By Cameron G. Shilling (originally published 11/23/2015)
As published in the Union Leader (9/14/2015)
Q. More and more of my customers are paying with credit cards that have chips in them. Do I need a chip-based credit card reader?
A. Credit card companies – not retailers or consumers – have historically absorbed the liability for fraudulent credit card transactions. That will change on October 1, 2015. If your business does not use EMV equipped card readers to process credit cards that utilize the new chip technology, then your business – not the credit card company – will be liable for fraudulent transactions.
The credit card industry in the United States has been transitioning for the last several years to cards that utilize embedded chips, in addition to the older magnet strip technology. The reason is that the vast majority of credit card fraud occurs from the “skimming” of numbers from “swiping” a card’s magnet strip through a card reader. Target, Home Depot, and TJX are just a few examples of such recent breaches affecting hundreds of millions of consumers.
Retailers outside of the United States started many years ago transitioning to chip technology, which is called “EMV.” Outside of this country, about 70% of all credit card readers employ EMV technology, compared to the relatively negligible adoption of EMV domestically. As a result, the approximately $10 billion of annual domestic credit card fraud accounts for nearly half of global fraudulent credit card transactions, even though only about one quarter of all credit card transactions worldwide occur in the United States.
On October 1, 2015, there will be a change to the rules that major credit card companies apply to retailers and other credit card processors. If fraudulent transactions occur using cards with chips, and the retailers/processors did not use EMV equipped card readers, then the retailers/processors – not the credit card companies – are liable for the fraudulent transactions. By contrast, if a retailer/processor uses an EMV reader to process a chip equipped card, the credit card company is liable. Also, credit card companies remain liable for fraudulent transactions using credit cards equipped only with a magnet strip and not the chip technology.
Because about 40% of credit cards in the United States presently have embedded chips, domestic retailers and credit card processors face significant potential liability for fraudulent transactions. As a result, if your business processes credit card transactions, you should promptly convert to EMV enabled credit card readers.
By Cameron G. Shilling (originally published 10/17/2011)
A new decision has emerged prohibiting companies from adopting and enforcing policies that impact employees’ use of social media.
We recently posted a three part blog
discussing the role the National Labor Relations Board (NLRB) has adopted with respect to scrutinizing and invalidating policies
that expressly or impliedly apply to employees’ use of social media, and protecting employees from discipline or discharge
based on content they post to social media sites. Before our keyboard had cooled, however, an Administrative Law Judge (ALJ) issued another such decision in Karl Knauz Motors, Inc. d/b/a Knauz BMW
. The Karl Knauz
case underscores the points made in our prior blogs, and will serve to further bolster the NLRB’s self-appointed role as protector of social media freedom. Continue reading
By Cameron G. Shilling (originally published 10/7/2011)
Activity is concerted if it is “engaged in with or on the authority of other employees, and not solely by and on behalf of the employee himself.” This includes individual action if the employee “seeks to initiate, induce or prepare for group action” or raises “group complaints to the attention of management.” In fact, a mere “conversation may constitute concerted activity, even though it involves only a speaker and a listener,” as long as “it had some relation to group action in the interest of employees,
” according to National Labor Relations Board (NLRB) in Meyers Industries, Inc.
The nature and breadth of this definition has significance to social media, which frequently involves on-line conversations about work between employees who are social media “friends.” Continue reading
By Cameron G. Shilling (originally published 10/5/2011)
The “mere maintenance” of a policy or practice that tends to chill employees’ exercise of their right to engage in concerted activity violates the National Labor Relations Act (Act),
according to the National Labor Relations Board (NLRB) in Lafayette Park Hotel
. Thus, if the policy or practice “explicitly restricts activities protected” by the Act, it is unlawful. In addition, as the NLRB found in Lutheran Heritage
, even if the policy or practice does not do so, it still is unlawful if any one of the following is true:
- Employees would reasonably construe the policy or practice to restrict or prohibit concerted activity.
- The policy or practice was promulgated in response to union activity.
- The policy or practice is applied to restrict protected concerted activity.
By Cameron G. Shilling (originally published 10/3/2011)
New and exciting developments are a hallmark of the social media revolution. The least expected of these developments, however, is that social media would be regulated by the National Labor Relations Board (NLRB).
Over the past few years, the NLRB has reviewed more than 130 social media cases, filed numerous complaints against businesses, issued several decisions, and published a report summarizing its position. Is the NLRB’s activity justified and helpful, or an unwarranted hindrance? The courts have not resolved that issue yet. Until then, businesses should beware not to unwittingly stumble into these legal problems. Continue reading
By Cameron G. Shilling (originally published 10/3/2011)
The leader of McLane’s Privacy and Data Security Group, Cam Shilling, has been identified and interviewed as a “Thought Leader” with respect to Data Privacy by Beagle Research Group, LLC. You can read the interview at http://www.beagleresearch.com/
Beagle Research Group, LLC is a market research and consulting firm focusing on front office business processes and white collar productivity. The company is led by Denis Pombriant, who is a well-known analyst and thought leader in the CRM space. Denis writes for CRM Magazine, Destination CRM, Search CRM, and CRM Buyer, conducts research in emerging areas of front office technology and business, and consults regularly to many of the leading companies in CRM.
By Cameron G. Shilling (originally published 9/26/2011)
The United States Department of Health and Human Services issued a proposed rule that expands the rights of patients to access test results directly from clinical labs covered by HIPAA. The rule would amend the regulations under the Clinical Laboratory Improvement Amendments of 1988 (CLIA) to require that, upon a patient’s request, the lab must provide access to completed test reports concerning the patient. The proposed rule was published on September 14, 2011, and has a 60 day comment period.
By Cameron G. Shilling (originally published 5/27/2011)
The American Bar Association has published in its Journal of Employment and Labor Relations Law an article I recently wrote analyzing the U.S. Supreme Court’s decision in Quon v. City of Ontario. The following is the opening passage from the District Court’s decision, and foreshadows the potential significance of this case with regard to data privacy issues.
By Cameron G. Shilling (originally published 5/20/2011)
The ECPA prohibits the interception of an electronic communication when it is in transit from sender to recipient. The SCA prohibits the unauthorized access or disclosure of electronic communications stored on certain computer systems.