Craig Hoffman

Craig Hoffman

BakerHostetler

Contact  |  View Bio  |  RSS

Latest Publications

Share:

Ruling Gives New Life to Bank Claims Against Breached Retailers in Target Case

One common occurrence after the disclosure by a retailer of a breach affecting card present payment card data used to be the filing of claims by banks that issued payment cards affected by the incident. The banks bringing the...more

12/4/2014 - Banks Data Breach Debit and Credit Card Transactions Fraudulent Charges Negligence Putative Class Actions Retailers Target

FCC Plans $10 Million Cybersecurity Fine Against Two Telecoms

On October 24, 2014, the Federal Communication Commission (“FCC”) took a big step into the cybersecurity regulatory space when it announced its intent to assess a $10 million fine against two telecoms, TerraCom and YourTel...more

10/31/2014 - Civil Monetary Penalty Cybersecurity FCC Fines Privacy Policy Telecommunications

Why Worry About a Little Skimmer?

Merchants—rightfully so—are worried about securing their payment card environments so that their name does not appear in a headline discussing how millions of cards were stolen from them. Faced with the challenge of...more

9/18/2014 - Corporate Liability Data Collection Debit and Credit Card Transactions Marketing Mobile Payments Personally Identifiable Information Retailers

Secret Service Raises Warning About Backoff POS Malware

The Secret Service, which investigates financial crimes, issued a security Alert on July 31, 2014, warning of malware named “Backoff” that was being used to steal payment card data from point-of-sale (POS) systems. The Alert...more

8/25/2014 - Cyber Attacks Cybersecurity Data Protection Debit and Credit Card Transactions Malware Passwords Point of Sale Terminals Popular Risk Alert

New Guidance for Merchants on Ensuring that Service Providers Share Security Responsibility

For merchants, long gone are the days of using a card reader with a dial-up connection to their payment processor. Today’s omni-channel retailers rely on multiple third party service providers to complete payment card...more

8/19/2014 - Data Protection Debit and Credit Card Transactions Mobile Payments Online Payments PCI Personally Identifiable Information Retailers

What’s Old is New Again—Insecure Remote Access

When a merchant is suspected of being the victim of an account data compromise event, they are often required by the card brands to hire a Payment Card Industry Forensic Investigator (PFI). The PFI provides a report on the...more

7/23/2014 - Credit Cards Data Breach Data Protection Point of Sale Terminals

What is “Expedient” Notification of a “Data Breach?”

One of the first questions companies ask us when we are hired to help them respond to a new security incident is how fast they have to notify if the investigation shows that a “breach” occurred. Except for a couple of states...more

2/13/2014 - Breach Notification Rule Compliance Data Breach Data Protection Employer Liability Issues

Visa Loses Motion to Dismiss in Genesco Case - Are the Days for PCI Assessments Numbered?

In a highly anticipated decision, a federal court in Tennessee let stand a retailer’s claims against Visa for violation of California’s Unfair Competition Law (UCL) and for common law claims for unjust enrichment and...more

7/30/2013 - Data Breach Data Theft Fines Motion to Dismiss PCI Restitution Unfair Competition Unjust Enrichment Visa Inc

APT Threat Report Shows Cybersecurity Risks Not Limited to Identity Theft

We often talk to companies who believe they are an unlikely target for hackers because they do not have financial account information, Social Security numbers, or medical information. However, personal information is not the...more

2/22/2013 - China Critical Infrastructure Sectors Cyber Attacks Cyber Espionage Cybersecurity Cybersecurity Framework Identity Theft Trade Secrets

Magistrate Recommends Dismissal with Prejudice of Claims Against Global Payments

Global Payments, which processes credit card transactions, announced on March 30, 2012 that an unauthorized person gained access to a portion of its processing system. Global Payments later disclosed that Track 2 data (card...more

2/20/2013 - Article III Breach of Implied Contract Credit Cards Dismissal With Prejudice FCRA Fraudulent Charges Personally Identifiable Information Putative Class Actions Standing Stored Communications Act Theft Unfair or Deceptive Trade Practices

Do Merchants That Outsource Payment Processing Still Have Risk From a Breach?

Last week a small New England bakery announced that its point-of-sale (POS) devices were infected with malware that may have put card data at risk....more

2/11/2013 - Credit Cards Cybersecurity Data Breach Data Protection Debit and Credit Card Transactions Notice Requirements Notifications PCI PFI

FTC Announces New COPPA Enforcement Action & Mobile Privacy Staff Report

Authorship credit: Michael Young At a press conference this morning, outgoing FTC Chairman Jon Leibowitz announced an $800,000 settlement of its recent enforcement action against Path, the operator of a social networking...more

2/4/2013 - Consent COPPA Data Collection FTC Mobile Apps Path Inc. Social Media

Proposed FFIEC Guidance on Financial Institution Social Media Use

The Federal Financial Institutions Examination Council (FFIEC) released for comment on January 17 its proposed Social Media: Consumer Compliance Risk Management Guidance. There is a 60-day comment period. The purpose of the...more

1/24/2013 - CFPB Compliance FFIEC Risk Management Social Media

2012 Payments Systems Year-in-Review

The interchange fee and the potential of mobile payments were the dominant payment system issues in 2012. From a landmark antitrust settlement to seemingly daily announcements of a new prepaid or mobile payment product, there...more

12/29/2012 - CFPB Debit and Credit Card Transactions Durbin Amendment Rules EMV ETFs EU FCC FDIC FTC Interchange Fees Mobile Payments Point of Sale Terminals Prepaid Payment Products

Bank Agrees to Reimburse Company for Funds Taken Through Online Bank Account Theft

We reported in July on a First Circuit Court of Appeals decision finding that a bank failed to implement commercially reasonable security methods to prevent unauthorized transfers by a criminal that gained the online banking...more

12/6/2012 - Bank Security Procedures Data Breach Data Protection Financial Institution Liability Hackers

15 Results
|
View per page
Page: of 1