Information on Merchant Accounts,
Ecommerce and Credit Card Processing

 

May 18th, 2007 by Jamie Estep

Texas businesses liable for data security breaches, Jan 09

Filed in: Fraud, Industry News | 3 comments

I’m a few days behind on this one. I completely forgot to write about it last week, but the PCI and Data Security Compliance Blog reminded me when I saw it in my feed reader.

Last week, Texas legislation passed a bill that makes businesses liable for any monetary expenses resulting from data security breaches of their company. The data that is specifically covered under this is credit card or other magnetic or chip stored information, and personally sensitive information. The bill also states that businesses must safeguard sensitive information and that they must take action if a data security breach is discovered.

Businesses will be responsible for any costs that a financial institution incurs when they have to replace customer’s cards that may have been compromised as well as repay the financial institution’s legal fees. More importantly, the business is completely liable for any refunded transactions that the bank has to make to the customer (This is the first time that I have ever seen a bill, law, or regulation that takes chargeback liability from the business that actually accepted the card.) Also one of the only logical regulations I have seen regarding the payment processing industry.

The bill does not specify how the data must be stored, so any business that keeps copies of sensitive data, either in an electronic database, or on paper, is subject to this bill. Also, businesses that are PCI compliant are protected.

This is an extremely important bill and I imagine that many states are likely to follow suit. In my opinion the most significant part of this bill is placing liability on the business where the breach occurred. Realistically, this could be a very positive change for online businesses and others that are subject to stolen card fraud. I’m not sure if there is a measurable percentage of fraud that occurs from breaches, but if there is it could definitely help take the load off businesses being hit with this type of fraud.

Texas BILL HB03222E (text document)
Actual Texas BILL HB03222E

Other blogs about this law:
Texas first state to make PCI law – pcianswers.com
PCI Codified into Texas law (nearly) – pcidss.wordpress.com
The Law of PCI – blog.ncircle.com
PCI Takes A Twist – blog.loglogic.com

3 Responses to “Texas businesses liable for data security breaches, Jan 09”

  1. October 29, 2007 at 6:06 pm

    They should be held accountable.. it was their responsibility

  2. January 10, 2009 at 2:55 pm

    Sorry for the comment on an old post, but it should be noted that this Texas bill never became law. It passed the House, but died in committee when it got to the Senate.

  3. January 12, 2009 at 9:20 am

    Thanks for the update on the status of this.

 

Merchant Equipment Store
5316 W Highway 290, Ste 130
Austin, Texas 78735
800.369.5802
info@merchantequip.com

Customer Service Ask a Question
About Us
Contact Us
Privacy and Store Policies

Tools and Calculators Credit Card Logos
Simple Fee Calculator
Advanced Fee Calculator
Lease Cost Calculator
Voided Check Creator

Need Some Help? Information Center
Merchant Account FAQ's
Compare Popular Terminals
Credit Card Machines
Recommended Services

Copyright © 2014 The Merchant Account Blog, all rights reserved. Theme design by Jamie Estep.

.
CALCULATING...