When GDPR went into effect in May, it was expected that the European law would touch a lot of U.S. payment companies because of their international scope. Now it's clear that even purely domestic U.S. firms will have to adhere to some version of the data-privacy law.
Hotels have elaborate systems to capture lodging fees and other purchases charged to rooms, but when customers book special events such as weddings or conferences, payment security can be more of a problem.
Under a consent order with Texas and seven other states, the Atlanta-based credit reporting firm agreed to shore up its information security efforts, but it will not have to pay any financial penalties.
Capital One Financial Corp. is limiting how account data flows to outside apps for managing finances, prompting a backlash from the bank’s customers who say they have been locked out of their own information.
Called Mezu, the P2P platform has been live for about a week and uses a location-based code to execute payments, avoiding the need to even share usernames or other identifying information to move money.
A direct correlation between the chip migration and rampant merchant data breaches is hard to prove. But experts say retailers' prioritization of EMV compliance contributed to other payment card security gaps, leading to the current high level of merchant data breaches.
Traditional credit scoring is under siege from alternative underwriting, and TransUnion is joining the future by investing in other emerging trends such as mobile device security and health care payments.
It's a race to the finish line that also affects U.S. companies with European customers. In these final moments, every company must at least show good faith in attempting to follow the law and having procedures and technology in place to do so.