Data Breach Could Test Massachusetts Law

Gunkerty Jeb writes "The Massachusetts Attorney General has been notified that financial data on 1,800 residents was exposed in a database breach linked to the CitySights NY sightseeing firm. Could this be the test case for enforcement of the State's nine month-old data privacy law? The leak of financial information on more than 100,000 customers of the CitySights sightseeing tour company could prove to be an early test of the nation's strongest data privacy law."

Re:Violation of Payment Card Industry regulations?

[PatPending]

Not law but:

Penalties for Non-compliance

25. Are there fines associated with non-compliance of the PCI Data Security Standards?

Yes. Visa, MasterCard, and Discover Network may impose fines on their member banking institutions when merchants do not comply with PCI Data Security Standards. You are contractually obligated to indemnify and reimburse us, as your acquirer, for such fines. Please note such fines could be significant.

26. Are there fines if cardholder data is compromised?

Yes. If cardholder data that you are responsible for is compromised, you may be subject to the following liabilities and fines associated with non-compliance:

• Potential fines of up to $500,000 (in the discretion of Visa, MasterCard, Discover Network or other card companies).
• All fraud losses incurred from the use of the compromised account numbers from the date of compromise forward.
• Cost of re-issuing cards associated with the compromise.
• Cost of any additional fraud prevention/detection activities required by the card associations (i.e. a forensic audit) or costs incurred by credit card issuers associated with the compromise (i.e. additional monitoring of system for fraudulent activity).

Source: https://www.wellsfargo.com/biz/help/merchant/faqs/pci#Q25

Re:Violation of Payment Card Industry regulations?

[PatPending]

The credit card merchant services provides a hash value that is subsequently used. You may store the expiration date and last four digits.