Yesterday, the Consumer Financial Protection Bureau (CFPB) released an interpretive rule stating that “Buy Now, Pay Later” (BNPL) providers are “card issuers” and “creditors” under the federal Truth in Lending Act (TILA) and...more
Last week, in a 26-page opinion, the 11th U.S. Circuit Court of Appeals weighed in on two questions crucial to the viability of privacy and data breach litigation in federal court—and perhaps even in general. First, does a...more
The CFPB’s fourth biennial report on the credit card market was issued at the end of August. The Credit Card Accountability Responsibility and Disclosure Act of 2009 (CARD Act) requires the CFPB to perform periodic market...more
The payment market in Israel and around the world is marching toward revolution: Facebook announced the launch of its digital currency, the Libra; Le’umi Bank entered into agreements with 400 businesses for acceptance of...more
This week, in Siglin v. Sixt Rent A Car, LLC, 18-cv-62536, a proposed class action was filed against Sixt Rent A Car, LLC (“Sixt”) for its alleged failure to properly conceal consumers’ card and identification information on...more
A new standard published by the Payment Card Industry Security Standards Council (“PCI SSC”) may make it easier and less costly for retailers to take advantage of lower cost PIN based transactions in card present scenarios....more
Judge Trims Proposed Class Action Over Wendy’s Data Breach - Torres v. Wendy’s Int’l, LLC, No. 16-cv-0210 (PGB) (DCI) (M.D. Fla. Mar. 21, 2017). A U.S. district court judge in Florida trimmed a proposed class action...more
We’ve talked a fair amount about the switch to chip & pin card systems over the past few years. But how about a lack of cards altogether? Because that’s what the banks have in mind....more
The Eighth Circuit Court of Appeals has remanded a $10 million settlement in the Target data breach class action on the grounds that the district court had not rigorously analyzed the propriety of the class certification. ...more
Continuing the trend of filing a shareholders derivative suit following a data breach, a Wendy’s shareholder recently filed a derivative suit against Wendy’s executives and board members alleging they did not adequately...more
We reported last week that Oracle’s MICROS point-of-sale devices had been compromised. On the heels of the compromise, Visa sent out a security alert last Friday to merchants warning companies that use Oracle’s MICROS...more
Omni Hotels notified guests on Friday, July 8, 2016, that its point of sale systems were compromised with malware from December 23, 2015, through June 15, 2016....more
For too long, “swiping” a credit card has had at least one meaning too many. There was “swiping” as it pertains to running the magnetic strip of your credit card inside the groove of a small payment terminal to make an...more
On October 1, 2015 the major payment card companies instituted the EMV Liability Shift in an effort to incentivize card issuers and merchants to migrate to using payment cards with embedded chips (“chip cards”) according to...more
Most credit and debit cards in the U.S., and the point of sale terminals and ATMs that read them, still use “magnetic stripe” technology. Magnetic stripes are obsolete and relatively insecure, allowing fraudulent practices...more
Trump Hotel Collection, the high-end hotel chain owned by the billionaire Republican presidential hopeful and real estate developer Donald Trump, has confirmed a data security breach involving malware that the company says...more
October 1 is right around the corner. Merchants, retailers, hotels and restaurants: are you ready for what’s in your customers’ wallets? Starting next month, the payment card industry’s transition to chip-and-PIN (also known...more
With the October 1, 2015 liability shift deadline looming, merchants who have not yet made the change continue to evaluate the cost of accepting EMV cards versus the liability that will shift from the issuer to the merchant...more
In 2014, grocers and restaurants continued to be plagued by attacks leading to the theft of credit card information. Among others, Supervalu Inc. and Jimmy John’s both experienced intrusions in 2014, extending the string of...more
A recent report from the Congressional Research Service (CRS) highlighted a number of factors that are delaying the transition to chip-and-PIN (EMV) cards before the credit card network imposed deadline of Oct. 1, 2015. The...more
Concluding our three-part analysis of the White House’s first Summit on Cybersecurity and Consumer Protection, we turn to some practical advice coming out of the Summit’s afternoon session, including an address by Maria...more
Some weeks ago, we wrote a piece “What You Need to Know About Backoff Malware: The New Threat Targeting Retailers” . It’s apparently gotten worse. Any business utilizing point-of-sale (POS) terminals for “swiping” credit...more
When a merchant is suspected of being the victim of an account data compromise event, they are often required by the card brands to hire a Payment Card Industry Forensic Investigator (PFI). The PFI provides a report on the...more