Privacy & Security Law Blog

Privacy & Security Law Blog

Legal Commentary and Resources for the Payment Industry

Insight & Commentary on Information Management and Protection

Category Archives: Financial Services

Subscribe to Financial Services RSS Feed

Cybersecurity Response to Recent Wholesale Payment Systems Breaches

Posted in Financial Services

In February 2016, hackers stole $81 million from the Bangladesh central bank by sending fraudulent messages through the Society for Worldwide Interbank Financial Telecommunication (SWIFT) messaging system.

Three months later, hackers attempted to steal over $1 million from a commercial bank in Vietnam using a similar method. Since then, almost a doz… Continue Reading

Credit Card Data Breaches: Protecting Against Surprises

Posted in Financial Services

For retailers, the costs involved with a credit card data breach go well beyond the immediate needs of retaining a privileged forensic investigator, hiring outside counsel and public relations and crisis management advisors, and notifying customers of the breach and offering credit protection services to them.

DWT PrivSec and Payments team member Cou… Continue Reading

Webinar: How to Improve Data Security in Payment Systems

Posted in Financial Services

How to Improve Data Security in Payment Systems: Changing Risks and Changing Technology for In-House Counsel 

Thursday, March 31st, 2016
12:00 PM EDT

Davis Wright Tremaine presents this audio web cast through Celesq® Attorneys Ed Center in partnership with West LegalEdcenter, a Thomson Reuters business.

With new technology behind how credit card tr… Continue Reading

Cyber Attacks on Financial Institutions Increasing in Frequency and Severity

Posted in Financial Services

Cyber attacks on financial institutions have become so relentless in their frequency and severity, that the Federal Financial Institutions Examination Council (FFIEC) directed banks this past month to enhance their information security programs to better defend against attacks that compromise user credentials and deploy destructive software.

Re… Continue Reading

New York Regulator Finds Substantial Cyber Vulnerabilities in Banking System

Posted in Financial Services

Earlier this month, Benjamin Lawsky, Superintendent of Financial Services for the New York State Department of Financial Services (NYDFS), released a report finding “significant potential” vulnerabilities for cyber theft of banking system information systems due to the banks’ use of less secure third-party vendors. NYDFS conducted a survey … Continue Reading

Advisory Alert: NYC Ban on Use of Credit Checks in Employment Decisions Moves to Mayor’s Office for Signature

Posted in Employment, Financial Services

On April 16, 2015, the New York City Council voted overwhelmingly to amend the city’s Human Rights Law to prohibit employers from using an individual’s consumer credit history to make employment decisions. While the bill contains certain exceptions for positions requiring heightened levels of security, the proposed law will affect most employers … Continue Reading

Legal Departments: New PCI DSS Requirements Mandatory in June

Posted in Financial Services

PCI Council publishes new PCI Data Security Standard Version 3.1 and provides very short time to implement new encryption standards.

The PCI Council just published a new version of the PCI Data Security Standard (PCI DSS).  The new Version 3.1 (agreement required) is available to use immediately and becomes mandatory on June 30, 2015.  If your company… Continue Reading

Webinar: Re-Identification Risks for Credit Card Data

Posted in Data Protection, Financial Services

Join us March 10 at 1PM EST (10AM PST) for Re-identification Risks for Credit Card Data,featuring DWT payments team members Christin McMeley and Brian Hurh as well as Khaled El Emam, Founder and CEO of Privacy Analytics.

An article was published recently in Science magazine claiming that it is “easy” to re-identify credit card transaction … Continue Reading

Latest PCI Standards Pushes Toward Risk Management

Posted in Data Protection, Financial Services

In today’s Compliance Week, Christopher Avery discussed the latest PCI Data Security Standard (PCI-DSS).

“There are a still a large number of organizations that look at PCI DSS as just a compliance obligation with point-in-time assessments,” says Christopher Avery, a data security expert with the law firm Davis Wright Tremaine. “That’s not Continue Reading

Legal Departments: Are You Ready for The New PCI DSS Requirements?

Posted in Data Protection, Financial Services, Technology

Starting Jan. 1, 2015, the Payment Card Industry Data Security Standard (PCI DSS) Version 3.0 (click-through agreement required) will replace Version 2.0.  The PCI DSS is a set of requirements developed by the four major credit card networks and is designed to enhance the security of credit card transactions and cardholder data.  The PCI DSS requir… Continue Reading

FACTA Class Actions

Posted in Financial Services

In the July 2014 issues of The Review of Banking & Financial Services, DWT payments team members Burt Braverman and Micah Ratner wrote about the truncation requirement of FACTA, which has spawned a wave of class action litigation with potentially ruinous damages for “willful” violations. The authors describe the court rulings in these cases a… Continue Reading

Federal Financial Institutions Examination Council Launches Cybersecurity Webpage and Begins Cybersecurity Assessments

Posted in Cyber and National Security, Data Protection, Financial Services, Marketing and Consumer Privacy

For cyber criminals, banks are especially tempting targets – not only because banks are where the money is, but also because of the vast amount of proprietary information banks have about their customers.” Thomas J. Curry, Comptroller of the Currency

In comments before the Risk Management Association’s Governance, Compliance, and Operation… Continue Reading

Genesco Wins One, Loses One in Its Case Challenging PCI DSS Fines and Assessments

Posted in Financial Services

On November 25, 2013, Chief Judge William Haynes filed the latest order in Genesco v. Visa, Civ. No. 3:13-cv-00202 (M.D. Tenn.). In his one-line order, Judge Haynes denied Genesco’s motion for partial summary judgment “without prejudice to renew after a reasonable period of discovery.” Genesco, Nashville-based retailer with 2,440 stores in the … Continue Reading

Dealing with Networks and Regulatory Compliance: The Legal Side of Mobile Retail

Posted in Financial Services, Global, Policy and Regulatory Positioning

On April 16, 2013, DWT lawyers James Mann and Ronnie London presented on the topic of “Dealing with Networks and Regulatory Compliance: The Legal Side of Mobile Retail” at the RAMP Advanced Commerce and Mobile Retail Services Summit in Chicago.

The presentation focused primarily on two topics:

  • Why the Networks Are Here to Stay (and Some Sugge
Continue Reading

FTC Data Security Consent Decree Suggests Minimum Steps Companies Must Take

Posted in Cyber and National Security, Data Protection, Financial Services, Global, Marketing and Consumer Privacy, Policy and Regulatory Positioning

The FTC recently announced a consent decree with online retailer Life is good ( that offers insight into what that agency may believe are the bare minimum steps companies must take when making the kind of generic we-protect-the-information-you-give-us statements found in most privacy policies. The FTC claimed Life is good offered … Continue Reading

California Governor Vetoes Proposed Law Imposing Stronger Data Protection Requirements

Posted in Cyber and National Security, Financial Services, Policy and Regulatory Positioning

Posted by Charlene Brownlee

California Governor Arnold Schwarzenegger vetoed AB 779 — legislation that would have amended California’s data security breach legislation to impose stronger data protection requirements than the Payment Card Industry Data Security Standard

AB 779 would have prohibited businesses that sell goods or servi… Continue Reading

SAR Forms Revised

Posted in Financial Services

Posted by Peter Mucklestone

The Financial Crimes Enforcement Network (FinCEN) has revised the forms of Suspicious Activity Report (SAR). Certain financial companies are required to file SARs with the Treasury Department to report suspicious activity relevant to possible violations of law or regulations. The new forms should not be used … Continue Reading

Fincen Clarifies Independent Review Requirements for MSB AML Programs

Posted in Financial Services

The Department of the Treasury Financial Crimes Enforcement Network (Fincen) recently published Frequently Asked Questions (FAQs) providing guidance for money service businesses (MSBs) in connection with their anti-money laundering (AML) programs. 

Under the Bank Secrecy Act (BSA), MSBs must establish an AML program which sets forth at a min… Continue Reading