TAMPA, Fla. —The $79-million FiCare FCU here filed a lawsuit against Fiserv Tuesday, alleging Fiserv failed to secure its online banking platform, Virtual Branch Next, and then attempted to charge additional fees mid-contract for security measures the credit union contends were already required under the parties’ agreement, NERKO PLLC reported.
"The lawsuit follows earlier reporting on disputes between financial institutions and Fiserv over cybersecurity. Unlike prior cases that focused on alleged misrepresentations about existing security controls, this case centers on what the credit union describes as a different tactic: withdrawing security functionality mid-contract and requiring financial institutions to pay for a replacement marketed as a security 'upgrade,'” NERKO PLLC said.
According to the complaint, the credit union used Fiserv’s Virtual Branch Next and experienced repeated account takeovers and fraud losses. The credit union reimbursed affected consumers and raised security concerns with Fiserv. The complaint alleges that Fiserv did not implement possession-based multi-factor authentication as required by Fiserv’s contract and applicable federal standards, NERKO PLLC said.
"In December 2025, Fiserv issued what it called an 'Enhanced Authentication Product Sunset Notice,' stating that it would discontinue 'Enhanced Authentication' for Virtual Branch Next effective May 31, 2026, and that financial institutions must sign a new agreement by March 2, 2026 to receive a replacement service marketed as 'SecureNow.'
The complaint alleges that SecureNow "is not an ‘upgrade' but a 'mid-contract shake-down,'" and that SecureNow does not address the root cause of online-banking account takeovers, leaving financial institutions exposed to hackers, NERKO PLLC reported.
“FiCare takes the protection of its members very seriously. The credit union reimbursed members who reported online banking fraud losses and is taking appropriate legal action against Fiserv, the provider of its online-banking system. FiCare strongly disagrees with Fiserv’s recent decision to withdraw certain existing online banking security features mid-contract and then require financial institutions to pay for a replacement marketed as ‘SecureNow’ under new terms and higher pricing. Security should not become a mid-contract upsell,” stated Charles Nerko, managing partner, NERKO PLLC, and lead counsel to FiCare FCU.
NERKO PLLC said FiCare seeks monetary damages and a court order that it has no obligation to purchase “SecureNow” from Fiserv, and no obligation to pay Fiserv’s early-termination and deconversion fees.