How to Pass Data Between Retailers to Facilitate Transactions

Online retailers often learn information about a consumer that may be used to help identify other products, services, or companies that may be of interest to the consumer. For example, if a consumer purchases an airplane ticket to Washington, D.C., the consumer may want information about hotels, popular restaurants, or amenities at the airport.

Although online retailers often strive to provide recommendations quickly, and to make a consumer’s transition to a third party retailer seamless, the Restore Online Shoppers’ Confidence Act (“ROSCA”) generally prohibits one online merchant from transferring payment information (e.g., a credit card number) to a second online merchant…passingdata

How to Select a Qualified Security Assessor (“QSA”)

Retailers that accept credit cards are typically required by the payment card brands to show that they are in compliance with the Payment Card Industry Data Security Standards or “PCI DSS” at least once a year. How a retailer is permitted to show compliance depends in part on whether the retailer has a history of data security issues (e.g., have they suffered a breach) and the quantity of credit cards that the retailer transacts each year. Typically retailers that have either had a data security breach, or transact large quantities of credit cards, are required to retain a Qualified Security Assessor or “QSA” to conduct an audit and to provide an independent report showing whether the retailer is in compliance with the PCI DSS. Retailers that have not experienced a data breach and transact relatively few cards are often permitted to self-certify their compliance with the PCI DSS….qsa

Credit Card Data Breaches: Protecting Your Company from the Hidden Surprises

Debit and credit cards are now the primary form of retail payment. One source estimates that 60 percent of all retail transactions involve a payment card – far surpassing cash or checks as the preferred method of payment. Most retailers do not realize, however, that by accepting credit cards, they expose themselves to the risk of a data security breach and significant potential costs and legal liabilities. David Zetoony and Courtney Stout’s whitepaper, Credit Card Data Breaches: Protecting Your Company from the Hidden Surprises, explains the key risks that a retailer faces following a data security breach of its payment card systems as well as the potential for addressing some of those risks through the purchase of cyber-insurance.

The whitepaper is divided into two parts with the first part assessing the risk to a retailer from a credit card data breach and the second addressing insurance coverage gaps…..ccdatabreach

Webinar: mCommerce — A Guide to Legal Issues in the Evolving Mobile Landscape

May 12, 2016 at 12 p.m. EDT

The days of swiping a credit card on a card reader are over. Companies are increasingly exploring new and creative ways to allow their customers to pay for items using smartphones, computers, and mobile technologies. Boulder Partner David Zetoony and Courtney Stout will discuss the legal, regulatory and industry privacy and data security issues that arise when developing, deploying, or utilizing the latest mobile commerce solutions.  Click here for more information or to register.

We are presenting this audio web cast through Celesq® Attorneys Ed Center in partnership with West LegalEdcenter.

Webinar: How to Improve Data Security in Payment Systems — Changing Risks and Changing Technology for In-House Counsel

March 31, 2016 at 12 p.m. EDT

With new technology behind how credit card transactions are processed and protected, accepting credit cards carries new data security risks and potential legal liabilities. In addition to the normal repercussions of a data security breach (reputation damage, the risk of class action litigation, and the risk of a regulatory investigation), if a retailer’s credit card system is compromised, the retailer may be contractually liable to its payment processor, its merchant bank, and ultimately the payment card brands. Boulder Partner David Zetoony and Courtney Stout discuss new payment processing technologies, their impact on data security, the risk implications for companies, and how in-house counsel can negotiate third party vendor contracts to minimize these risks. Click here for more information or to register.

We are presenting this audio web cast through Celesq® Attorneys Ed Center in partnership with West LegalEdcenter.