Craig Hoffman

Craig Hoffman


Contact  |  View Bio  |  RSS

Latest Publications


EMV Liability Shift Update – What Liability Actually Shifts?

With the October 1, 2015 liability shift deadline looming, merchants who have not yet made the change continue to evaluate the cost of accepting EMV cards versus the liability that will shift from the issuer to the merchant...more

8/21/2015 - American Express Credit Cards Data Privacy Debit Cards EMV Financial Services Industry Fraud Payment Processors Payment Systems Point of Sale Terminals Professional Liability Visa Inc

Explaining the Implications for Merchants of EMV and the Liability Shift

The EMV liability shift is coming. Sounds ominous, but what does it really mean? And how can retailers and merchants determine the potential impact of the shift on their business? Like many issues in the payment card...more

5/19/2015 - Debit and Credit Card Transactions EMV Liability Payment Processors Retailers

The BakerHostetler Data Security Incident Response Report 2015

The rate of disclosures of security incidents in 2015 continues at a pace that caused many to call 2013 and then 2014 “the year of the breach.” Most incidents are described publicly with attention-grabbing terms such as...more

5/13/2015 - Annual Reports Best Management Practices Cybersecurity Data Breach Data Protection Risk Assessment Risk Mitigation

2015 BakerHostetler Incident Response Report Deeper Dive—Retailer Liability Arising from Stolen Payment Cards

We released the inaugural BakerHostetler Data Security Incident Response Report, which provides insights generated from the review of more than 200 incidents that our attorneys advised on in 2014. Over the next four weeks, we...more

5/13/2015 - Credit Cards Data Breach Debit Cards Encryption Liability PCI-DSS Standard Retailers

Cybersecurity is a Real Risk, So Become “Compromise Ready”

Many have heard that “it is not a matter of if a company will be attacked, but when.” Statements like this used to be met with skepticism – companies would say we do not have information hackers want, we outsource our...more

4/30/2015 - Best Practices Corporate Counsel Cyber Threats Cybersecurity Popular Risk Assessment Risk Mitigation Security and Privacy Controls

Dear Lawmakers, Your New Breach Notice Laws Should Address These Issues

The days of companies being so afraid of the reputational impact of a breach that they would look for any way possible to avoid disclosure are gone. The pendulum has swung in the opposite direction. Now companies, often in...more

1/21/2015 - Breach Notification Rule Data Breach Legislative Agendas

Ruling Gives New Life to Bank Claims Against Breached Retailers in Target Case

One common occurrence after the disclosure by a retailer of a breach affecting card present payment card data used to be the filing of claims by banks that issued payment cards affected by the incident. The banks bringing the...more

12/4/2014 - Banks Data Breach Debit and Credit Card Transactions Fraudulent Charges Negligence Putative Class Actions Retailers Target

FCC Plans $10 Million Cybersecurity Fine Against Two Telecoms

On October 24, 2014, the Federal Communication Commission (“FCC”) took a big step into the cybersecurity regulatory space when it announced its intent to assess a $10 million fine against two telecoms, TerraCom and YourTel...more

10/31/2014 - Civil Monetary Penalty Cybersecurity FCC Fines Privacy Policy Telecommunications

Why Worry About a Little Skimmer?

Merchants—rightfully so—are worried about securing their payment card environments so that their name does not appear in a headline discussing how millions of cards were stolen from them. Faced with the challenge of...more

9/18/2014 - Corporate Liability Data Collection Debit and Credit Card Transactions Marketing Mobile Payments Personally Identifiable Information Retailers

Secret Service Raises Warning About Backoff POS Malware

The Secret Service, which investigates financial crimes, issued a security Alert on July 31, 2014, warning of malware named “Backoff” that was being used to steal payment card data from point-of-sale (POS) systems. The Alert...more

8/25/2014 - Cyber Attacks Cybersecurity Data Protection Debit and Credit Card Transactions Malware Passwords Point of Sale Terminals Popular Risk Alert

New Guidance for Merchants on Ensuring that Service Providers Share Security Responsibility

For merchants, long gone are the days of using a card reader with a dial-up connection to their payment processor. Today’s omni-channel retailers rely on multiple third party service providers to complete payment card...more

8/19/2014 - Data Protection Debit and Credit Card Transactions Mobile Payments Online Payments PCI Personally Identifiable Information Retailers

What’s Old is New Again—Insecure Remote Access

When a merchant is suspected of being the victim of an account data compromise event, they are often required by the card brands to hire a Payment Card Industry Forensic Investigator (PFI). The PFI provides a report on the...more

7/23/2014 - Credit Cards Data Breach Data Protection Point of Sale Terminals

What is “Expedient” Notification of a “Data Breach?”

One of the first questions companies ask us when we are hired to help them respond to a new security incident is how fast they have to notify if the investigation shows that a “breach” occurred. Except for a couple of states...more

2/13/2014 - Breach Notification Rule Compliance Data Breach Data Protection Employer Liability Issues

Visa Loses Motion to Dismiss in Genesco Case - Are the Days for PCI Assessments Numbered?

In a highly anticipated decision, a federal court in Tennessee let stand a retailer’s claims against Visa for violation of California’s Unfair Competition Law (UCL) and for common law claims for unjust enrichment and...more

7/30/2013 - Data Breach Data Theft Fines Motion to Dismiss PCI Restitution Unfair Competition Unjust Enrichment Visa Inc

APT Threat Report Shows Cybersecurity Risks Not Limited to Identity Theft

We often talk to companies who believe they are an unlikely target for hackers because they do not have financial account information, Social Security numbers, or medical information. However, personal information is not the...more

2/22/2013 - China Critical Infrastructure Sectors Cyber Attacks Cyber Espionage Cybersecurity Cybersecurity Framework Identity Theft Trade Secrets

Magistrate Recommends Dismissal with Prejudice of Claims Against Global Payments

Global Payments, which processes credit card transactions, announced on March 30, 2012 that an unauthorized person gained access to a portion of its processing system. Global Payments later disclosed that Track 2 data (card...more

2/20/2013 - Article III Breach of Implied Contract Credit Cards Dismissal With Prejudice FCRA Fraudulent Charges Personally Identifiable Information Putative Class Actions Standing Stored Communications Act Theft Unfair or Deceptive Trade Practices

Do Merchants That Outsource Payment Processing Still Have Risk From a Breach?

Last week a small New England bakery announced that its point-of-sale (POS) devices were infected with malware that may have put card data at risk....more

2/11/2013 - Credit Cards Cybersecurity Data Breach Data Protection Debit and Credit Card Transactions Notice Requirements Notifications PCI

FTC Announces New COPPA Enforcement Action & Mobile Privacy Staff Report

Authorship credit: Michael Young At a press conference this morning, outgoing FTC Chairman Jon Leibowitz announced an $800,000 settlement of its recent enforcement action against Path, the operator of a social networking...more

2/4/2013 - Consent COPPA Data Collection FTC Mobile Apps Path Inc. Social Media

Proposed FFIEC Guidance on Financial Institution Social Media Use

The Federal Financial Institutions Examination Council (FFIEC) released for comment on January 17 its proposed Social Media: Consumer Compliance Risk Management Guidance. There is a 60-day comment period. The purpose of the...more

1/24/2013 - CFPB Compliance FFIEC Risk Management Social Media

2012 Payments Systems Year-in-Review

The interchange fee and the potential of mobile payments were the dominant payment system issues in 2012. From a landmark antitrust settlement to seemingly daily announcements of a new prepaid or mobile payment product, there...more

12/29/2012 - CFPB Debit and Credit Card Transactions Durbin Amendment Rules EMV ETFs EU FCC FDIC FTC Interchange Fees Mobile Payments Point of Sale Terminals Prepaid Payment Products

Bank Agrees to Reimburse Company for Funds Taken Through Online Bank Account Theft

We reported in July on a First Circuit Court of Appeals decision finding that a bank failed to implement commercially reasonable security methods to prevent unauthorized transfers by a criminal that gained the online banking...more

12/6/2012 - Bank Security Procedures Data Breach Data Protection Financial Institution Liability Hackers

21 Results
View per page
Page: of 1

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.