As of April 1, 2025, all merchants and third-party service providers (TPSPs) involved in processing credit or debit card payments must fully adhere to the enhanced security requirements outlined in the Payment Card Industry...more
Following our recent client alert, learn more about PCI DSS 4.0 coming into effect and its impact on organizations in 2025. Mark Schreiber, Brian Long, and Sam Genovese share further insights from working with clients on...more
The act of predicting what will become the dominating storyline of data privacy and cybersecurity in 2025 is a hazardous enterprise, as one is almost surely to get something wrong. Without fail, every year, regulators and the...more
A critical deadline of March 31, 2025 is upcoming for the full implementation of the new requirements contained in the Payment Card Industry Data Security Standard (PCI DSS) version 4.0....more
DOJ DOUBLES DOWN ON CORPORATE ENFORCEMENT WITH NEW WHISTLEBLOWER PROGRAM - During the 2024 American Bar Association National Institute on White Collar Crime (the 2024 White Collar Conference) earlier in March US Attorney...more
The healthcare industry – particularly the digital health industry – is increasingly becoming monetized and using an e-commerce model through direct interactions with the customer to accept credit card payments. This...more
The automotive industry is experiencing a shift to an e-commerce model through direct interactions with the customer to accept credit card payments. This innovation allows drivers and passengers to make payments for products...more
Most Financial Services Institutions (FSIs) have digital technology at their core. And a primary responsibility for most FSIs is “cyber-connect” customers – be they organizations or individuals – with their money simply and...more
An information security framework, when done properly, will allow any security leader to more intelligently manage their organization's cyber risk. The framework consists of a number of documents that clearly define the...more
When it comes to protecting your organization from cyber threats, Managed Detection and Response (MDR) services are a must. But many businesses overlook the importance of compliance and insurance needs associated with...more
When it comes to providing Managed Detection and Response (MDR) solutions for businesses, the idea of one size fits all is being replaced by the concept of right-sizing. A one-size-fits-all option is a preconfigured security...more
Editor’s Note: On February 15, 2023, HaystackID shared an educational webcast to provide valuable insight into the ways in which AI is being used to address key issues in the realm of privacy and cybersecurity. The expert...more
Last year, the Payment Card Industry Security Standards Council released version 4.0 of its Data Security Standard (PCI DSS 4.0). The new version, which brings major changes to the payments ecosystem and compliance...more
Ransomware is the wolf at the law firm’s door that just won’t go away. In fact, he’s getting bigger and hungrier. Ransomware attacks in recent years are more pernicious, more difficult to prevent, and more expensive to pay...more
State Attorneys General settle with Wawa, Inc. for 2019 data breach that compromised approximately 34 million payment cards used by consumers. On July 26, 2022, Acting New Jersey Attorney General Matthew J. Platkin...more
On March 31, 2022, the Payment Card Industry Security Standards Council published version 4.0 of its PCI Data Security Standard (PCI DSS). The updated standards provide significant new guidance on the scope and applicability...more
Is your business one that has not prioritized compliance with data privacy laws because you do not collect personal data about your customers? If so, you are in good company, but it is time to reframe your approach on data...more
On March 31, 2022, the Payment Card Industry Security Standards Council released version 4.0 of its Data Security Standard (PCI DSS 4.0). The new version—which brings major changes to the payments ecosystem—places an...more
The U.S. government and military experts have been warning U.S. companies that Russia may launch significant cyberattacks against critical infrastructure, financial institutions and businesses in retaliation for the sanctions...more
The French Data Protection Authority’s white paper discusses how companies can comply with data privacy and security obligations. The use of card, contactless, and innovative digital payment solutions has significantly...more
In Connecticut, if you adopt and maintain and comply with written cybersecurity program that contains administrative, technical and physical safeguards for the protection of personal or restricted information and that...more
Online retailers storing credit card data for the sole purpose of facilitating further purchases will likely need to obtain consumer consent. Online shopping has boomed in recent years. In 2020, the European statistics...more
Back in November, I wrote on this blog about Big Data being one of the challenges that is forcing technology to move more to the data sooner in the discovery process. One of the most notable fun facts that illustrate just how...more
As many businesses and organizations adapt to the impact of COVID-19 on their operations, the systems and data security risks they face continue to increase and must be an area of focus in all planning for COVID-19. While...more
In this part of our briefing series, we cover how prior regulatory enforcement action affects the assessment of sanctions and some pitfalls associated with undertaking internal security audits. Who is this relevant for?...more