Archives: Financial Services

Subscribe to Financial Services RSS Feed

Just Around the Corner – HIPAA Audits for Business Associates


Financial organizations that are business associates can expect a wave of HIPAA desk audits to evaluate the HIPAA compliance efforts of business associates.  These audits have a limited focus and are conducted by the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR).  For business associates, desk audits will target breacContinue Reading

Cybersecurity Response to Recent Wholesale Payment Systems Breaches

In February 2016, hackers stole $81 million from the Bangladesh central bank by sending fraudulent messages through the Society for Worldwide Interbank Financial Telecommunication (SWIFT) messaging system.

Three months later, hackers attempted to steal over $1 million from a commercial bank in Vietnam using a similar method. Since then, almost a doz… Continue Reading

Advisory Alert: NYC Ban on Use of Credit Checks in Employment Decisions Moves to Mayor’s Office for Signature


On April 16, 2015, the New York City Council voted overwhelmingly to amend the city’s Human Rights Law to prohibit employers from using an individual’s consumer credit history to make employment decisions. While the bill contains certain exceptions for positions requiring heightened levels of security, the proposed law will affect most employers … Continue Reading

Webinar: Re-Identification Risks for Credit Card Data

Credit Card wo gold

Join us March 10 at 1PM EST (10AM PST) for Re-identification Risks for Credit Card Data,featuring DWT payments team members Christin McMeley and Brian Hurh as well as Khaled El Emam, Founder and CEO of Privacy Analytics.

An article was published recently in Science magazine claiming that it is “easy” to re-identify credit card transaction … Continue Reading

Latest PCI Standards Pushes Toward Risk Management


In today’s Compliance Week, Christopher Avery discussed the latest PCI Data Security Standard (PCI-DSS).

“There are a still a large number of organizations that look at PCI DSS as just a compliance obligation with point-in-time assessments,” says Christopher Avery, a data security expert with the law firm Davis Wright Tremaine. “That’s not Continue Reading

Legal Departments: Are You Ready for The New PCI DSS Requirements?

Chip Pin

Starting Jan. 1, 2015, the Payment Card Industry Data Security Standard (PCI DSS) Version 3.0 (click-through agreement required) will replace Version 2.0.  The PCI DSS is a set of requirements developed by the four major credit card networks and is designed to enhance the security of credit card transactions and cardholder data.  The PCI DSS requir… Continue Reading

FACTA Class Actions

In the July 2014 issues of The Review of Banking & Financial Services, DWT payments team members Burt Braverman and Micah Ratner wrote about the truncation requirement of FACTA, which has spawned a wave of class action litigation with potentially ruinous damages for “willful” violations. The authors describe the court rulings in these cases a… Continue Reading

Federal Financial Institutions Examination Council Launches Cybersecurity Webpage and Begins Cybersecurity Assessments

For cyber criminals, banks are especially tempting targets – not only because banks are where the money is, but also because of the vast amount of proprietary information banks have about their customers.” Thomas J. Curry, Comptroller of the Currency

In comments before the Risk Management Association’s Governance, Compliance, and Operation… Continue Reading

Genesco Wins One, Loses One in Its Case Challenging PCI DSS Fines and Assessments

On November 25, 2013, Chief Judge William Haynes filed the latest order in Genesco v. Visa, Civ. No. 3:13-cv-00202 (M.D. Tenn.). In his one-line order, Judge Haynes denied Genesco’s motion for partial summary judgment “without prejudice to renew after a reasonable period of discovery.” Genesco, Nashville-based retailer with 2,440 stores in the … Continue Reading

Dealing with Networks and Regulatory Compliance: The Legal Side of Mobile Retail

On April 16, 2013, DWT lawyers James Mann and Ronnie London presented on the topic of “Dealing with Networks and Regulatory Compliance: The Legal Side of Mobile Retail” at the RAMP Advanced Commerce and Mobile Retail Services Summit in Chicago.

The presentation focused primarily on two topics:

  • Why the Networks Are Here to Stay (and Some Sugge
Continue Reading

FTC Data Security Consent Decree Suggests Minimum Steps Companies Must Take

The FTC recently announced a consent decree with online retailer Life is good ( that offers insight into what that agency may believe are the bare minimum steps companies must take when making the kind of generic we-protect-the-information-you-give-us statements found in most privacy policies. The FTC claimed Life is good offered … Continue Reading

California Governor Vetoes Proposed Law Imposing Stronger Data Protection Requirements

Posted by Charlene Brownlee

California Governor Arnold Schwarzenegger vetoed AB 779 — legislation that would have amended California’s data security breach legislation to impose stronger data protection requirements than the Payment Card Industry Data Security Standard

AB 779 would have prohibited businesses that sell goods or servi… Continue Reading

SAR Forms Revised

Posted by Peter Mucklestone

The Financial Crimes Enforcement Network (FinCEN) has revised the forms of Suspicious Activity Report (SAR). Certain financial companies are required to file SARs with the Treasury Department to report suspicious activity relevant to possible violations of law or regulations. The new forms should not be used … Continue Reading