Enter your email address to receive new posts in your inbox:

Delivered by FeedBurner


Like what you see? Share!

Our Attorneys

Entries in Credit Cards (6)


Financial Institutions...In the News

  • A $1.2 Billion mortgage penalty by a lower court against Bank of America is reversed by a federal appeals court ruling.  (MPBN 5.23.2016)
  • Three parcels of land are being purchase by Bangor Savings Bank in the business park.  (BDN 5.25.2016)
  • TD Bank continues to grow in the United States at a rapid rate.  (National Real Estate 6.3.2016)
  • After several merchant data breaches, Bangor Savings Bank is replacing its customer’s debit cards.  (Mainebiz 6.7.2016)
  • Some Central Maine Healthcare Employees have delay in pay due to computer glitch between payroll and TD Bank.  (Sun Journal  6.16.2016)
  • Credit card holders are on the decline.  (Mainebiz 6.27.2016)

New England Financial Institutions Face Increased Cybersecurity Risks

Noted cyber security blogger and journalist Brian Krebs recently gained an exclusive interview with a New England bank that reported a sharp rise in fraudulent charges on debit cards. The scammers were making purchases on stolen card numbers from plain-old magnetic strip cards but making them look like they were made on EMV (“chip”) cards, although the bank had not yet issued such cards. This “EMV-spoofing” technique had been picked up by Canadian banks earlier this year and traced to Brazil.

“The recent EMV-spoofing cases point to the continued need for fraud detection mechanisms that even small banks and credit unions must implement to protect themselves,” said Ande Smith, a principal at the forensics and data security firm Deer-Brook, with whom Verrill Dana works closely in data breach cases. “During the transition phase, which may take years, the mish-mash of magnetic and chip/pin point-of-sale systems in the US will create opportunities to mask fraudulent activity.”

A recent report by the Federal Financial Institutions Examination Council (FFIEC) supports this call for improved risk management at regional banks and other financial Institutions.  The results of the FFIEC’s 2014 survey of 500 community financial institutions indicate that these institutions have room to improve in terms of employee education and training on cyber risks; improving cybersecurity controls; understanding their vendors’ cybersecurity risks; and establishing incident management procedures, among other things.

Rita Heimes is a privacy and cybersecurity attorney in Verrill Dana’s Intellectual Property & Technology practice group. She and her team help companies with comprehensive information risk management programs including privacy policies, incident response plans, third-party contracts, employee training, and breach response.


Financial Institutions May Now Post Annual Privacy Policies Online

Under the Gramm-Leach-Bliley Act and regulations promulgated by the Bureau of Consumer Financial Protection (Bureau), financial institutions are required to provide customers with an annual disclosure of their privacy policies. The cost of mailing paper copies to consumers is significant. The Bureau therefore promulgated a new rule effective October 28, 2014, that allows financial institutions to post their notices via alternative delivery means, including on their websites, provided certain conditions are met.

Financial institutions can avoid considerable compliance costs by using this alternative notice method.
Among the qualifications: (1) the privacy notice must not trigger any opt-out rights and the institution must have previously provided opt-out notices as required; (2) information included in the privacy notice must not have changed since the prior notice; and (3) the financial institution must use the Bureau’s model form as its annual privacy notice. Other qualifications also apply, including (but not limited to) notification to customers that the privacy policy is located online at least annually through a statement mailed to them.

For more complete information about qualifying for the alternative annual privacy policy delivery option, view the final rule here or contact Verrill Dana’s Banking Law group.


Tips for Merchants and Consumers Facing a Data Breach

The high-profile data breach at Target made international news. But small and midsized businesses face the majority of cyber attacks and are even more likely to have employees mishandle data than large enterprises.

Click to read more ...


CFPB Issues Guidance On Add-On Products In Connection With Its First Enforcement Action

The Consumer Financial Protection Bureau entered into a Consent Order with Capital One Bank on July 18, 2012. The order is the CFPB’s first ever enforcement action and was coordinated with the Office of the Comptroller of the Currency. The enforcement action resulted from an examination of allegedly deceptive marketing practices by call-centers (third-party vendors) that sold credit card add-on products such as credit protection and credit monitoring services on behalf of Capital One. One important aspect of the Consent Order is that it resulted from the practices of a third-party vendor, and not actions directly by Capital One itself. Also on July 18th, the CFPB issued a compliance bulletin providing guidance on the marketing of credit card add-on products. The Bulletin states that institutions should also consider the guidance when offering add-on products in connection with other credit and deposit services.

Click to read more ...