10 (Mostly) Interesting Links on Data Breaches

data-breach1Data breaches are on the minds of a lot of people today, beyond the usual group of privacy and security professionals, privacy advocates, and lawmakers as a result of the Target breach.

I’ve compiled a list of 10 interesting links on data breaches (including some regarding their intersection with payments and privacy:

1.  Over 660 million breaches–The Target breach is certainly substantial, but certainly not a new occurrence.  To date, according to Privacy Rights Clearinghouse’s tally which they began in 2005, 662,081,528 records have been breached.

2.  EMV (Chip and PIN) Cards Touted as the Solution–More influentials and groups are taking on the position that EMV or chip and PIN cards, are the solution to prevent hackers and cybercriminals to get access to personal data–Target’s CEO and the National Retail Federation are beating this drum lately.

3.  But Really, EMV Cards Are Not A Swift Solution–Certainly, faster adoption of chip and PIN, or EMV cards, will likely lower fraud, and will place the US among Canada, Europe and just about everywhere else in the plastic card carrying world.  And, issuers have been sending out credit cards with chip and PINs (I have a couple) to US cardholders.  But, the technology remains pretty useless until merchants have the proper readers and software to accept the cards.  It likely won’t be a few years until chip and PIN take over, as payment networks, Mastercard, Visa and American Express have given their merchants until 2015 to obtain hardware and software to accept EMV cards…

4.  Encryption–Heartland Payment Systems took a beating in 2008 after their 2008  breach, with one of their big clients, TJX Companies losing an estimated $171 million in that breach.  But, Heartland was able to turn it around and is now touting end-to-end encryption.

5.   There Is No Federal Data Breach Notification Law–The public knows about data breaches as a result of 46 state and the D.C.’s data breach Laws.  Otherwise, we likely would have no idea how many records with personal information have been breached or may have fallen into the wrong hands.

6.  California Is The First State To Pass A Data Breach Notification Law.  This happened back in 2002.

7.  California Adds Onto Its Data Breach LawSB 46 expanded California’s data breach law to require notification when passwords and usernames are included.

8.  What Is The Customer’s Liability?–If an individual finds there has been fraud, it will  depend on how a transaction was made.  Bottom line, using a credit card is best at the checkout or online.  (PaymentsLaw.com is mentioned!)

9.  The Payments Landscape Will Forever Be Changed, Or Not–Such large data breaches do bring about larger discussions on whether or not significant changes will be made.  A few experts give their 2 cents.

10.  What To Do If Your Info Was HackedGood tips on what to do if you get a notice your information may have been hacked, from Privacy Rights Clearinghouse.

Tis the Gift Card Giving Season

gift-cardIn the past, every holiday season I would be bombarded with question after question about gift cards from consumers and reporters.  It seems most fitting that I continue to provide a quick run-down on gift cards and the rules that pertain to them, as gift cards continue to be a much desired and often given gift, with an estimated 85% of Americans exchanging them and over $110B spent on them according to the CEB TowerGroup’s 2012 assessment.

Whether you are on the giving, receiving, issuing, vending, or marketing side of gift cards (including plastic gift cards, e-cards, codes), it’s helpful to know that generally cards may all look like “gift cards” but laws certainly do not categorize treat them all as such.

Here’s the quick rundown:

Bank issued/Open Loop (Require compliance under Section 401 of the Credit CARD Act)

Store-issued/Closed Loop (Require compliance under Section 401 of the Credit CARD Act, relevant state gift card and escheat laws)

These laws restrict fees and expiration dates.  The Credit CARD Act gift card provisions also contain disclosure requirements.  Additionally, a number of states have gift card laws with more stringent fee and expiration date limits as well as have other laws on the books that require unused gift card funds escheat to the state.

Exceptions to Gift Card Laws:

  • Loyalty, reward, promotional cards (e.g. cards provided by retailers for spending certain amounts of money like the current offer at Barnes and Nobles or cards redeemed with credit or debit card reward points)

  • Prepaid calling cards

  • Cards NOT labeled or marketed as a gift card or gift certificate (e.g. General Purpose Reloadable Cards like Green Dot)-both issuers and retailers must be careful with how these cards are marketed and displayed

  • Cards not available to the public (card with funds from returned items)

  • Cards only in paper form (think old school paper gift certificates)

  • Cards only redeemable for admission to events/venues

This blog is for general information and educational purposes, not to provide legal advice. If you need legal advice, please consult with a qualified attorney.