We are now seeing a potential trend where states are incentivizing companies through the creation of safe harbors to improve their cybersecurity posture, instead of penalizing them after a breach of personal information. Utah...more
Keypoint: New Utah law creates incentive for businesses to develop and implement a written cybersecurity program to protect themselves against data breach lawsuits. On March 11, 2021, Utah governor Spencer Cox signed the...more
COVID-19 has caused more employees to work remotely or at home, presenting cybersecurity challenges to organizations in the payments industry. PCI Security Standards Council has issued best practices to secure and protect...more
The shockwaves continue from the October 6, 2015 ruling of the Court of Justice of the European Union (CJEU), the European Union’s highest court, invalidating the U.S.-EU “Safe Harbor” data transfer regime in a controversy...more
On September 29, 2015, the PCI Security Standards Council (“PCI SSC”) issued a press release and accompanying guidance to businesses for incident response management in the event of a data breach. PCI SSC is a global forum...more
A security event involving payment card data, especially card present data, can be one of the most costly events a company may face. Not only did a recent study report the average total cost of a data breach as $3.8 million,...more
For merchants, long gone are the days of using a card reader with a dial-up connection to their payment processor. Today’s omni-channel retailers rely on multiple third party service providers to complete payment card...more
On August 7, 2014 the PCI Security Standards Council issued new guidance to supplement PCI DSS Requirement 3.0 and help organizations reduce the risks associated with entrusting third-party service providers (“TPSPs”) with...more
In the past, critics of the Payment Card Industry (PCI) Data Security Standard (DSS) have alleged that the DSS requirements either (1) provide little more than a minimal baseline for security with a “check-the-box” compliance...more
In August 2013, the Payment Card Industry (PCI) Security Standards Council released Highlights of new versions of the Data Security Standard (DSS) and Payment-Application Data Security Standard (PA-DSS). The Council is...more
Last week a small New England bakery announced that its point-of-sale (POS) devices were infected with malware that may have put card data at risk....more
Mobile point-of-sale payment terminals have experienced explosive growth over the past year. Unlike a traditional point-of-sale terminal, a mobile terminal communicates wirelessly when processing payment cards. There are...more