Firefly POS Class Action Lawsuit

Really want to get a class action lawsuit going against Granbury/Firefly. Need to find representation to take this case.

This company has cost me over $13,000 in Audit fees along with fees from Visa and Mastercard because Software/Remote Networking was NOT PCI compliant. Also have been paying $160/Month for NON-Existent tech support. Not to mention the countless headaches and frustration from the numerous glitches in the software.

Most frustrating company to work with and am looking to dump this system early next year when I can afford to buy from a new vendor (most likely will be Revention).

Also, If anyone wants to buy a 5-Station Firefly POS (Piece of Sh**) then send me a PM and I will sell you mine for dirt cheap and put the money toward a new system.

Sorry for your problem. I got rid of mine 2 years ago. The best thing I ever did, I also tried to sell it but ended up throwing it away. The last straw for me was calling tech support and the support guy being pissed at be after trying to tell him the prob. Ohh and he called a day after my first support call.

WOW, Vlad – sorry to hear about your costs with Firefly! Were you fined by Visa/Mastercard or did you experience a breach due to non PCI compliance?

Reminds me of the restaurants in Louisiana – they got hacked because their POS system was not updated properly by the vendor – albeit – the restaurants were charged for the license upgrades, by the vendor. Gives my industry a bad name.

For those of you who are not familiar, when you experience a credit card breach or are hacked and consumer information concerning credit cards is stolen from your company YOU are responsible for the cost of the Secret Service investigation, plus the consumer losses and any fines assessed by Visa, Mastercard – the Louisiana breach – 7 restaurants - $10,000 for the investigation per each location

There is something to think about…

Will things eventually change to a model where operators do not ever see CC#s…I process CCs on my website for magnets sales and never see the card numbers…


As the CEO of GRS / FireFly, I’d like to address these posts directly. First, let me say that we are disappointed to hear of any client who is not satisfied with our products or services. I would like the chance to speak with you directly to clear up any problems and see if we can turn things around. Please contact me at 800-750-3947 or send me a PM so that we may try to improve the situation for you.

Regarding the credit card breach that was mentioned, I wanted to share some information that is important to all restaurant owners. We’ve all heard of PCI compliance, but many restaurant owners are not taking it seriously enough. At GRS, we take it very seriously. The FireFly POS software is certified PA-DSS compliant. Since 2008, FireFly shipped and recommended network security devices that met PCI guidelines.

We also took steps to communicate to all clients, some of whom were using older equipment, that network security upgrades were recommended. Unfortunately, not all clients took steps to upgrade and secure their networks as suggested. And unfortunately, a small number of FireFly clients were among the nearly 5,000 merchants nationwide who were victims of credit card fraud in 2011, a 286% increase over 2010 levels.

I want to be clear - Starting in 2008, we provided updated security recommendations to our customer base. 100% of our clients that acted our security recommendations and followed strict security guidelines were never breached. Only those few that did not act on those recommendations were impacted.

This type of fraud is epidemic, and, like in the case experienced by these clients, is often directly related to insecure network practices, NOT the POS software itself. While GRS does not provide network security services, we do partner with VendorSafe, a PCI managed network expert, whom we recommend to assist clients with securing their networks and meeting other PCI-related obligations. We also recommend that clients upgrade their credit processing solutions - for instance we offer a 100% encrypted and tokenized solution that keeps all card data out of the store completely.

Network security practices are constantly evolving in an attempt to stay one step ahead of the bad guys. All restaurant owners should take a serious look at their technology, especially if installed prior to the PCI mandates that occurred in 2010, and ensure that they have the latest upgrades to their software and network security to keep them safe.

Wow . . .

I’m actually pausing here so as to not come across as unprofessional.

There was never any communication about security measures to be taken until after the fallout from the security breaches. Even then the letters sent out were meant to take cover by simply stating you had urged everyone numerous times by various means to increase security measures. Personally, I found out about the breaches from other Firefly users and took steps under my own initiation. Your letters came a couple months after.

Moving forward: We go through the whole process with Worldpay and Trustwave to clear up our breach. Trustwave cleans out our system and we are presented with a list of security measures that need to be taken. I call Firefly/Granbury about getting the process done and the guy said to email the document from Trustwave. Never, ever, received a response – even after numerous phone calls and emails.

About two months later, a new “customer service representative” calls and says his position is to help improve relations and asks if he can be of assistance with anything. I mention the security issue, no one calling me back, etc. and he says he can’t directly do anything but he will try to give the situation a nudge. I also mention I have problems with my server and was told previously Firefly would not support it anymore and would have to purchase a new one. Customer rep says he will relay the info. In the next couple days someone calls from Firefly – not to help with the security issues, but to sell me a new server. I passed considering it did not make sense to do so when I could not get tech support – for which I was paying for $140 a month! So that was it from Firefly until about a month later another “customer service rep” calls and says he is the new guy and what can he do to help. I told him I cannot even get a return call from tech support that I am paying for and so had the monthly support cancelled.

Now I read this post stating how unfortunate it is that all these clients just did not take the necessary steps that were advised. Please.

This is why i didn’t buy their system. Tech Support is so important.

Sorry you’re having such trouble. We’ve had Prism by Microworks for over 6 years and they have amazing customer support. PM me if you want more info.

Legally (based on a flimsy piece of paper) I am not to talk about it in an open forum but long story short they failed so horribly in 2 of my operations so poorly then I had to fight for my money (and still did not recover everything) that push come to shove I would help.

Of course I am not too keen on Revention right now either, and that is with respect to PCI compliance.

Wow. I’ve worked with Firefly in the past, had great experiences. Because of that past, I have been gearing toward Firefly when we get going. Now, not so much reading the horror stories as reading the response by Mr Bronson, and his lack of further follow-up a week later, I’m going to go in other directions.


Vlad/Pirate, I guess the only thing I can say, playing devil’s advocate a little bit, is: Did you hear about the changing laws, the requirements for PCI compliance, etc, at all? It was pretty prominently addressed in the media. Did you take any steps yourself to check on your setup?
Again, not taking the company’s side necessarily, but just curious of what you did yourself?


I told myself I was not even going to look at anything related to Firefly again. But, oh well. It’s funny because Duessa from Firefly posted in one of the threads I created that they would like to speak with me to handle the issues. But I replied to her and never heard a word. Its pathetic how poorly the situation was handled by GRS. When I was in the midst of all the issues I have records of almost 20 phone calls and multiple letters, which resulted in being told that it was completely my fault and I should reimage my hard drives to get rid of any problems or don’t worry, it’s not a big deal. The only way Tom, your customer support manager, would even talk to me was to continuously call through Granbury main offices. Calling Firefly directly got me nowhere with tech support. All Tom, Kim, yourself, or anybody else had to do is call me and say “Hey, you need to upgrade for security reasons to protect yourself” and I would have done it. What about the upgrades to Firefly and PCCharge that I was supposed to be receiving as part of my support plan? I replaced my servers when you told me I needed to, even though it took weeks for you to set them up. Now I have them on a shelf. Would you like me to send those back for a refund? Mr Bronson, how many customers have said, Grs was great with correspondence, they kept my software updated, etc? You were being paid to keep my system updated and not use the same passwords on my system that you used on almost everyone else’s. What was it, about 300 systems that were hacked. I’m have been told by multiple security companies that 99% were Firefly. One of the banks actually called me and said, “You don’t have Firefly Technologies, do you?” Sending out a letter after the fact saying that you sent an email out 2 years ago about router upgrades is just ridiculous. I have yet to talk to someone that received notice that upgrades were needed to maintain PCI Compliance. And I damn sure didn’t receive the email. Seems like something as critical as a security issue would warrant a phone call or certified letter. You did send the CYA letter out certified though, so good job on that. Saying that you are PA-DSS certified is a crock. All that means is that if everybody does their job and all things work exactly as they are supposed to, you might be compliant.I imagine most small business are not PCI compliant for some reason or another. Have you gone through a SAQ D, I am not talking about one from some security assessor that is mostly filled out for you. I bought a POS because I am not an IT guy. There has to be some responsibility on the provider to say “We are PA-DSS certified, but we do x and y to make the system compliant and you need to do z.” I imagine in time Grs will dump Firefly and say the company had problems when they bought it and its not their problem. But, Mr. Bronson, if you want to make it right, let me know.
PS to the original poster, I believe Charles Hoff handled the Radiant Systems case.
At the very least, I think, refunds should be issued for tech support since Granbury took over.
Thanks to anyone that made it this far and sorry for the continuous rants on the subject, I am done.

My, my! I missed these posts for some reason. I, too, thought I was through discussing Firefly but these posts are incredible. I am not sure I have ever seen a company like FireFly/Grandbury. 1. We have multiple locations and we did not receive any information or notices from FireFly until WAY after the fact/problems. We also received the CYO letter “reaffirming” the fact that they had previously sent notices to do certain things. Never happened. This is pure bs. We have also had calls from “new” reps wanting to sell us more systems, etc. and to see how things are going. We actually played the game a couple of times by explaining the history and the compete lack of of tech support. Also got the assurances that they would look into the problems. NEVER got a call back from anyone. Of course we never got calls back when we needed tech support either so at least they are consistent. I have been in the restaurant business for over 40 years and I can honestly say I have never dealt with company so poor, so inefficient, so unreliable, so non-responsive and generally lacking in communication than this one. And then they have the audacity to keep calling and to even post to this board attempting to defend themselves by suggesting they have acted responsibly and that it is the operators here who have caused the problems. How many case histories posted on this board? How many references to banks, auditing companies and security arms of banks that have made mention of the shortcomings of FireFly and yet FireFly keeps coming back attempting to cloak themselves as the maligned party. I would not even have the guts to post to this board if I were FireFly/Granbury. I have yet to see one post from a supporter. Place me in the group that has had to spend thousands of dollars via audits,etc. and an extended visit from the local sheriff’s fraud unit and the FBI who had to do their due diligence causing all sorts of disruption to our business until they cleared us of any wrongdoing. Guess how much help we got from FireFly during all of this?