Tag Archives: pci

Ohio Law Offers Safe Harbor to Companies Meeting Cyber Standards

Photo of Craig A. HoffmanBy Brian P. Bartish and Craig A. Hoffman on Posted in Data Breaches, State Legislation
Ohio will soon have a law in place that provides a “legal safe harbor” from tort claims related to a data breach, to entities that have implemented and comply with certain cybersecurity frameworks. It remains to be seen whether any entity will ever be in a position to take advantage of the affirmative defense this … Continue Reading

New Guidance for Merchants on Ensuring that Service Providers Share Security Responsibility

Photo of Craig A. HoffmanBy Craig A. Hoffman and Charles Shih on Posted in Cybersecurity, Information Security
For merchants, long gone are the days of using a card reader with a dial-up connection to their payment processor. Today’s omni-channel retailers rely on multiple third party service providers to complete payment card transactions. These third parties—call center operators, payment gateways, loyalty solution providers, managed security services, data-center hosts, mobile app developers, and fraud … Continue Reading

Visa Loses Motion to Dismiss in Genesco Case – Are the Days for PCI Assessments Numbered?

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Financial Privacy
Co-Authored by: Judy Selby In a highly anticipated decision, a federal court in Tennessee let stand a retailer’s claims against Visa for violation of California’s Unfair Competition Law (UCL) and for common law claims for unjust enrichment and restitution arising out of fines and assessments levied by Visa in the wake of a massive data … Continue Reading

Do Merchants That Outsource Payment Processing Still Have Risk From a Breach?

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Data Breaches, Payment Card Industry
Last week a small New England bakery announced that its point-of-sale (POS) devices were infected with malware that may have put card data at risk.  The bakery’s letter to its customers stressed that it did not store card data on its computer systems, but the malware allowed an unauthorized person to gather card data as … Continue Reading

UPDATE: If There is Credit Card Fraud, There Must Have Been a Breach

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Data Breaches, Payment Card Industry
As we reported in December 2010, after an online merchant suffered chargeback losses of almost $12,000 on nine fraudulent orders, it sued the bank that issued the nine cards that were fraudulently used alleging that the most likely cause of the fraud was a data security breach at the bank that the bank ignored.  The merchant … Continue Reading

Does the First Circuit’s Decision in Hannaford Signal a Changing Tide?

Photo of Theodore J. Kobus IIIBy Theodore J. Kobus III on Posted in Data Breaches, Payment Card Industry
Until last week, most of us thought that the Hannaford Brothers data breach litigation was just another example of how Plaintiffs are not able to recover in class action lawsuits without proof of actual harm. The Hannaford Brothers supermarket chain suffered a data breach between December, 2007 and March, 2008 where hackers accessed over 4M … Continue Reading

Verizon PCI Report Shows Companies Still Struggle with Compliance

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Payment Card Industry
Verizon recently released its 2011 Payment Card Industry Compliance report, a companion report to its annual Data Breach Investigations report that we discussed here.  The PCI compliance report presents findings based on Verizon’s work as a Qualified Security Assessor (QSA) (a QSA conducts an annual audit to determine if a company is in compliance with … Continue Reading

Restaurant Group Pays $110,000 to Settle Lawsuit Alleging a Failure to Secure Payment Card Data

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Payment Card Industry
In a February co-post with Baker Hostetler’s Hospitality Lawg, we wrote about security breach reports that continued to show hospitality and restaurant groups as favorite targets of hackers.  Two of the factors we cited as explanations for their vulnerability—failure to secure wireless networks and not complying with the Payment Card Industry Data Security Standard (PCI … Continue Reading

Hospitality and Food and Beverage Industries Still Targets of Hackers

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Data Breaches, Information Security, Payment Card Industry
This entry was also posted on the Hospitality Lawg—a Baker Hostetler blog featuring commentary on hospitality law, news, and developments.  It should no longer come as a surprise that the hospitality and food and beverage industries are favorite targets of hackers.  Indeed, some commentators have suggested that hackers view these industries as the low-hanging fruit.  … Continue Reading
LexBlog