Rippleshot Blog

The aftermath of headline-grabbing data breaches at deep-pocketed retailers is almost always characterized by litigants of all sizes lining up to seek reparation for their legal injuries. These litigants can come in the form of disgruntled financial institutions, who demand compensation for breach-related expenses, or unhappy consumers who have suffered from theft of personal/ financial information and unauthorized charges on their accounts. Although consumer class-action lawsuits are a dime a dozen, they typically do not fare well in court, as courts generally conclude that their losses are covered in full by banks. On the other hand, financial institutions have a much easier time proving the costs associated with data breaches, such as card reissuance and reimbursement on fraudulent transactions. Follow along as we discuss the most recent data breach lawsuits including Target, Home Depot, and Wendy’s, and their effect on consumers, financial institutions, and retailers.

The landscape of fraud between 2015 to 2016 is best characterized as uncertain and dynamic. As government institutions such as the CFPB and FFIEC begin to play a bigger role in cybersecurity regulation, it has yet to be seen what data security protocols will be required of financial institutions. Also, pending legislation in Congress surrounding data security has the potential to determine federal standards of information security for merchants. Finally, with back-and-forth lawsuits between retailers, payment card networks, and issuers over disputes regarding EMV compliance and liability shift, nobody is exactly sure who will come out on top.

At Rippleshot, we understand how difficult it can be to juggle so many moving parts and develop actionable insights from them. That’s why we created a timeline for you to get up to speed on recent developments in card fraud and payments security.

A fiery debate has resurfaced between financial institutions, merchants, and consumer groups regarding the Data Security Act of 2015. The bipartisan bill introduced to Congress as H.R. 2205 by Representatives Randy Neugebauer and John Carney on May 1st, 2015 explicitly states two purposes: “to establish strong and uniform national data security and breach notification standards for electronic data” and “to expressly preempt any related State laws in order to provide the Federal Trade commission with authority to enforce such standards for entities covered under this Act.”

On February 12th, a day before the White House held a cybersecurity summit at Stanford University, President Obama signed an Executive Order to “encourage and promote sharing of cybersecurity threat information within the private sector and between the private sector and government.”

A couple weeks ago, we covered the initial hearing held by the House Subcommittee on Commerce, Manufacturing, and Trade entitled “What are the Elements of Sound Data Breach Legislation?” The Senate is pursuing a similar path and plan to propose their own version of data breach notification legislation, which started with a hearing on February 5th initiated by the Senate Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security.

In the first step toward federal data breach legislation, the House Subcommittee on Commerce, Manufacturing, and Trade held a hearing on Tuesday entitled “What are the Elements of Sound Data Breach Legislation?” Testimony was heard by CompTIA, Acxiom, The Retail Industry Leaders Association and the Cumberland School of Law in the first of what we can assume will be many steps to drive toward a single national breach notification requirement.

During a speech at the Federal Trade Commission on Monday, President Obama outlined his plans on attacking several cybersecurity issues, including a legislative proposal to help protect the millions of Americans whose personal information has been compromised as a result of a data breach.