PCI Compliance

Arnall Golden Gregory LLP provides the full spectrum of representation and counseling for compliance with the Payment Card Industry Data Security Standard (PCI-DSS). The PCI-DSS is a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain secure environments. We have significant experience advising clients on development of proactive programs and policies to ensure compliance with PCI-DSS, and representing clients in connection with PCI-DSS audits and breach investigations by payment card brands and acquirers as well as the U.S. Federal Trade Commission. We also have represented clients in litigation involving liability assessments by payment networks against merchants for PCI data breach losses, including what is believed to be the first such case to address a merchant’s challenge that such assessments constitute unenforceable “penalties” under applicable law. In re Golden Restaurants, Inc., Adv. No. 11-04024-rfn (Bankr. N.D. Tex. June 13, 2012).

Through our partnership with the Venza Group, we provide content for PCI-DSS compliance training modules. In addition, we help our clients manage PCI-DSS and other information security risks in a business-sensitive manner that appropriately reflects the clients’ business operations and goals. Our experience in this area includes (i) successfully representing a large, publicly traded retailer with more than 3,500 outlets across the U.S. in connection with a security breach, investigation and disciplinary procedure initiated by payment card brands, and related investigation by the U.S. Federal Trade Commission; (ii) advising e-commerce websites in connection with investigations by payment card issuers; and (iii) counseling retailers on effective PCI-DSS compliance policies and procedures.

Our PCI-DSS compliance clients include companies in the retail, electronic commerce, and hospitality industries.