A forensic investigation by a security firm often does (and should) drive decision-making in response to an incident. Because the work of a security firm usually drives the critical path of a response, companies can become...more
With the October 1, 2015 liability shift deadline looming, merchants who have not yet made the change continue to evaluate the cost of accepting EMV cards versus the liability that will shift from the issuer to the merchant...more
8/21/2015
/ American Express ,
Credit Cards ,
Data Privacy ,
Debit Cards ,
EMV ,
Financial Institutions ,
Fraud ,
Payment Processors ,
Payment Systems ,
Point of Sale Terminals ,
Professional Liability ,
Visa Inc
The EMV liability shift is coming. Sounds ominous, but what does it really mean? And how can retailers and merchants determine the potential impact of the shift on their business? Like many issues in the payment card...more
The rate of disclosures of security incidents in 2015 continues at a pace that caused many to call 2013 and then 2014 “the year of the breach.” Most incidents are described publicly with attention-grabbing terms such as...more
We released the inaugural BakerHostetler Data Security Incident Response Report, which provides insights generated from the review of more than 200 incidents that our attorneys advised on in 2014. Over the next four weeks, we...more
Many have heard that “it is not a matter of if a company will be attacked, but when.” Statements like this used to be met with skepticism – companies would say we do not have information hackers want, we outsource our...more
The days of companies being so afraid of the reputational impact of a breach that they would look for any way possible to avoid disclosure are gone. The pendulum has swung in the opposite direction. Now companies, often in...more
One common occurrence after the disclosure by a retailer of a breach affecting card present payment card data used to be the filing of claims by banks that issued payment cards affected by the incident. The banks bringing the...more
On October 24, 2014, the Federal Communication Commission (“FCC”) took a big step into the cybersecurity regulatory space when it announced its intent to assess a $10 million fine against two telecoms, TerraCom and YourTel...more
Merchants—rightfully so—are worried about securing their payment card environments so that their name does not appear in a headline discussing how millions of cards were stolen from them. Faced with the challenge of...more
The Secret Service, which investigates financial crimes, issued a security Alert on July 31, 2014, warning of malware named “Backoff” that was being used to steal payment card data from point-of-sale (POS) systems. The Alert...more
For merchants, long gone are the days of using a card reader with a dial-up connection to their payment processor. Today’s omni-channel retailers rely on multiple third party service providers to complete payment card...more
When a merchant is suspected of being the victim of an account data compromise event, they are often required by the card brands to hire a Payment Card Industry Forensic Investigator (PFI). The PFI provides a report on the...more
One of the first questions companies ask us when we are hired to help them respond to a new security incident is how fast they have to notify if the investigation shows that a “breach” occurred. Except for a couple of states...more
In a highly anticipated decision, a federal court in Tennessee let stand a retailer’s claims against Visa for violation of California’s Unfair Competition Law (UCL) and for common law claims for unjust enrichment and...more
We often talk to companies who believe they are an unlikely target for hackers because they do not have financial account information, Social Security numbers, or medical information. However, personal information is not the...more
Global Payments, which processes credit card transactions, announced on March 30, 2012 that an unauthorized person gained access to a portion of its processing system. Global Payments later disclosed that Track 2 data (card...more
2/20/2013
/ Article III ,
Breach of Implied Contract ,
Credit Cards ,
Dismissal With Prejudice ,
Fair Credit Reporting Act (FCRA) ,
Fraudulent Charges ,
Personally Identifiable Information ,
Putative Class Actions ,
Standing ,
Stored Communications Act ,
Theft ,
Unfair or Deceptive Trade Practices
Last week a small New England bakery announced that its point-of-sale (POS) devices were infected with malware that may have put card data at risk....more
Authorship credit: Michael Young
At a press conference this morning, outgoing FTC Chairman Jon Leibowitz announced an $800,000 settlement of its recent enforcement action against Path, the operator of a social networking...more
The Federal Financial Institutions Examination Council (FFIEC) released for comment on January 17 its proposed Social Media: Consumer Compliance Risk Management Guidance. There is a 60-day comment period. The purpose of the...more
The interchange fee and the potential of mobile payments were the dominant payment system issues in 2012. From a landmark antitrust settlement to seemingly daily announcements of a new prepaid or mobile payment product, there...more
12/29/2012
/ Consumer Financial Protection Bureau (CFPB) ,
Debit and Credit Card Transactions ,
Durbin Amendment Rules ,
EMV ,
ETFs ,
EU ,
FCC ,
FDIC ,
Federal Trade Commission (FTC) ,
Interchange Fees ,
Mobile Payments ,
Point of Sale Terminals ,
Prepaid Payment Products
We reported in July on a First Circuit Court of Appeals decision finding that a bank failed to implement commercially reasonable security methods to prevent unauthorized transfers by a criminal that gained the online banking...more