Consumer Finance Monitor Podcast Episode: What Banking Leaders Need to Know About the U.S. Supreme Court Ruling That the CFPB’s Funding Mechanism is Constitutional Part I
Exploring the Potential of Georgia's Merchant Acquirer Limited Purpose Bank Charter — Payments Pros: The Payments Law Podcast
Consumer Finance Monitor Podcast Episode: Understanding the Credit Card Competition Act a/k/a Durbin 2.0
Analyzing the Credit Card Competition Act of 2023 - Payments Pros: The Payments Law Podcast
Rewards Programs and Co-Brand Relationships Between Credit Card Issuers and Merchants - The Consumer Finance Podcast
CFPB’s Increasingly Active Interest in Credit Reporting - FCRA Focus Podcast
A critical deadline of March 31, 2025 is upcoming for the full implementation of the new requirements contained in the Payment Card Industry Data Security Standard (PCI DSS) version 4.0....more
Join members of McDermott’s Global Privacy & Cybersecurity team and Alan Gutierrez-Arana of Mazars for the next installment in our PCI DSS 4.0 series. PCI DSS 4.0 brings major changes to payments with an increased focus on...more
Last week, in a 26-page opinion, the 11th U.S. Circuit Court of Appeals weighed in on two questions crucial to the viability of privacy and data breach litigation in federal court—and perhaps even in general. First, does a...more
The travel giant Sabre Corp. has reached an agreement with multiple State Attorneys General to pay $2.4 million and make certain changes in its cybersecurity policies to settle a multi-state investigation into a 2017 data...more
The French Data Protection Authority, CNIL, issues guidance on credit card data in remote transactions: Merchants who collect credit card detail to facilitate a transaction, need the consent of their customers to keep...more
Class Actions - Plaintiffs Seek Approval for $4.3 Million Settlement With Sonic in Credit Card Data Breach Suit • Following a variety of lawsuits against fast food chain Sonic Drive-In related to a 2017 credit card data...more
Takeaway: Data breaches are now a fact of life, whether for card-carrying consumers or commercial entities that are either victims of hacking or otherwise required to deal with the consequences. Class action litigation often...more
The Equifax breach is not the biggest in terms of the number of people affected (the 2016 Yahoo breach compromised data associated with over 500 million user accounts compared to the 143 million people affected by the Equifax...more
On September 7, 2017, Equifax, one of the three large credit reporting bureaus, announced a cybersecurity incident impacting approximately 143 million U.S. consumers. According to Equifax, the breach occurred mid-May through...more
On December 28, 2016, the New York Department of Financial Services ("DFS") released a revised version of a proposed regulation that would require banks, insurance companies, and other financial services institutions...more
The $10 million settlement class in the Target data breach case was unraveled by the Eighth Circuit Court of Appeals in a recent decision that will force the district court to address the impact of the Supreme Court’s...more
Credit cards are the primary form of payment received by most retailers. In order to process a credit card, a retailer must enter into an agreement with a bank and a payment processor. Payment processing agreements often have...more
The tally of records breached in 2016 (through November) globally was over 2.1 billion, according to IT Governance. With the announcement yesterday of Yahoo’s breach of another 1 billion records, that tally is now up to 3.1...more
Cybersecurity should always be at the top of any retailer’s priority list—and even more so as the holiday shopping season gets underway. To that end, the Federal Trade Commission’s newly-released Data Breach Response...more
A California federal judge has ruled that a former Uber driver who is suing Uber in a proposed class action case was unable to show that he suffers an immediate threat of identity theft and dismissed the driver’s first...more
Many of the largest retailer data security breaches have been caused or enabled by the acts or omissions of retailers’ vendors, such as the widely publicized incident at Target Corporation. Several such breaches occurred...more
American Thrift Stores announced this week that like other retailers, it has been hit with a security breach “that occurred through software used by a third-party service provider” that allowed “criminals from Easter Europe”...more
A security event involving payment card data, especially card present data, can be one of the most costly events a company may face. Not only did a recent study report the average total cost of a data breach as $3.8 million,...more
Trump Hotel Collection, the high-end hotel chain owned by the billionaire Republican presidential hopeful and real estate developer Donald Trump, has confirmed a data security breach involving malware that the company says...more
As we head into the end of 2015, state legislators across the country continue to strengthen, update and, in some instances, broaden the scope of their respective state data breach notification laws. Specifically, many...more
In 2014, the United States Court of Appeals for the Third Circuit ruling in FTC v. Wyndham Worldwide Corporation agreed to hear an immediate appeal on two issues: “whether the FTC has authority to regulate cybersecurity under...more
Hardly a week goes by without a news report of a new cyberattack. As any consumer affected by fraud knows, the harm is real. The impact on businesses, government, and other targets is also real, and includes monetary harm...more
On August 24, 2015, the Third Circuit Court of Appeals issued a much-awaited decision in FTC v. Wyndham Worldwide Corporation, holding that the Federal Trade Commission (FTC) has authority to regulate “unfair” or “deceptive”...more
Companies can be fined by the federal government for failing to properly safeguard consumer data, according to a decision this week by Pennsylvania's federal appellate court....more
Since at least 2005, the Federal Trade Commission has asserted that it may regulate lax data security practices as an “unfair” business practice under Section 5 of the FTC Act. The Wyndham hotel chain was the first to...more