As of April 1, 2025, all merchants and third-party service providers (TPSPs) involved in processing credit or debit card payments must fully adhere to the enhanced security requirements outlined in the Payment Card Industry...more
A critical deadline of March 31, 2025 is upcoming for the full implementation of the new requirements contained in the Payment Card Industry Data Security Standard (PCI DSS) version 4.0....more
The healthcare industry – particularly the digital health industry – is increasingly becoming monetized and using an e-commerce model through direct interactions with the customer to accept credit card payments. This...more
The automotive industry is experiencing a shift to an e-commerce model through direct interactions with the customer to accept credit card payments. This innovation allows drivers and passengers to make payments for products...more
State Attorneys General settle with Wawa, Inc. for 2019 data breach that compromised approximately 34 million payment cards used by consumers. On July 26, 2022, Acting New Jersey Attorney General Matthew J. Platkin...more
On March 31, 2022, the Payment Card Industry Security Standards Council released version 4.0 of its Data Security Standard (PCI DSS 4.0). The new version—which brings major changes to the payments ecosystem—places an...more
Online retailers storing credit card data for the sole purpose of facilitating further purchases will likely need to obtain consumer consent. Online shopping has boomed in recent years. In 2020, the European statistics...more
The Payment Card Industry Security Standards Council (PCI SSC) has issued a new Software Security Framework for secure payment software. The new framework includes both a Secure Software Standard and Secure Software Life...more
Credit cards are the primary form of payment received by most retailers. In order to process a credit card a retailer must enter into an agreement with a bank and a payment processor (a “Payment processing agreement”)....more
For most retailers credit cards are the primary form in which payments are made. Accepting credit cards, however, carries significant data security risks and potential legal liability. ...more
For most retailers their primary source of revenue comes from credit card transactions. In order to accept credit cards, a retailer must enter into a contractual agreement with a payment processor and a merchant bank....more
Retailers that accept credit cards are typically required by the payment card brands to show that they are in compliance with the Payment Card Industry Data Security Standards or “PCI DSS” at least once a year. How a...more
For most retailers the primary source of revenue comes from credit card transactions. In order to accept credit cards, a retailer must enter into a contractual agreement with a payment processor and a merchant bank....more
In the internet of things (IoT), new opportunities for efficiency continually bring new cyber risk. If a device in your winery or vineyard connects to the internet, it is vulnerable. And so is the rest of the system connected...more
As businesses and financial institutions grapple with data security in the wake of high profile breaches, tensions between retailers and the credit card industry over the creation and implementation of security standards...more
Retailers that accept credit cards are typically required by the payment card brands to show that they are in compliance with the Payment Card Industry Data Security Standards or “PCI DSS” at least once a year. How a retailer...more
On Monday, March 7 the Federal Trade Commission (FTC) issued a press release announcing that it had issued Orders to nine Qualified Security Assessor (QSA) companies, which are certified to assess whether or not entities...more
The Federal Trade Commission (FTC) issued orders to 9 companies at the beginning of this week, seeking information on how each company conducts Payment Card Industry Data Security Standards (PCI DSS) compliance assessments....more
Earlier this week, the FTC issued orders to nine credit card and payment security auditors in an effort to gain insight into data security compliance auditing and its role in protecting consumers’ information and privacy....more
The Federal Trade Commission (FTC) has issued orders to obtain information about the process by which businesses audit their compliance with the Payment Card Industry Data Security Standards (PCI DSS) and the role of such...more
Many of the largest retailer data security breaches have been caused or enabled by the acts or omissions of retailers’ vendors, such as the widely publicized incident at Target Corporation. Several such breaches occurred...more
On October 1, 2015 the major payment card companies instituted the EMV Liability Shift in an effort to incentivize card issuers and merchants to migrate to using payment cards with embedded chips (“chip cards”) according to...more
We released the inaugural BakerHostetler Data Security Incident Response Report, which provides insights generated from the review of more than 200 incidents that our attorneys advised on in 2014. Over the next four weeks, we...more
Last week, the Payment Card Industry Security Standards Council released new guidelines related to the security of tokenization products. The guidelines are a set of technical best practices for evaluating tokenization...more
On Friday, February 13, 2015, the Payment Cards Industry (PCI) Security Standards Council (Council) posted a bulletin to its website, becoming the first regulatory body to publicly pronounce that Secure Socket Layers (SSL)...more