A number of investigations and inquiries, including a call for a hearing in Congress on December 30, 2013, have been sparked by the announcement by Target Corp. that a massive security breach of approximately 40 million of its customers’ credit and debit card accounts used at brick-and-mortar Target stores occurred between November 27 and extending through … Continue Reading
As we previously blogged, in a case concerning retail chain Michaels Stores, the Supreme Judicial Court of Massachusetts (SJC) recently issued a broad ruling regarding the circumstances in which consumers may sue for collection of zip code information during credit card transactions under Massachusetts law. Two separate putative class actions now have been filed under … Continue Reading
In a recent decision, the Supreme Judicial Court of Massachusetts (“SJC”) broadly interpreted a statute that governs the personal information that may be collected by a merchant during a credit card transaction. The decision, Tyler v. Michaels Stores, Inc., SJC-1145 (Mass. March 11, 2013), was issued in response to three questions that had been certified … Continue Reading
Nearly two years ago, the California Supreme Court held that requesting a customer’s ZIP code in connection with a credit card transaction violated the Song-Beverly Credit Card Act of 1971, a statute that prohibits businesses from recording a customer’s “personal identification information” (“PII”) as a condition of accepting a credit card payment. On Wednesday, the … Continue Reading
Yesterday, the Payment Card Industry Council issued guidance for merchants using smartphones or tablets to accept payments from customers. The guidance follows up on the PCI Council Chairman’s pledge in February, as reported in this blog, to make mobile payments a top priority. Payment card readers that can be attached to a smartphone or tablet have become … Continue Reading
Just under a year has passed since the California Supreme Court ruled that asking for a customer’s ZIP code during a credit card transaction violates California’s Song-Beverly Credit Card Act. According to media reports, the court’s decision in Pineda v. Williams-Sonoma Stores, Inc. has spurred more than 200 suits against California retailers. A roundup of … Continue Reading
On October 27, 2011, Senator John D. Rockefeller, chairman of the Senate Commerce, Science, and Transportation Committee, sent letters to Visa and Mastercard requesting information regarding the companies’ data collection and aggregation practices and proposals. An October 25, 2011, Wall Street Journal article outlined various initiatives from the two companies pertaining to online behavioral advertising. Senator … Continue Reading
In a report released on September 28, 2011, Verizon concluded that only 21 percent of organizations subject to the payment card industry’s data security standards (PCI-DSS) were fully compliant with PCI-DSS. Verizon’s prior report found that 22 percent of organizations were fully compliant with PCI-DSS. The PCI-DSS consist of 12 requirements relating to an organization’s information … Continue Reading
Earlier this month, the Payment Card Industry Council (“PCI”) unveiled the first set of point-to-point encryption (“P2PE”) standards designed for providers of P2PE hardware-based encryption and decryption solutions. P2PE providers develop for merchants point-of-sale hardware such as payment card readers and electronic cash registers that completely encrypt payment card data from the point the card … Continue Reading
In a decision with implications for all California retailers, the California Supreme Court ruled [PDF] yesterday that a customer may not be asked to provide his or her ZIP code during an in-person credit card transaction. At issue in Pineda v. Williams-Sonoma Stores, Inc. was the scope of California’s Song-Beverly Credit Card Act of 1971, Cal. Civ. Code … Continue Reading