Payment Law Advisor Legal Commentary and Resources for the Payment Industry

Category Archives: Privacy and Data Security

Subscribe to Privacy and Data Security RSS Feed

Genesco Wins One, Loses One in Its Case Challenging PCI DSS Fines and Assessments

Posted in Privacy and Data Security
On November 25, 2013, Chief Judge William Haynes filed the latest order in Genesco v. Visa, Civ. No. 3:13-cv-00202 (M.D. Tenn.).  In his one-line order, Judge Haynes denied Genesco’s motion for partial summary judgment “without prejudice to renew after a reasonable period of discovery.”  Dkt # 217.  Genesco had asked for judgment as a matter of… Read the rest

Lessons From Recent Data Security Cases

Posted in Privacy and Data Security
At LSI’s Second Annual Mobile Payments Law Conference in Palo Alto, CA, DWT partner Randy Gainer gave a presentation entitled “Lessons From Recent Data Security Cases.” The presentation focused on the following topics: What types of alleged damages allow data breach plaintiffs to avoid dismissal of their claims? Does the economic loss doctrin… Read the rest

Legal and Technical Security Challenges for Cloud-Based Mobile Payment Solutions

Posted in Privacy and Data Security
DWT partner Randy Gainer will speak at the Electronic Transactions Association’s (ETA) upcoming Compliance Day on April 30 to address the topic of “Legal and Technical Security Challenges for Cloud-Based Mobile Payment Solutions.” Compliance Day kicks off ETA’s 2013 Annual Meeting and Expo. For more information about the e… Read the rest

Security of Payment Card Data on Cloud-Based Mobile Payment Platforms

Posted in Privacy and Data Security
The attached presentation entitled “Security of Payment Card Data on Cloud-Based Mobile Payment Platforms” was given by DWT partner Randy Gainer at American Conference Institute’s 5th National Forum on Emerging Payments in San Francisco, CA on March 21, 2013. The presentation covered topics including: Cloud-based mobile payment solutio… Read the rest

The X’s and O’s of Mobile Payments

Posted in Deals and Technology, Privacy and Data Security, Regulatory and Compliance
On March 14, 2013, Davis Wright Tremaine partner Andy Lorentz teamed up with BetterBuyDesign’s Steve Mott to present the X’s and O’s of Mobile Payments at DWT’s Game Time at Restaurant High 2013, an invitation-only event for high-level restaurant executives to learn about key developments in the industry and look toward what t… Read the rest

Mobile Payment Acceptance: Security Guidelines For Merchants

Posted in Privacy and Data Security, Regulatory and Compliance
The PCI Security Standards Council recently issued security guidelines for merchants who accept mobile payments.  The guidelines apply to payment acceptance applications that operate on any consumer electronic handheld device (a) that is not solely dedicated to payment transaction processing, and (b) where the device has access to clear tex… Read the rest

Video: Mobile Payments and Marketing Compliance Presentation from RAMP

Posted in Privacy and Data Security, Regulatory and Compliance
In October, DWT lawyers Andy Lorentz, Ken Payson, and Ronnie London presented on “Mobile Payments and Marketing Compliance” at the RAMP Advanced Commerce and Mobile Retail Services Summit in Chicago. The presentation covered topics including: Overview of the Regulatory Regime Less-Obvious Compliance Issues Potentially Significant E… Read the rest

PCI Security Standards Council Issues Guidance for Mobile Payment Applications

Posted in Privacy and Data Security, Regulatory and Compliance
The PCI Security Standards Council‘s (PCI-SSC) Emerging Technologies group recently issued guidance addressing security standards for mobile payment applications on consumer handheld devices.  The new guidelines apply specifically to payment applications installed on consumer devices (such as smartphones, PDAs, and tablets) not… Read the rest

Regulators Emphasize Importance of Money Transmission Laws, Consumer Protection and Other Regulatory Compliance for Mobile and Other Emerging Payment Innovations

Posted in Financial Services Litigation and Enforcement, Privacy and Data Security, Regulatory and Compliance
At last week’s ACI Emerging Payments Systems conference in Washington, DC, sponsored in part by Davis Wright Tremaine, federal and state regulators and industry participants discussed the myriad legal issues facing innovators and incumbent market participants offering new payment products and services to consumers, including prepaid products,… Read the rest

FFIEC Issues Statement on “Cloud Computing” Risk Management

Posted in Deals and Technology, Privacy and Data Security, Regulatory and Compliance
The Technology Subcommittee of the Federal Financial Institution Examination Council (“FFIEC”) — the interagency body responsible for prescribing uniform principles and standards for federal financial institution examinations — recently released a statement highlighting the operational and compliance risks related to “ou… Read the rest

Anticipating, Understanding and Preparing for New Rules for a New Mobile World

Posted in Privacy and Data Security
This presentation was originally given at the RAMP Advanced Commerce and Mobile Retail Summit in Chicago, IL on April 4, 2012. DWT lawyers Randy Gainer, Andrew Lorentz, Ronnie London, and James Mann covered the following topics: An Overview of the Mobile Payments Ecosystem Financial Privacy Requirements Data Security and PCI Compliance Mobile Communi… Read the rest

Mobile Banking: Risks and Rewards

Posted in Privacy and Data Security
Mobile banking is a relatively new channel for delivering banking products and services that is rapidly gaining popularity.  As with any new technology deployed for financial services, there are risks associated with the use and storage of personal information of the user.  A recent article by Jeffrey M. Kopchik in the FDIC’s Winter edition of Super… Read the rest

Fed Economists Suggest a Centralized Independent Public Entity to Create e-Payments Security Standards

Posted in Privacy and Data Security
With the growth of e-commerce and m-commerce, remote payments fraud has grown in response.  In a letter released December 7, 2011 (available here), economists from the Federal Reserve Bank of Chicago argue that a centralized public sector organization is needed to establish standards governing security of electronic payments and coordinate with reg… Read the rest

FinCEN Releases Guidance To Thwart Cyber Threats by Helping Financial Institutions Identify Account Takeover Activity

Posted in Privacy and Data Security
Recognizing that cybercriminals are using increasingly more sophisticated methods to obtain access to bank accounts, the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) issued an Advisory on December 19, 2011 to assist financial institutions with identifying and reporting account takeover activity through the filing of Su… Read the rest

First Data Corp. Becomes the First Payment Processor to Have “Binding Corporate Rules” for Data Transfer Approved by EU Regulators

Posted in Privacy and Data Security
First Data Corp. announced on November 14, 2011 that the UK Information Commissioner’s Office (“ICO”) approved its Binding Corporate Rules (“BCRs”) for data-sharing outside the EU.  First Data went through a rigorous four-year process to obtain approval, but BCR reforms may streamline the procedure for other applicants going forward. … Read the rest

Verizon Once Again Reports Widespread Shortfalls in Payment Card Industry Data Security Standard Compliance

Posted in Privacy and Data Security
The 2011 Payment Card Industry Compliance Report by Verizon once again indicates widespread non-compliance with the Payment Card Industry (“PCI”) Data Security Standards. Only 21% of organizations were compliant at the time of their initial assessment, essentially the same as last year. Organizations are also failing to prioritize their… Read the rest

MasterCard and Visa Initiatives to Target Advertising Demand Close Attention to Financial Privacy Rules

Posted in Privacy and Data Security
The ability to provide offers or ads targeted to the right person at the right place and at the right time may get a little easier.  Not content with simply being a brand behind payments, MasterCard and Visa are pushing into the targeted ads and offers business.  Such marketing tactics require careful structuring in order to comply with consumer privacy pr… Read the rest

FTC Proposes First Modifications to Children’s Online Privacy Protection Act (COPPA) Rules Since Original Adoption in 2000

Posted in Privacy and Data Security
The Federal Trade Commission (FTC) has issued a rulemaking notice proposing to update its rules implementing the Children’s Online Privacy Protection Act (COPPA) to reflect changes in technology and online practices, primarily, the popularity of social networking and the use of smartphones to access the Internet and provide location information.… Read the rest