Elavon Lawsuit – A Merchant Challenges PCI Compliance

Elavon Gets Sued Over Excessive PCI Compliance Fees

Elavon Logo
Elavon Logo

In case you missed it, Wired magazine recently published an interesting story about the owner of a restaurant called “Cisero’s” in Utah that is suing Elavon over PCI compliance fines.

The problem started when U.S. Bank (Elavon’s parent company) was fined $90,000 by Visa and MasterCard, who alleged that Cisero’s had not secured its network and experienced a data breach that resulted in fraudulent transactions on a few of its customers cards. In reaction, U.S. Bank debited Cisero’s checking account of $10,000 without notice and then filed a lawsuit against Cisero’s owners (Stephen and Theodora “Cissy” McComb) to obtain the remaining $80,000, stating that their merchant account contract makes them responsible for such fines.

The McCombs have filed a countersuit against U.S. Bank alleging that the bank deceives merchants into signing unfair contracts that allow it to arbitrarily change terms without notice, impose random fines without clear explanation, and refuse merchants a chance to dispute fines before the money is taken from them. As any experienced merchant knows, these types of contracts are not limited to just Elavon or U.S. Bank, but are a standard practice in the credit card processing industry.

At the heart of the issue is the controversial PCI Compliance Security Standards Council, an internally created organization within the industry that dictates data security standards with which merchants must comply when accepting credit cards. Providers such as Elavon are held responsible for the security vulnerabilities of their merchant customers and incur costs for undergoing periodic audits. However, nearly all providers pass this liability onto their merchant customers in their merchant account agreements, thereby indemnifying themselves completely. Many providers also charge merchants annual fees to cover their PCI compliance costs, but often these fees are marked up at huge profit and go far beyond simply covering additional costs. It is common for merchants to be told that that the infamous “PCI Compliance Fee” is a government-mandated fee which is required to be passed onto the merchant; however, this is nothing more than a complete falsehood.

Cisero’s lawsuit brings into question whether or not VISA and MasterCard should have the authority to impose fines and penalties on merchants as though they are a government agency. This is especially important considering that the fines are forcefully taken without any proof supplied to the merchant of security issues or breaches, or with any recourse for the merchant to appeal the fines. Cisero’s serves as a prime example and has reported that no evidence has been supplied regarding its alleged breach. The owners have also received little to no cooperation in resolving the issue.

Successful litigation could open the doors for other merchants who have been wrongly fined and force a change in PCI Compliance policies. What do you think? Are PCI Compliance fees reasonable in cost? Are the policies regarding PCI fair to merchants? Do you have a PCI compliance horror story like Cisero’s? Tell us your thoughts in the comment section below.

View Cisero’s court filing.

Thank you for reading my review. I hope that it has helped you with your research.

Why I'm Qualified to Write About Credit Card Processing

I'm a former credit card processing sales director who left the industry to start my own a small business. From the time that I starting working in the merchant services industry to when I left to write about it, I've been on the pulse of payments for nearly 15 years. It didn't seem fair to keep this insider knowledge to myself, so built this website to help small business owners research which service providers to use and how to save money on rates and fees. I've reviewed hundreds of companies, read thousands of user reviews, and learned the pricing tricks of every provider. If you have questions about credit card processing, you can find the answers here. I can help you save money with your current merchant account or help you find a new one. Message me here to get started.

Get started right away! I've help businesses save $1,156,834 this year alone! Submit a recent statement and I'll take a look at it for free.

Submit a Statement

  • Accepted file types: jpg, png, pdf, xls, xlsx.

13 Reviews Leave Your Review Below

  1. Leilei says:

    We have a customer order two high ending machines from us, we call Elavon try to find out is this a fraud, the people works at Elavon service center said they will contact with card holder and If there is any problems, they will call me in 3-4 business days.

    However, 10 Days later, she did not give us a call, we ship the products out , about two weeks later, we receive charge back from your company.

    We called: she said : sorry, I forget tell you, this is Fraud. But, it’s too late. We already ship them out.

    I call and call many times, No one listen your complain, this is Elavon.

    They made mistake , but, you have to pay !

  2. […] What Comes After A Data Breach? Reduce Legal Risk, Forbes, Repercussions of a Data Breach Can Be Disastrous, Buffalo Law Journal; Ponemon Institute Study; Genesco Lawsuit Could Shake PCI Compliance Regime To Its Core, Dark Reading, Elavon Get’s Sued Over Excessive PCI Compliance Fees […]

  3. Muppet! says:

    Ok I’m dumb. Never took cards in over 40 years of business and decided to go with Elavon.
    My problem came at the end of the first year when PCI compliance reared its head.
    I never knew about this as it was never explained and no I didn’t scan the agreement, just took the guy’s word and signed up. What could go wrong?
    I was informed by email that my compliance had expired two months previously and I was being charged £17 per month until I was compliant.
    I asked in two phone calls and letters for the fees to be sent to me in writing for my record and no letter ever arrived.
    I was informed that their computer records flagged me as being non-compliant and that was why I was contacted. What? After two months?
    Apparently the £30 fee for compliance is paid to Elavon, so why be in a rush to charge me when they can grab £51 extra by the time it was sorted!
    Oh yeah, it’s up to me to arrange compliance I was informed.
    Funny how this caring company leave me without cover for so long.
    Roll on two more years and I’m out of there!
    Although reading these comments that might not be so easy!!!!!!

  4. Frances Sanders says:

    PCI Compliance has always been just a way for the credit card companies to make money. During the time when PCI compliance first came out I had problems with it. One of the things Elavon would do was to send the merchants information regarding the PCI compliance under the name of Elavon. Most merchant do not know them as Elavon because most sign up under US bank or under the name of the bank . When merchant call in we would answer the phone as Merchant Services so when they received mail from Elavon they would throw it away. After 30 days they could not dispute the fees so those fee would not be removed. I also never understood why terminal merchants had to become PCI compliant every year if your terminal has been truncated (last 4 digits of card only) there was no way it could be compromised.

  5. Paul says:

    I just got hit for the £120 pci compliance fee and I am trying to find out if I have to pay it or not. I cant even get a straight answer as to what it is for …. can I legally refuse it and cover myself, I honestly don’t recall seeing it in the contract.

  6. matthew nugent says:

    i just learned elavon is charging me 6 percent of sales by adding the cost of the users rewards to my charges. i challenged them and they would only say they would review my charges in 7 to 10 days.in my opinion they are cheating their own customers.i am changing to Frontstream now and not waiting for them to forget to call me back.

  7. andrea torres says:

    Elavon are professional thieves they debited my account for 5 years with out me knowing . I close the account 2007 n send the machine back n they said they have no record of that . I talk to the supervisor to get my money back they said no because i didnt follow up. They debit my account $69 a month some months $124 or $128 for 5years . Without me using there services dont trust them. This is so unfair

    1. William V Huff says:

      Andrea, your only recourse is to sue them. If you have a record of sending their machine back, take them to small claims court. Consult with an attorney first. Your losses appear to be around five thousand so it falls in the small claims territory. If you win, they will have to pay the court costs, and your award from the court could be higher than your losses. Especially if you get a judge that is familiar with these corporate thieves. Either way, good luck. I hope you do some them as I have a strong sense of justice, and I hate to see Elavon getting away with the tactics they use on the small business person.
      .

  8. After giving them ALL my information, I had a customer steal from me and reverse the charges on his credit card. After seeing my bank account get charged $390.00 Dollars! I asked them what he charge was for. They told me they didnt even know and they would have to talk to a supervisor.

    The superviser told me it was for a chargeback. I told them I had the signed receipt (which I did). they tod me it didnt matter and that elevon was notfiied 3 months ago and never ONCE ATTEMPTED TO CONTACT ME!!! :(

    And to make matters worse, I was told that because they were notfied 3 months ago, MY “DISPUTE WINDOW” EXPIRED. WTFFFFF!!!????

    Not only that but I have been receiving “non pci compliance after going through it the day I started. THey told me that sytems can take up to a year to update their compliance certifications and REFUSED TO REFUND ME THE FEES. And now Im getting $70.91 charges from them and when I call in they cannot even locate the charge.

    I will find out to sue them and get to the bottom

    THEY ARE CRIMINALS!!!!!

    Your better runnig a SQUARE OFF an iPHONE!

    1. William V Huff says:

      It’s about time somebody sued these corporate pirates. If enough people sue them maybe they will get their act together. They have been running roughshod over the small businessman for years. They do it because they know the small merchants can’t afford to sue them. Most of us can’t afford the time and resources it would take to pursue a lawsuit to recover our losses. They are well aware of this, in fact they count on it. They will milk each account with arbitrary fines, withhold funds, misc fees, and when the merchant can’t take any more and tries to get out, they hit you with more. I was one of the lucky ones, they hit my animal rescue for only about a thousand dollars. I will never forget or forgive. So when I see someone go after them it makes me feel good. I am an American and have a strong sense of justice. I would dearly love to see them get JUSTICE, that is exactly what they should get. Go get ’em.

  9. giao says:

    I called to close 2 accounts with Elevon back in October last year. I filled out a complete closure form email to me by one of their representative. They continue to charge me monthly service fee which is close to a hundred dollars a month per account.
    After many phone calls, plenty of transfer to supervisors etc … they always come back with “we have not received your closure forms”, “we can’t not close your accounts until receiving your closure forms …”, even though I had faxed, mailed (certified) a dozen of times with many different supervisor names on the fax. The answers continue to be the same.
    Now, after 6 months of closing our account, they charged a $195.00 early termination fee, which supposed to end this April. And they refused to refund the fees or the charges.
    Do you see their tactic, they only closed my accounts on the last month of the contract, in order to charge me 5 months fees, and early termination fee. In another word, they screw you twice.
    I would never do business with these people again. And I will use all my free time to spread the word. If anyone asks me about this company, I’ll tell them RUN DON’T WALK.
    They might get a few hundreds now, but they will lose thousand in the long run. It’s an awful way to run a business.

    1. Tham Phan says:

      Elevon merchant service company took money out from my US bank for THREE years from 7/2015 to 11/2018. They said they did not receive my cancel call. I call to get a refund. They said they would pay me back only $90.00. Please help to get my money back.
      Thank you
      Tham Phan
      909 727 6006 Cel
      [email protected]

  10. William V Huff says:

    Elavon charged me a non-compliance fee without notice that I was not in compliance. They debited my account at christmas so I didn’t notice the charge for a while. This caused several overdrafts and a great deal of stress. I run a dog and horse rescue funded by my social security. I didn’t have any recourse, complaints fell on deaf ears. I even had my bank manager call them to stop the charges, to no avail. They charged me several times before I could find out what the charges were for. I filled out their form online for compliance stating that I had no intention of taking credit cards, entering no to all questions. Nothing helped so I tried to cancel and was promptly hit for several hundred more before I could get away from these corporate pirates. I am so glad someone finally is taking them to court. I simply could not afford to do that, as they are well aware. They treat the small businessperson like dirt, fining them, no customer service, no returned phone calls. They took almost a thousand dollars from my rescue and I never used their service once. I know I will never get back the money they cost me and my animals have to pay for that. Elavon, shame on you. I will be eagerly awaiting the results of the lawsuit. William Huff

Leave a Review

Your email address will not be published. Required fields are marked *

Please do not use profanity or ALL CAPITAL LETTERS in your review. Reviews must provide a detailed account of your experience. By submitting a review or comment to CPO, you are agreeing to our Comment Policy.