On March 31, 2022, the Payment Card Industry Security Standards Council published version 4.0 of its PCI Data Security Standard (PCI DSS). The updated standards provide significant new guidance on the scope and applicability...more
As of January 1, 2020, California became the first state to permit residents whose personal information is exposed in a data breach to seek statutory damages between $100-$750 per incident, even in the absence of any actual...more
Retailers are still feeling the pain from implementing EMV-compliant POS systems. An article by Kate Fitzgerald in the PaymentsSource Technology newsletter (August 8, 2017) caught our eye....more
In April, 2016, the Payment Card Industry Security Standards Council published a new version of the PCI Data Security Standard (PCI DSS). PCI DSS Version 3.2 is intended to emphasize the importance of validating the...more
The Payment Card Industry Security Standards Council (PCI SSC) has released a new version of its data security standard for the protection of cardholder data, the Payment Card Industry Data Security Standard (PCI DSS). PCI...more
On December 24, 2015, Nevada casino owner Affinity Gaming filed suit against Trustwave in federal district court, alleging that Trustwave failed to contain and remediate a data breach at Affinity Gaming. ...more
Increasingly, companies are raising questions about PCI-DSS and its applicability to their businesses. This Legal Alert summarizes the basic aspects of PCI-DSS and its application....more
What card payment rules must a retailer operating in the United States follow? MS: When a merchant uses, transmits, stores or outsources the credit card function, it is subject to a number of rules in the U.S.,...more
On October 1, 2015 the major payment card companies instituted the EMV Liability Shift in an effort to incentivize card issuers and merchants to migrate to using payment cards with embedded chips (“chip cards”) according to...more