Home      Login

Abstract: 

Banks and other card issuers are fighting to recover losses stemming from merchant data breaches that have resulted in the release of millions of payment card records. The fight hasn’t always been easy, especially when the card issuer has no direct contractual relationship with the data breach victim, and the applicable statutes may not provide card issuers with a right of action. This article first reviews the prevalent payment card system’s data chain of custody and the data security regulations applicable to custodians in the chain, and then examines various recent claims that have been asserted by card issuers in cases brought to recover damages.

Keywords: data breach; cyber security; card issuer; payment card records; data custodian; class action

Affiliations:  1: McGlinchey Stafford, PLLC.