Allegations of Inadequate Security Measures: Self-Help Credit Union vs Fiserv
Self-Help Credit Union has recently filed a lawsuit against tech giant Fiserv. The credit union accuses Fiserv of knowingly operating insecure account processing systems and then demanding extortionate early termination fees when the credit union attempted to switch to a more secure provider. The lawsuit, filed on December 4 in the U.S. District Court for the Middle District of North Carolina, raises questions about data security standards and the balance of power in the financial technology sector.
The Alleged Security Failings
According to the complaint, Fiserv failed to protect Self-Help Credit Union’s member data with the same safeguards it uses for its own corporate data. This alleged discrepancy is a violation of their master agreement. Self-Help’s lawyers stated in the complaint, “Fiserv sold and operated systems that were so insecure that no regulated financial institution should have been asked to run its confidential data through them.”
While Fiserv allegedly secures its own internal data with layered, possession-based multi-factor authentication (MFA), token generators, and biometric controls, these security measures were not extended to the credit union. Instead, Fiserv is accused of relying on weaker security measures such as email passcode challenges for client data. According to the National Institute of Standards and Technology, this method of authentication is vulnerable to hacking if the user’s email account is not adequately secured.
Furthermore, the lawsuit alleges that Fiserv demanded a seven-figure “early termination” and deconversion payment when the credit union sought to switch providers. The credit union describes this as a “ransom” and is seeking a court order to void these fees.
Fiserv’s Response
Fiserv has responded to these allegations by stating that they disagree with the claims and will be defending themselves robustly in the lawsuit. The company’s spokesperson told American Banker, “We disagree with the claims and will vigorously defend ourselves in the lawsuit.”
Legal Challenges Amidst Financial Turmoil
The lawsuit comes at a challenging time for Fiserv. The company has recently faced shareholder lawsuits, executive turnover, and a falling stock price following a significant earnings miss. In November, multiple shareholder class actions were filed against Fiserv, CEO Michael Lyons, and then-CFO Robert Hau, following a dramatic drop in Fiserv’s stock price after its third-quarter earnings report.
Additionally, Fiserv is undergoing a significant leadership overhaul, with CEO Michael Lyons having taken the helm in May 2025 and CFO Robert Hau set to be replaced by Paul Todd, formerly of Global Payments. Amidst these changes, Fiserv announced a restructuring plan dubbed “One Fiserv” and a move to transfer its stock listing from the New York Stock Exchange to Nasdaq.
The Implications of the Lawsuit
The lawsuit filed by Self-Help Credit Union raises serious questions about data security in the financial technology sector. It emphasizes the importance of robust security measures and the potential consequences for companies that fail to adequately protect client data. The outcome of the case could set a precedent for future disputes of a similar nature.
This lawsuit brings to light the importance of trust and security in the digital age, particularly in the financial industry where sensitive customer data is at stake. It serves as a reminder to all businesses to ensure their data security measures are up to par to avoid similar disputes.
Here is the original source of the story.
