Articles and Speeches
The GC’s Role in Ensuring Compliance in the
Payment Card Processing Environment
March 11, 2014
David F. Katz
Reprinted with permission of Inside Counsel
In 2013, a number of high-profile data breaches involving major retailers such as Target and Neiman Marcus placed an unwanted spotlight on the vulnerability and insecurity of debit and credit card point of sale (POS) systems. The legacy mag-stripe payment card system, on which so many consumers and merchants rely, is long overdue for improvements that would increase security and decrease vulnerability. Such updates may come in the form of new technologies and emerging payment systems that offer more efficient and secure transaction methods.
While a discussion of alternative or emerging payment systems is beyond the scope of this article, a comprehensive understanding of the current payment card processing system will prove useful, and timely, for the general counsel who wants to take ownership of compliance and risk in this area. To rely on IT alone fails to leverage the value and necessity of a partnership with in-house counsel that would ensure proper compliance, and ignores a significant and potentially expensive risk regarding the management and security of customer data.
Compliance with the Payment Card Industry Data Security Standard (PCI-DSS) requires the same scrutiny and vigilance as any other corporate or data governance matter and, coming off the heels of 2013, which PC World labeled “The Year of the Personal Data Breach,” consumer awareness and concern has reached a an all-time high.
The purpose of this article is to help in-house counsel understand the risk landscape inherent in legacy payment card processing systems and develop a strategy to mitigate such risks.