Payment Law Advisor Legal Commentary and Resources for the Payment Industry

Randy Gainer

Posts by Randy Gainer

PCI DSS 3.0: Business as Usual?

Posted in Regulatory and Compliance, Regulatory Compliance/Federal Agencies Resources

In the past, critics of the Payment Card Industry (PCI) Data Security Standard (DSS) have alleged that the DSS requirements either (1) provide little more than a minimal baseline for security with a “check-the-box” compliance approach; or (2) are written vaguely so that the Council can retroactively allege non-compliance and impose fees on merchants who… Continue Reading

Genesco Wins One, Loses One in Its Case Challenging PCI DSS Fines and Assessments

Posted in Privacy and Data Security

On November 25, 2013, Chief Judge William Haynes filed the latest order in Genesco v. Visa, Civ. No. 3:13-cv-00202 (M.D. Tenn.).  In his one-line order, Judge Haynes denied Genesco’s motion for partial summary judgment “without prejudice to renew after a reasonable period of discovery.”  Dkt # 217.  Genesco had asked for judgment as a matter… Continue Reading

Lessons From Recent Data Security Cases

Posted in Privacy and Data Security, Privacy and Data Security Resources

At LSI’s Second Annual Mobile Payments Law Conference in Palo Alto, CA, DWT partner Randy Gainer gave a presentation entitled “Lessons From Recent Data Security Cases.” The presentation focused on the following topics: What types of alleged damages allow data breach plaintiffs to avoid dismissal of their claims? Does the economic loss doctrine bar card issuers’… Continue Reading

PCI Data Security Standards Council to Release New Version of PCI DSS

Posted in Regulatory and Compliance, Regulatory Compliance/Federal Agencies Resources

In August 2013, the Payment Card Industry (PCI) Security Standards Council released Highlights of new versions of the Data Security Standard (DSS) and Payment-Application Data Security Standard (PA-DSS).  The Council is releasing Versions 3 of each of the Standards to about 700 Participating Organizations, including banks, merchants, security assessors, and hardware and software vendors in… Continue Reading

Security of Payment Card Data on Cloud-Based Mobile Payment Platforms

Posted in Privacy and Data Security

The attached presentation entitled “Security of Payment Card Data on Cloud-Based Mobile Payment Platforms” was given by DWT partner Randy Gainer at American Conference Institute’s 5th National Forum on Emerging Payments in San Francisco, CA on March 21, 2013. The presentation covered topics including: Cloud-based mobile payment solutions What is the cloud? Some benefits of moving to… Continue Reading

Magistrate Recommends Lawsuit Against Global Payments Should Be Dismissed

Posted in Regulatory and Compliance

A federal Magistrate has recommended dismissal with prejudice of all of the cardholder plaintiffs’ claims against payment processor Global Payments, Inc. in a widely-reported data breach case. The plaintiffs seek to recover damages allegedly caused by the 2012 theft of a reported 1.5 million sets of card data from Global Payments’ computer network. In her… Continue Reading

Mobile Payment Litigation Risks

Posted in Privacy and Data Security, Regulatory and Compliance

DWT partner Randy Gainer spoke at the Electronic Transactions Association’s annual Compliance Day event in Dallas on November 14. His presentation focused on Mobile Payment Litigation Risks Such risks include: Weak computer network and mobile security may permit theft of payment data Businesses may collect user information from smartphones without sufficient user permission Consumer class… Continue Reading

Anticipating, Understanding and Preparing for New Rules for a New Mobile World

Posted in Privacy and Data Security

This presentation was originally given at the RAMP Advanced Commerce and Mobile Retail Summit in Chicago, IL on April 4, 2012. DWT lawyers Randy Gainer, Andrew Lorentz, Ronnie London, and James Mann covered the following topics: An Overview of the Mobile Payments Ecosystem Financial Privacy Requirements Data Security and PCI Compliance Mobile Communications Regulation To… Continue Reading

Verizon Once Again Reports Widespread Shortfalls in Payment Card Industry Data Security Standard Compliance

Posted in Privacy and Data Security

The 2011 Payment Card Industry Compliance Report by Verizon once again indicates widespread non-compliance with the Payment Card Industry (“PCI”) Data Security Standards. Only 21% of organizations were compliant at the time of their initial assessment, essentially the same as last year. Organizations are also failing to prioritize their compliance efforts in the manner recommended by the PCI… Continue Reading