Payment Law Advisor Legal Commentary and Resources for the Payment Industry

Randy Gainer

Posts by Randy Gainer

PCI DSS 3.0: Business as Usual?

Posted in Regulatory and Compliance
In the past, critics of the Payment Card Industry (PCI) Data Security Standard (DSS) have alleged that the DSS requirements either (1) provide little more than a minimal baseline for security with a “check-the-box” compliance approach; or (2) are written vaguely so that the Council can retroactively allege non-compliance and impose fees on merchan… Read the rest

Genesco Wins One, Loses One in Its Case Challenging PCI DSS Fines and Assessments

Posted in Privacy and Data Security
On November 25, 2013, Chief Judge William Haynes filed the latest order in Genesco v. Visa, Civ. No. 3:13-cv-00202 (M.D. Tenn.).  In his one-line order, Judge Haynes denied Genesco’s motion for partial summary judgment “without prejudice to renew after a reasonable period of discovery.”  Dkt # 217.  Genesco had asked for judgment as a matter of… Read the rest

Lessons From Recent Data Security Cases

Posted in Privacy and Data Security
At LSI’s Second Annual Mobile Payments Law Conference in Palo Alto, CA, DWT partner Randy Gainer gave a presentation entitled “Lessons From Recent Data Security Cases.” The presentation focused on the following topics: What types of alleged damages allow data breach plaintiffs to avoid dismissal of their claims? Does the economic loss doctrin… Read the rest

PCI Data Security Standards Council to Release New Version of PCI DSS

Posted in Regulatory and Compliance
In August 2013, the Payment Card Industry (PCI) Security Standards Council released Highlights of new versions of the Data Security Standard (DSS) and Payment-Application Data Security Standard (PA-DSS).  The Council is releasing Versions 3 of each of the Standards to about 700 Participating Organizations, including banks, merchants, security as… Read the rest

Security of Payment Card Data on Cloud-Based Mobile Payment Platforms

Posted in Privacy and Data Security
The attached presentation entitled “Security of Payment Card Data on Cloud-Based Mobile Payment Platforms” was given by DWT partner Randy Gainer at American Conference Institute’s 5th National Forum on Emerging Payments in San Francisco, CA on March 21, 2013. The presentation covered topics including: Cloud-based mobile payment solutio… Read the rest

Magistrate Recommends Lawsuit Against Global Payments Should Be Dismissed

Posted in Regulatory and Compliance
A federal Magistrate has recommended dismissal with prejudice of all of the cardholder plaintiffs’ claims against payment processor Global Payments, Inc. in a widely-reported data breach case. The plaintiffs seek to recover damages allegedly caused by the 2012 theft of a reported 1.5 million sets of card data from Global Payments’ computer networ… Read the rest

Anticipating, Understanding and Preparing for New Rules for a New Mobile World

Posted in Privacy and Data Security
This presentation was originally given at the RAMP Advanced Commerce and Mobile Retail Summit in Chicago, IL on April 4, 2012. DWT lawyers Randy Gainer, Andrew Lorentz, Ronnie London, and James Mann covered the following topics: An Overview of the Mobile Payments Ecosystem Financial Privacy Requirements Data Security and PCI Compliance Mobile Communi… Read the rest

Verizon Once Again Reports Widespread Shortfalls in Payment Card Industry Data Security Standard Compliance

Posted in Privacy and Data Security
The 2011 Payment Card Industry Compliance Report by Verizon once again indicates widespread non-compliance with the Payment Card Industry (“PCI”) Data Security Standards. Only 21% of organizations were compliant at the time of their initial assessment, essentially the same as last year. Organizations are also failing to prioritize their… Read the rest