In the Know

Payments Ecosystem Risks
The payments ecosystem environment is dynamic. So, too, is the legal landscape and risks facing the payments industry. Because of data breaches by hackers and increased government oversight by the Department of Justice, the Federal Trade Commission, and the Consumer Financial Protection Bureau, processors and independent sales organizations (ISOs) must be proactive in limiting liability exposure and prepared to react in the face of legal challenges. Edward Marshall, co-chair of the Payment Systems Practice at AGG, discusses these issues in the following videos and articles.

Related Videos

  • The government is targeting banks, payment card processors, and ISOs because of the misconduct of merchants. Arnall Golden Gregory partner Edward Marshall advises taking three steps in light of the prospect of a government inquiry: Review and strengthen risk management policies, create a good data management program, and have in place a strong legal defense team.
  • The consequences of a government investigation can be devastating. A company in the payment systems chain can be held liable for the entirety of the damages caused by the merchant’s misdeeds. The government also can take over key decision-making at a company, and both receiverships and criminal penalties are possible. Arnall Golden Gregory partner Edward Marshall says counsel should be alerted immediately so a company knows how to be cooperate with a government investigation without surrendering its rights.
  • Hackers are becoming much better at what they do, leading to fraud on a massive scale. The payment processor is particularly vulnerable to costly liability assessments because of its relationship with the merchant whose information was compromised. The payment industry’s safeguards include cards with EMV chip technology, but effectiveness of those cards is limited, cautions Arnall Golden Gregory partner Edward Marshall.
  • Responding to a data breach is a fulltime job that involves multiple legal obligations and managing public relations. There are 48 different state laws that dictate what a business must do in the event of a data breach. A breach may also attract the attention of the Federal Trade Commission. Arnall Golden Gregory partner Edward Marshall explains that a response to a breach should be not only reactive, but proactive, too.