Inside: The GC’s role in ensuring compliance in the payment card processing environment

What is the PCI-DSS, who is responsible for it, and what is the GC's role?

In 2013, a number of high-profile data breaches involving major retailers such as Target and Neiman Marcus placed an unwanted spotlight on the vulnerability and insecurity of debit and credit card point of sale (POS) systems. The legacy mag-stripe payment card system, on which so many consumers and merchants rely, is long overdue for improvements that would increase security and decrease vulnerability. Such updates may come in the form of new technologies and emerging payment systems that offer more efficient and secure transaction methods.

While a discussion of alternative or emerging payment systems is beyond the scope of this article, a comprehensive understanding of the current payment card processing system will prove useful, and timely, for the general counsel who wants to take ownership of compliance and risk in this area. To rely on IT alone fails to leverage the value and necessity of a partnership with in-house counsel that would ensure proper compliance, and ignores a significant and potentially expensive risk regarding the management and security of customer data.

Contributing Author

author image

Join the Conversation

Advertisement. Closing in 15 seconds.