GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

Light alleviating a dark decline


Industry Update

Legislative outlook: Interchange bills less likely than ID fraud rules

First Data's composite security system - a game changer?

TSYS, FNBO enter joint venture

Trade Association News


GS Advisory Board:
Positive economic signs and actions - Part 1

Online banking in Canada:
What happens next?

Joseph Iuso
UseMyServices Inc.

Research Rundown

Selling Prepaid

Prepaid in brief

Win-win scenarios abound at Prepaid Expo


Are banks losing grip on payments?

Patti Murphy
The Takoma Group

Dial or smile

Justin Milmeister
Elite Merchant Solutions

Payments industry issues:
First quarter 2010

Brandes Elitch
CrossCheck Inc.


Street SmartsSM:
Parting thoughts for readers

Jon Perry and Vanessa Lang
Merchant Services Inc., Texas

Police warn of new skimming devices

Nicholas Cucci
Network Merchants Inc.

Ripples on the mobile Web

Dale S. Laszig
Castles Technology Co. Ltd.

Digging into PCI - Part 9:
Restrict physical access to cardholder data

Tim Cranny
Panoptic Security Inc.

Company Profile

Retail Decisions Inc.

New Products

A mobile payments bundle

MerchantWARE Mobile
Company: Merchant Warehouse

Statistical analysis of prepaid

The Stats Tool
Company: Stanton Consultancy Ltd.


Unleash the power of networking



Resource Guide


A Bigger Thing

The Green Sheet Online Edition

March 22, 2010  •  Issue 10:03:02

previous next

Legislative outlook: Interchange bills less likely than ID fraud rules

The legislative outlook for payment acquiring is mixed. In issues related to data security, the industry has emerged as a role model of sorts, with lawmakers taking a cue from the Payment Card Industry (PCI) Data Security Standard (DSS). Meanwhile, the debate over interchange has resurfaced amid rumors that at least one ranking Democrat in the U.S. Congress is considering new legislation.

The Specter of interchange legislation

The National Association of Convenience Stores reported in its member bulletin that Sen. Arlen Specter, D-Pa., plans to pursue interchange legislation similar to a bill introduced in the House of Representatives in 2009 by Rep. Peter Welch, D-Vt. A spokeswoman for the Senator said an interchange bill is under consideration, but no formal decision has been made.

That Welch bill, H.R. 2382, the Credit Card Interchange Fees Act, addresses the permissibility of discounts for cash payments and the honor all cards rules. It has been stuck in the House Banking Committee since its introduction, and in February, Rep. Barney Frank, D-Mass., Chairman of the Banking Committee, said publicly that he had no plans to move interchange legislation through the committee this year.

Sen. Specter is no stranger to the issue of interchange. In May 2008, commenting in response to a General Accountability Office report on interchange, he suggested "remedial legislation" might be necessary if banks and merchants can't come terms over interchange.

New Massachusetts ID theft law

Meanwhile, with identity fraud reaching unprecedented levels, lawmakers appear to be taking a cue from payment companies and implementing data security rules that closely resemble the PCI DSS.

The latest example is Massachusetts, where new data security regulations that took effect March 1, 2010, mandate that every company with customers in the state have plans in place to protect the private information of these customers from identity thieves. Security measures prescribed by the new regulations include data encryption, employee training and a written plan that details how data will be protected from theft or loss.

The state's chief consumer affairs advocate said the new law was prompted by a recent surge in identity thefts involving residents of the state. "In two years, over one million pieces of information belonging to Massachusetts residents were lost or stolen," said Barbara Anthony, Undersecretary of State for Consumer Affairs and Business Regulation. "What these regulations do is create a culture of security."

"This is leading-edge legislation," said Eduard Goodman, Chief Privacy officer at Identity Theft 911, a Scottsdale, Ariz., firm specializing in identity management and data breach remediation services. From a lawyer's perspective, it helps to have laws like these on the books when aggrieved parties are seeking damage awards, Goodman added.

Codification of best practices

The new Massachusetts law follows a Nevada law that became effective Jan. 1, 2010. That law codifies the PCI DSS, making it a violation of state law for any company accepting credit cards in Nevada not to be in compliance with the PCI DSS. Nevada companies that don't accept card payments, but otherwise collect customer data, are required under the new law to encrypt all stored and transmitted customer information.

"What we're seeing is a basic codification of security best practices 101," Goodman said. Goodman believes that, taken together, the Massachusetts and Nevada laws are a big deal - as momentous as the first state data breach notification statute enacted by California in 2002. Today, all but a handful of states have similar data breach notification laws in place.

Goodman described this first batch of data security legislation as useful but "reactive." The trend set into motion by Massachusetts and Nevada is all about "prescriptive security," he noted. "I think it's a game changer," he said of the new Massachusetts law. "This is not the last state that will pass something like this. This is a nonpartisan issue."

ID theft concerns

The Federal Trade Commission reported last month that identity theft topped the list of consumer complaints to the agency's offices last year. About one in five of the 1.3 million complaints received involved identity frauds, the FTC said. Shortly, FTC Chairman Jon Leibowitz and Illinois Attorney General Lisa Madigan are slated to announce a major federal-state initiative to combat identity fraud.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Board Studios