The PCI Security Standards Council recently published a set of enhanced validation procedures designed to provide greater assurance that certain entities are maintaining compliance with the PCI Data Security Standard effectively and on a continuing basis. In addition, on July 1, 2015, PCI Data Security Standard Version 3.0 is being retired and the controls previously designated by Version 3.0 as best practices will become mandatory.
Continue Reading PCI Security Standards Council Releases Enhanced Validation Requirements for Designated Entities as PCI DSS Version 3.0 Set to Retire
Payment Card
New Payment Technologies Should Reduce Demand for Cyber Insurance
Demand for and cost of cyber insurance has skyrocketed due to the widely publicized hacks of large retailers. This blog entry discusses how new payment technologies may change the need for this type of cyber insurance.
Continue Reading New Payment Technologies Should Reduce Demand for Cyber Insurance
Federal Judge Rules on FTC’s Authority to Regulate Data Security
On April 7, 2014, a federal court issued an opinion allowing the Federal Trade Commission to proceed with its case against the Wyndham Worldwide Corporation for unfair data security practices.
Continue Reading Federal Judge Rules on FTC’s Authority to Regulate Data Security
Massachusetts Court Ruling Benefits Plaintiff in Zip Code Case
On March 11, 2013, in Tyler v. Michaels Stores, Inc., the Massachusetts Supreme Judicial Court effectively reinstated the suit against the retailer by answering favorably for the plaintiff three certified questions from the United States District Court for the District of Massachusetts regarding Massachusetts General Laws Chapter 93, Section 105(a) entitled “Consumer Privacy in Commercial Transactions” (“Section 105(a)”). The court ruled that (1) a ZIP code constitutes personal identification information under the Massachusetts law; (2) a plaintiff may bring an action for a violation of the Massachusetts law absent identity fraud; and (3) the term “credit card transaction form” refers equally to electronic and paper transaction forms. The Massachusetts court’s determination that a ZIP code constitutes personal identification information is similar to the determination in Pineda v. Williams-Sonoma Stores, Inc., in which the California Supreme Court held that ZIP codes are “personal identification information” under California’s Song-Beverly Credit Card Act. More than 15 states, including Massachusetts and California, have statutes limiting the type of information that retailers can collect from customers.
Continue Reading Massachusetts Court Ruling Benefits Plaintiff in Zip Code Case
California Ruling Finds Song-Beverly Act Does Not Apply to Online Transactions
On February 4, 2013, the Supreme Court of California held that the Song-Beverly Credit Card Act does not apply to online purchases in which the product is downloaded electronically. …
Continue Reading California Ruling Finds Song-Beverly Act Does Not Apply to Online Transactions
California Ruling Permits Collection of ZIP Codes After Receipt Is Provided to Customer
As reported in BNA’s Privacy & Security Law Report, on December 14, 2012, a federal district court in California ruled that a retail store’s policy of collecting personal information only after providing customers with receipts does not violate the Song-Beverly Credit Card Act.
Continue Reading California Ruling Permits Collection of ZIP Codes After Receipt Is Provided to Customer
PCI Security Standards Council Issues Best Practices for Mobile Payment Acceptance Security
On September 13, 2012, the PCI Security Standards Council issued new guidelines entitled “PCI Mobile Payment Acceptance Security Guidelines,” which outline best practices for mobile payment acceptance security.
Continue Reading PCI Security Standards Council Issues Best Practices for Mobile Payment Acceptance Security
California Supreme Court’s Pineda Decision Applies Retrospectively to ZIP Code Collection Class Action Suit
On June 25, 2012, a federal district court in California ruled that the California Supreme Court’s 2011 decision in Pineda v. Williams Sonoma applies retrospectively to OfficeMax’s collection of zip codes from its customers.
Continue Reading California Supreme Court’s Pineda Decision Applies Retrospectively to ZIP Code Collection Class Action Suit
FTC Files Complaint Against Wyndham Hotels
On June 26, 2012, the Federal Trade Commission announced that it had filed suit against Wyndham Worldwide Corporation and three of its subsidiaries (“Wyndham”) alleging failures to maintain reasonable security that led to three separate data breaches involving hackers accessing sensitive consumer data. The FTC’s complaint claims that Wyndham violated the FTC Act by posting…
PCI Security Standards Council Provides Mobile Payment Acceptance Guidance
On May 16, 2012, the PCI Security Standards Council’s Mobile Working Group published a fact sheet outlining best practices for securely accepting payments via mobile devices.
Continue Reading PCI Security Standards Council Provides Mobile Payment Acceptance Guidance