Consumer Finance Monitor Podcast Episode: What Banking Leaders Need to Know About the U.S. Supreme Court Ruling That the CFPB’s Funding Mechanism is Constitutional Part I
Exploring the Potential of Georgia's Merchant Acquirer Limited Purpose Bank Charter — Payments Pros: The Payments Law Podcast
Consumer Finance Monitor Podcast Episode: Understanding the Credit Card Competition Act a/k/a Durbin 2.0
Analyzing the Credit Card Competition Act of 2023 - Payments Pros: The Payments Law Podcast
Rewards Programs and Co-Brand Relationships Between Credit Card Issuers and Merchants - The Consumer Finance Podcast
CFPB’s Increasingly Active Interest in Credit Reporting - FCRA Focus Podcast
The New York and Pennsylvania AGs settlement with Herff Jones from late last year provides guidance to businesses about expected security measures as we enter into 2023. The case arose after Herff Jones, producer and seller...more
State Attorneys General settle with Wawa, Inc. for 2019 data breach that compromised approximately 34 million payment cards used by consumers. On July 26, 2022, Acting New Jersey Attorney General Matthew J. Platkin...more
To establish credibility for their new criminal marketplace, cyber criminals have posted details on over 1,000,000 credit cards, stolen between 2018 and 2019, including card number, CVV number, name and address on the dark...more
Last week, in a 26-page opinion, the 11th U.S. Circuit Court of Appeals weighed in on two questions crucial to the viability of privacy and data breach litigation in federal court—and perhaps even in general. First, does a...more
The travel giant Sabre Corp. has reached an agreement with multiple State Attorneys General to pay $2.4 million and make certain changes in its cybersecurity policies to settle a multi-state investigation into a 2017 data...more
Not to say, I told you so, but around the same time that the Capital One data breach occurred, I was reminding clients that nearly half of all significant data breaches or cyber-incidents occur because of internal actors. ...more
Class Actions - Plaintiffs Seek Approval for $4.3 Million Settlement With Sonic in Credit Card Data Breach Suit • Following a variety of lawsuits against fast food chain Sonic Drive-In related to a 2017 credit card data...more
For most retailers credit cards are the primary form in which payments are made. Accepting credit cards, however, carries significant data security risks and potential legal liability. ...more
Takeaway: Data breaches are now a fact of life, whether for card-carrying consumers or commercial entities that are either victims of hacking or otherwise required to deal with the consequences. Class action litigation often...more
The Equifax breach is not the biggest in terms of the number of people affected (the 2016 Yahoo breach compromised data associated with over 500 million user accounts compared to the 143 million people affected by the Equifax...more
On September 7, 2017, Equifax, one of the three large credit reporting bureaus, announced a cybersecurity incident impacting approximately 143 million U.S. consumers. According to Equifax, the breach occurred mid-May through...more
As we head into the new week, here’s a quick summary of major data security developments from around the country. Aetna Hit With Second “Envelope” Lawsuit - Aetna Inc. is now facing a second lawsuit over the disclosure...more
On December 28, 2016, the New York Department of Financial Services ("DFS") released a revised version of a proposed regulation that would require banks, insurance companies, and other financial services institutions...more
The $10 million settlement class in the Target data breach case was unraveled by the Eighth Circuit Court of Appeals in a recent decision that will force the district court to address the impact of the Supreme Court’s...more
Credit cards are the primary form of payment received by most retailers. In order to process a credit card, a retailer must enter into an agreement with a bank and a payment processor. Payment processing agreements often have...more
The tally of records breached in 2016 (through November) globally was over 2.1 billion, according to IT Governance. With the announcement yesterday of Yahoo’s breach of another 1 billion records, that tally is now up to 3.1...more
Cybersecurity should always be at the top of any retailer’s priority list—and even more so as the holiday shopping season gets underway. To that end, the Federal Trade Commission’s newly-released Data Breach Response...more
On September 23, 2016, New York Attorney General Eric T. Schneiderman announced a settlement with Trump International Hotels Management LLC, d/b/a Trump Hotel Collection (“THC”), imposing $50,000 in penalties and ongoing...more
The Payment Card Industry (PCI) Security Standards Council (PCI Council) released Version 3.2 of the PCI Data Security Standard (PCI DSS), containing several new requirements for merchants, acquirers, and other entities that...more
The best way to handle any emergency is to be prepared. When it comes to data breaches, incident response plans are the first step organizations take to prepare. Furthermore, many organizations are required to maintain one....more
One of the great scourges for retail companies in the digital age has been the ever-present threat of massive data breaches by hackers attempting to steal millions of consumers ’debit and credit card information. In...more
Retailers that accept credit cards are typically required by the payment card brands to show that they are in compliance with the Payment Card Industry Data Security Standards or “PCI DSS” at least once a year. How a retailer...more
Earlier this week, the FTC issued orders to nine credit card and payment security auditors in an effort to gain insight into data security compliance auditing and its role in protecting consumers’ information and privacy....more
A California federal judge has ruled that a former Uber driver who is suing Uber in a proposed class action case was unable to show that he suffers an immediate threat of identity theft and dismissed the driver’s first...more
Many of the largest retailer data security breaches have been caused or enabled by the acts or omissions of retailers’ vendors, such as the widely publicized incident at Target Corporation. Several such breaches occurred...more