Jetro v. MasterCard: New Concerns for Merchants and Insurers

A Q&A with Doug Meal
The brave new world of cyber liability got a lot more complicated last May. That’s when the Jetro Holdings LLC v MasterCard Inc. case held that if a card brand withholds merchant funds to satisfy the brand’s PCI fines and assessments following a data breach, the merchant has no legal recourse against the brand—even if the brand acted unlawfully in imposing the fines and assessments in the first place. I talked to attorney Doug Meal of Ropes & Gray, LLP, to explore this case and its implications for retailers and their insurers.

Continue Reading

Mobile Payments: How Much Risk Is Too Much?


NFC - Near field communication, mobile payment

A Q&A with David Herron, Chief Legal Officer of Hyperwallet

In a 2015 ISACA survey of cybersecurity experts, almost 50 percent of respondents stated that they believed mobile payments are not secure, citing issues like wi-fi, stolen devices and weak passwords as the most prominent worries. I spoke with David Herron, chief legal officer of Hyperwallet, about the reality of mobile payment security and what risk managers should be doing to protect their organizations.

Continue Reading

EMV and Payment Security: What’s Next

A Q&A with Dan Fritsche of Coalfire
The introduction of EMV chip cards and newer PCI Security standards go a long way toward reducing data breach incidents and payment card-related fraud. Yet many retailers still have not adopted the technology and EMV in and of itself is not a wholesale solution for data loss. I spoke with Dan Fritsche, Vice President of Solution Architecture at Coalfire, about ongoing payment card concerns for retailers and what they can do to make their systems more secure.

Continue Reading

What Does the Neiman Marcus Ruling Mean for Data Security Law?

A Q&A with Ben Barnow of Barnow Associates PC
The decision in the recent Neiman Marcus case was a game changer for the swiftly evolving legal climate around data breach events. By establishing the theory of “likely future fraud or injury” the court recognized that plaintiffs no longer have to prove the “impending certainty” of potential injury (as was previously established by the 2013 decision in Clapper v. Amnesty International). To find out more about its impact we talked to Ben Barnow of Barnow Associates PC.

Continue Reading

Adopting EMV: The Word from Ponemon

EMVmediumA Q&A with Michael Bruemmer of Experian Data Breach Resolution
The deadline for merchants transitioning to the EMV payment system looms: Organizations are expected to adopt the technology by October. I spoke to Michael Bruemmer of Experian Data Breach Resolution about a recently released Ponemon Institute study documenting industry attitudes toward this shift.

Continue Reading

Data Breach Events: A Plaintiff Perspective

Email Computer Key For Emailing Or ContactingA Q&A with John Yanchunis of Morgan & Morgan
The legal landscape around data loss is rapidly evolving, and with major events such as the Anthem breach changing the game on a daily basis, it can be a challenge to keep up with the courts’ current thinking. I spoke with plaintiff attorney John Yanchunis of Morgan & Morgan about some of the most recent developments he’s observed.

Continue Reading

Backoff Malware: A POS Nightmare

concetto di software infettoA Q&A with Karl Sigler of Trustwave
The Secret Service estimates that there have been over 1,000 data breaches at point-of-sale (POS) systems via Backoff malware. I asked Karl Sigler, Threat Intelligence Manager of Trustwave and a member of the team that initially identified Backoff to explain this insidious malware and why retailers should be concerned about it.

Continue Reading

Sorting Out the Consequences of PCI Data Security Noncompliance

A Q&A with David Navetta of Information Law Group
The Payment Card Industry (PCI) Security Standards Council Data Security Standards (DSS) were established in 2006, but that’s only one piece of the payment card liability puzzle. Merchants are also held to card brand rules via their merchant and other contractual arrangements with merchant banks or the card brands. I spoke with Dave Navetta, a founding partner of InfoLawGroup LLP, about the types of consequences retailers can face during a data breach.

Continue Reading

Protecting the Point of Sale

A Q&A with Chris Novak of Verizon RISK Team
According to the 2014 Verizon Data Breach Investigations Report, point of sale (POS) intrusions accounted for fourteen percent of the 63,437 sampled data breach incidents. To get a better sense of this threat and how organizations can arm against it, I spoke with Chris Novak, global managing principal of Investigative Response at Verizon RISK Team.

Continue Reading

No more posts.