New Developments for Song-Beverly

data-breach1A couple notable developments on California’s Song-Beverly Credit Card Act, which limits retailers from collecting certain types of personal information from its customers.

California’s SB 383 (Jackson) passed the Senate earlier this year, which addresses the Apple v. Superior Court decision.  This bill would extend Song-Beverly protections to online retailers and prohibit them from collecting certain types of personal information when consumers purchase “electronically downloadable content” unless for fraud detection and prevention purposes.  A pretty narrow bill, to address a pretty narrow ruling.

Consumers can’t be required to provide their email addresses, unless for an “incidental but related purpose,” when shopping at a brick and mortar store any longer, a result of Capp v. Nordstrom.

Why might might consumers be spooked about giving out their email addresses or zip codes at the point of sale?  If you haven’t read this article in Forbes, it explains why very simply.

Not Song-Beverly related, but more in following up on data breaches and their aftermath as some consumers try to figure out how to dig out from identity theft or try to keep their financial lives from being wrecked.  Brian Krebs has confirmed that credit monitoring services are not helpful in his recent post, “Are Credit Monitoring Services Worth It.”


Bitcoin Roundup

DIGSOUTH_ShaneSnowQA_042913There is SO much dialogue around digital currencies/virtual currencies/cryptocurrencies, of which Bitcoin is front and center. Here are a few articles I’ve found particularly interesting:

1.  A VC’s perspective: Why Bitcoin Matters – Marc Andreesen’s NYT Op Ed

2.  What’s new in the regulatory world stateside: New York Regulators Promise Tough Bitcoin Rules – Bloomberg

3.  New currency meets old hardware (Bitcoin ATMs): Bitcoin ATM coming to the U.S. -CNN

4.  Bitcoin is not immune to hackers: Bitcoin Exchange Mt.Gox Apologies About Crippling Hack – Reuters

And, I saved my favorite for last:

5.  Follow Bitcoin’s ups and downs with PYMTS’ Bitcoin Bubble Tracker.

10 (Mostly) Interesting Links on Data Breaches

data-breach1Data breaches are on the minds of a lot of people today, beyond the usual group of privacy and security professionals, privacy advocates, and lawmakers as a result of the Target breach.

I’ve compiled a list of 10 interesting links on data breaches (including some regarding their intersection with payments and privacy:

1.  Over 660 million breaches–The Target breach is certainly substantial, but certainly not a new occurrence.  To date, according to Privacy Rights Clearinghouse’s tally which they began in 2005, 662,081,528 records have been breached.

2.  EMV (Chip and PIN) Cards Touted as the Solution–More influentials and groups are taking on the position that EMV or chip and PIN cards, are the solution to prevent hackers and cybercriminals to get access to personal data–Target’s CEO and the National Retail Federation are beating this drum lately.

3.  But Really, EMV Cards Are Not A Swift Solution–Certainly, faster adoption of chip and PIN, or EMV cards, will likely lower fraud, and will place the US among Canada, Europe and just about everywhere else in the plastic card carrying world.  And, issuers have been sending out credit cards with chip and PINs (I have a couple) to US cardholders.  But, the technology remains pretty useless until merchants have the proper readers and software to accept the cards.  It likely won’t be a few years until chip and PIN take over, as payment networks, Mastercard, Visa and American Express have given their merchants until 2015 to obtain hardware and software to accept EMV cards…

4.  Encryption–Heartland Payment Systems took a beating in 2008 after their 2008  breach, with one of their big clients, TJX Companies losing an estimated $171 million in that breach.  But, Heartland was able to turn it around and is now touting end-to-end encryption.

5.   There Is No Federal Data Breach Notification Law–The public knows about data breaches as a result of 46 state and the D.C.’s data breach Laws.  Otherwise, we likely would have no idea how many records with personal information have been breached or may have fallen into the wrong hands.

6.  California Is The First State To Pass A Data Breach Notification Law.  This happened back in 2002.

7.  California Adds Onto Its Data Breach LawSB 46 expanded California’s data breach law to require notification when passwords and usernames are included.

8.  What Is The Customer’s Liability?–If an individual finds there has been fraud, it will  depend on how a transaction was made.  Bottom line, using a credit card is best at the checkout or online.  ( is mentioned!)

9.  The Payments Landscape Will Forever Be Changed, Or Not–Such large data breaches do bring about larger discussions on whether or not significant changes will be made.  A few experts give their 2 cents.

10.  What To Do If Your Info Was HackedGood tips on what to do if you get a notice your information may have been hacked, from Privacy Rights Clearinghouse.

New Year, New Laws

Along with new goals, new resolutions, and feelings of renewal, the new year also brings the beginning of many new laws in California.

Here’s a link to a summary compiled by myself and Paul Soter on relevant new laws in California in the areas of consumer finance, payments and financial privacy.






Reflecting on Payments at Year’s End

This is not original content, but I wanted to commemorate the end of an active year in payments.  The Atlanta Fed’s Blog Portals and Rails has a great list, so why reinvent the wheel?:

As the year draws to a close, the Portals and Rails team would like to share its own Top 10 list of major payment-related events that took place in the United States this year.

  1. The Consumer Financial Protection Bureau finalized Dodd-Frank 1073 money transfer rules.
  2. The payments industry experienced increased regulatory scrutiny of third-party processors and high-risk business customers.
  3. Major global ATM cash-out fraud attacks—including many U.S. ATMs—totaled $45 million.
  4. FTC issued a proposal to ban telemarketers from using remotely created checks and payment orders.
  5. Debit networks sought a compromise on an EMV interface—while there is little movement on the issuance of EMV cards.
  6. The newly designed $100 bill with additional security features was released.
  7. Several major data breaches occurred, and identity theft occurrences skyrocketed. (Perhaps you are experiencing repercussions from the recent Target breach?)
  8. Cyber Monday online sales were up 17 percent, with phones and tablets representing almost a third of the total.
  9. Virtual currencies received increased public, legislative, and regulatory awareness after the U.S. Department of Justice took action to close down virtual currency operators Liberty Reserve and Silk Road.
  10. U.S. District Court Judge Richard Leon threw out Regulation II debit card interchange fees and routing rules.

Happy Holidays everyone!