing cards.

The fact that card holders and banks are (allegedly) able to trace particular fraudulent transactions back to a particular data breach by a particular corporation means the TJX matter is going to be very significant. It is the first big case in which people harmed by a data breach will be able to identify and then, of course, sue the company responsible for the disclosure of their personal information. Will there be class action lawsuits? Oh, please! Half a dozen have already been filed and my guess is that's just the start. More info on the class action litigation in a future post.

A Confusing, Convoluted Victory for DataTreasury

DataTreasury Corp. scored a victory of sorts before the U.S. Court of Appeals for the Federal Circuit, announcing today that the appellate court affirmed a lower court's ruling dismissing DataTreasury's patent infringement case against Electronic Data Systems Corp. (EDS). That's right -- the court dismissed DataTreasury's suit against EDS and DataTreasury counts that as a victory. Here's why:

DataTreasury holds several patents which purport to cover the process of storing and sharing images of checks over the internet. The company claims that its patents are integral to the implementation of Check 21 -- the recently enacted law which allows banks to clear checks by sending images of the documents to each other rather than the paper itself. DataTreasury has made quite a name for itself by suing lots of banks and financial service providers for patent infringement. JPMorgan Chase, Citibank, Bank One, Wells Fargo, Zions, First Data, RDM, NetDeposit and, of course, EDS have all received a summons from DataTreasury. Even more surprising than the fact that this little company would take on the big dogs is how successful its strategy has been. Many of the defendants, including the normally ferocious rottweiler JPMorgan Chase, have settled with DataTreasury and even more corporations have lined up to pay licensing fees in order to avoid litigation.

So what explains DataTreasury's jubilation at having its case against EDS thrown out? You need to know one other fact. DataTreasury actually had two lawsuits against EDS going at the same time. The case that was dismissed was filed in Federal District Court for the Northern District of Texas (N.D.Tx). The second case was filed in Federal District Court for the Eastern District of Texas (E.D.Tx). Northern? Eastern? Does it really make a difference? You bet it does. Plaintiffs who file patent infringement suits in the E.D.Tx win more often than plaintiffs in any other Federal court in the country. If it has to be sued for patent infringement, EDS wants to be in any court other than the Eastern District. When the judge in the N.D.Tx dismissed the case before him in favor of the case in the E.D.Tx, EDS quickly appealed to the Federal Circuit. By affirming the Northern District decision, the appellate court is forcing EDS to proceed in the hostile Eastern District.

To further complicate matters, we should recognize that many commentators believe the DataTreasury patents are invalid and unenforceable. To be patentable, an innovation must be "novel" and "nonobvious." In other words, it should be something new and surprising and not an old idea or something that immediately pops to mind. Sending images of documents over the internet is not a particularly earth shattering break through, even if the documents are checks. Further, earlier patents and industry publications suggest that DataTreasury didn't come up with the process first. Critics of DataTreasury got a major boost in December 2006 when the Patent and Trademark Office (PTO), following a reexamination of DataTreasury's primary check imaging patent, concluded that it failed to meet the standards for patent protection. DataTreasury vowed to appeal the decision.

Barring a successful appeal to the Supreme Court, DataTreasury’s case against EDS will go forward in the Eastern District of Texas where the juries rarely fail to enforce a patent. It will be interesting to see what they do with a patent that even the PTO agrees isn’t valid.