The Payment Card Industry Security Standards Council (PCI SSC) recently released details about upcoming changes to the PCI Data Security Standard (PCI DSS). Although the proposed changes have yet to be finalized, the PCI SSC has provided a preview into the changes in order to “eliminate any perceived surprises for organizations in their PCI security […]
State Attorneys General in California and Connecticut recently announced joint enforcement actions against Citibank for inadequate security measures that permitted hackers to access customers’ credit and debit card information. The state attorneys general also allege that there was an unreasonable delay between when Citibank discovered the security vulnerability and when Citibank began notifying affected customers. […]
Despite the Wyndham Litigation, the Federal Trade Commission Continues to Pursue Data Breach Enforcement Actions.
Similar to its on-going lawsuit against Wyndham Worldwide Corporation, the Federal Trade Commission (FTC) recently filed a data breach lawsuit against LabMD, a company that conducts laboratory tests on samples that physicians obtain from consumers. The FTC alleges that the company exposed confidential billing information data for over 9,000 consumers through a peer-to-peer file-sharing network. […]
PCI Compliant Companies May Have Legal Protection Against Credit Card Companies Despite Suffering a Data Breach.
Last month, a federal district court in Tennessee denied a motion to dismiss a case brought by retail store operator Genesco Inc. against Visa for $13.3 million in fines that Visa against Genesco following a data breach. The breach at issue involved the use of malware by hackers to capture unencrypted credit card data. Visa […]
During the PCI London Conference last month, Aeriandi CEO Matthew Bryars spoke about the potential conflict with Payment Card Industry Data Security Standards (PCI DSS) if a company records customer calls. When a customer calls a hotel to make a reservation for, or to make a payment on, a hotel stay, a hotel may request […]
Callaway Gardens, a resort complex located in Pine Mountain, GA, announced that its resort guests may be at risk of “sophisticated fraudulent credit card activity,” due to a recent data breach. Callaway Gardens was notified of the breach by a credit card processing company, which had identified and notified multiple companies, including Callaway Gardens, about […]
On May 15th, Schnuck Markets, Inc. announced that a December 2012 data breach has potentially compromised the credit card security of 2.4 million customers at the vast majority (79 out of 100) of its U.S. store locations. Chairman and CEO Scott Schnuck stated that, “We’ve worked hard to provide a secure transaction environment for […]
The hospitality industry had the third highest number of data breach investigations in 2012, behind only the retail industry and the food & drink industry.
Earlier this month, the Trustwave 2013 Global Security Report was released, which concludes that, “The combination of business and IT transformation, compliance and governance demands and the onslaught of security threats continues to make the job of safeguarding data assets a serious challenge for organizations of all types—from multinational corporations to independent merchants to […]
Thanks to those who attended. Today we discussed the Four Quadrants of Behavior Change, a principle of the Venza Group and applied it to our interactions with clients. The principle we discussed provides an overview of what is needed to “hit the target” of behavioral change: Communications – Steady, sticky, relevant Infrastructure – Solid, reliable, […]
Hotels in Austria, France and Canada may be impacted by new Affiliate Members of the PCI Security Standards Council
On April 4th, the Payment Card Industry (PCI) Security Standards Council (SSC) announced the first three organizations to attain Affiliate membership status on the Council. · Australian Payment Clearing Association [Australia] · Cartes Bancaires CB [France] · Interac Association [Canada] Affiliate membership permits regional and national organizations with industry expertise to participate on the Council […]