Credit Card Breaches: A How-To Guide

Credit Card Breaches: A How-To Guide

For most retailers credit cards are the primary form of the payments that they receive. Accepting credit cards, however, carries significant data security risks and potential legal liability. In addition to the normal repercussions of a data security breach – e.g., reputation damage, the risk of class action litigation, and the risk of a regulatory investigation – if a retailer’s credit card system is compromised the retailer may be contractually liable to its payment processor, its merchant bank, and ultimately the payment card brands (e.g., VISA, MasterCard, Discover, and American Express). In many cases that contractual liability surpasses any other financial obligation that arises from the breach. The following provides a snapshot of information concerning credit card breaches.

credit cardsssssss

Negotiating Payment Processing Agreements: A How-To Guide

Negotiating Payment Processing Agreements: A How-To Guide

Credit cards are the primary form of payment received by most retailers. In order to process a credit card a retailer must enter into an agreement with a bank and a payment processor. Payment processing agreements often have significant impacts on a retailer’s financial liability in the event of a data breach. In many cases, the contractual liabilities that flow from a payment processing agreement surpass all other financial liabilities that arise from a data breach including the cost to investigate an incident, defend litigation, and defend a regulatory investigation. The following provides a snapshot of information concerning payment processing agreements. …

nego

Credit Cards and the Payment Card Industry Data Security Standard

Credit Cards and the Payment Card Industry Data Security Standard

For most retailers the primary source of revenue comes from credit card transactions. In order to accept credit cards, a retailer must enter into a contractual agreement with a payment processor and a merchant bank. As discussed in previous sections, those agreements typically required that the retailer represent and warrant its compliance with the Payment Card Industry Data Security Standard (“PCI DSS”). Alternatively, they require a representation and warranty that the retailer complies with the rules of the payment card brands (i.e.,American Express, Discover, MasterCard, and Visa), and some of the payment brand rules could be interpreted as requiring that a retailer be compliant with the PCI DSS. …

credit cards and the

Guidelines for Negotiating Payment Processing Agreements

Guidelines for Negotiating Payment Processing Agreements

Credit cards are the primary form of payment received by most retailers. In order to process a credit card a retailer must enter into an agreement with a bank and a payment processor. Payment processing agreements often have significant impacts on a retailer’s financial liability in the event of a data breach. In many cases, the contractual liabilities that flow from a payment processing agreement surpass all other financial liabilities that arise from a data breach including the cost to investigate an incident, defend litigation, and defend a regulatory investigation. The following provides a snapshot of information concerning payment processing agreements. …

guidelines-for-payment-processing

How to Select a Qualified Security Assessor (“QSA”)

Retailers that accept credit cards are typically required by the payment card brands to show that they are in compliance with the Payment Card Industry Data Security Standards or “PCI DSS” at least once a year. How a retailer is permitted to show compliance depends in part on whether the retailer has a history of data security issues (e.g., have they suffered a breach) and the quantity of credit cards that the retailer transacts each year. Typically retailers that have either had a data security breach, or transact large quantities of credit cards, are required to retain a Qualified Security Assessor or “QSA” to conduct an audit and to provide an independent report showing whether the retailer is in compliance with the PCI DSS. Retailers that have not experienced a data breach and transact relatively few cards are often permitted to self-certify their compliance with the PCI DSS….qsa

Credit Card Data Breaches: Protecting Your Company from the Hidden Surprises

Debit and credit cards are now the primary form of retail payment. One source estimates that 60 percent of all retail transactions involve a payment card – far surpassing cash or checks as the preferred method of payment. Most retailers do not realize, however, that by accepting credit cards, they expose themselves to the risk of a data security breach and significant potential costs and legal liabilities. David Zetoony and Courtney Stout’s whitepaper, Credit Card Data Breaches: Protecting Your Company from the Hidden Surprises, explains the key risks that a retailer faces following a data security breach of its payment card systems as well as the potential for addressing some of those risks through the purchase of cyber-insurance.

The whitepaper is divided into two parts with the first part assessing the risk to a retailer from a credit card data breach and the second addressing insurance coverage gaps…..ccdatabreach

Webinar: What In-House Lawyers Should Know about the Legal Risks of Identity Theft and the Role of Credit Monitoring Services

May 24, 2016 at 12 p.m. EDT

Following a data security breach many companies assuage consumer fears by offering credit monitoring, ID restoration services, or ID theft insurance. Many in-house counsel misunderstand the legal risks of identity theft and the role that credit monitoring products play in protecting consumers from harm when such theft occurs. Boulder Partner David Zetoony discusses ID theft risks and the legal issues that in-house counsel need to consider when selecting a credit monitoring service. Click here for more information or to register.

We are presenting this audio web cast through Celesq® Attorneys Ed Center in partnership with West LegalEdcenter.

Webinar: mCommerce — A Guide to Legal Issues in the Evolving Mobile Landscape

May 12, 2016 at 12 p.m. EDT

The days of swiping a credit card on a card reader are over. Companies are increasingly exploring new and creative ways to allow their customers to pay for items using smartphones, computers, and mobile technologies. Boulder Partner David Zetoony and Courtney Stout will discuss the legal, regulatory and industry privacy and data security issues that arise when developing, deploying, or utilizing the latest mobile commerce solutions.  Click here for more information or to register.

We are presenting this audio web cast through Celesq® Attorneys Ed Center in partnership with West LegalEdcenter.

Webinar: How to Improve Data Security in Payment Systems — Changing Risks and Changing Technology for In-House Counsel

March 31, 2016 at 12 p.m. EDT

With new technology behind how credit card transactions are processed and protected, accepting credit cards carries new data security risks and potential legal liabilities. In addition to the normal repercussions of a data security breach (reputation damage, the risk of class action litigation, and the risk of a regulatory investigation), if a retailer’s credit card system is compromised, the retailer may be contractually liable to its payment processor, its merchant bank, and ultimately the payment card brands. Boulder Partner David Zetoony and Courtney Stout discuss new payment processing technologies, their impact on data security, the risk implications for companies, and how in-house counsel can negotiate third party vendor contracts to minimize these risks. Click here for more information or to register.

We are presenting this audio web cast through Celesq® Attorneys Ed Center in partnership with West LegalEdcenter.

EMV Technology At A Glance (2015)

Over the past several years the credit card industry has been encouraging banks and retailers to migrate to EMV technology, which is sometimes referred to as “chip-and-pin” or “chip-and-signature.”  EMV, which is named after the developers of the technology (Europay, MasterCard, Visa) is a technical standard that includes a microprocessor physically embedded in a plastic credit card.  The processor stores credit card data and, which, when inserted, is decrypted and read . . . EMV At A Glance

Credit Card Data Breaches At A Glance (2015)

CC_Data_Breaches_At A GlanceFor most retailers credit cards are the primary form of the payments that they receive.  Accepting credit cards, however, carries significant data security risks and potential legal liabilities.  In addition to the normal repercussions of a data security breach . . .

Restore Online Shoppers Confidence Act At A Glance (2015)

Online retailers often learn information about a consumer that may be used to help identify other products, services, or companies that may be of interest.  Although retailers strive to provide recommendations quickly, and to make a consumer’s transition to a third party retailer seamless, the Restore Online Shoppers’ Confidence Act (“ROSCA”) generally prohibits one online merchant from transferring payment information to another . . . Restore_Online_Confidence_At A Glance

Credit Card Payment Processing Agreements At A Glance (2015)

Credit cards are the primary form of the payment for most retailers.  In order to process credit cards a retailer must enter into an agreement with a bank and a payment processor.  Those agreements can be daunting and often have significant impacts on a retailer’s financial liability in the event of a data breach. Indeed, in many cases the contractual liabilities that flow from the credit card processing agreement surpass all other financial liabilities that arise from a breach including litigation . . . Negotiating Card Agreements_At A Glance_1