Law and Regulation

A new report about data breaches from a law firm that analyzed compromises affecting more than 300 of its clients in 2015 has some unique perspectives that supplement findings from data-security technology firms such as Mandiant and Trustwave or telecommunications giant Verizon, all of which have produced widely read summaries …

  Not yet five years after its implementation, a controversial federal regulation governing interchange and transaction routing for debit cards has come under review as part of a process set out by a 20-year-old law called the Economic Growth and Regulatory Paperwork Reduction Act. The debit card regulation, the Federal …

By Eugene Rome   Merchant-service providers of all shapes and sizes learn the hard way that cutting corners by using cut-and-paste tactics to create a merchant agreement can end up in costly litigation. Independent sales organizations, third-party processors, and payment facilitators must have a merchant agreement that is tailored to …

U.S. Sen. Richard Durbin, author of 2010’s controversial Durbin Amendment, wants to know about the inner workings of EMVCo, the chip card standards body owned by the six largest global payment card networks. A statement Thursday from the Illinois Democrat says Durbin is “seeking information on whether the deployment of …

  With its enforcement action against Dwolla Inc., announced on Wednesday, the Consumer Financial Protection Bureau made plain it is expanding its writ to include data-security practices and putting digital-payments startups in its cross-hairs. The ripple effect could reach a number of payments providers if they are incautious about data …

A new Tennessee law governing merchants’ payment card contracts could create headaches for non-bank entities such as independent sales organizations and payment facilitators, merchant-acquiring industry sources say. The law will require processors on a monthly basis to list all fees assessed since the last statement. That’s certainly not unusual in …

As promised, the Electronic Transactions Association has updated its 2014 guidelines for merchant acquirers and independent sales organizations on merchant underwriting and monitoring. And more updates are likely as technology and regulators keep the pressure on merchant processors to stay ahead of risks to the payment system. “We really want …

By John Stewart Acting in response to comment from the industry, the PCI Security Standards Council has extended a key security deadline for payments processors, merchants, and banks by fully two years. These players now have until June 30, 2018, to stop using Secure Sockets Layer (SSL) encryption and instead …

The conversion of U.S. mall and Main Street retailers to EMV chip card acceptance continues to lift VeriFone Systems Inc.’s North American revenues, but now the leading U.S.-based point-of-sale terminal maker and payment-services provider is getting ready for a rush of orders from petroleum marketers preparing to meet a key …

The U.S. House of Representatives’ Financial Services Committee on Tuesday afternoon was scheduled to consider a data-security bill that is drawing fire from merchant trade groups and consumer advocates, but which has the support of the American Bankers Association. H.R. 2205, the Data Security Act of 2015, was introduced last …