April 2, 2010

Legal Alert - PCI Compliance

Dear Brokers,

By now, most business owners all know about the importance of being PCI compliant and the cost of a breach should a merchant fail to protect our customers� credit card data. You may remember all the media attention that surrounded the TJ Maxx/Marshalls data breach back in 2007, where an estimated 94 million records were affected and TJX Companies, the parent company of TJ Maxx and Marshalls, ended up paying a total of $9.75 million to 41 state attorneys general, $13.5 million to settle consolidated class-action lawsuits, and an additional estimated $40.9 million to VISA.[1] A data breach can be costly and time-consuming to your business, not only to fix but also to notify your customers that a breach has occurred (a requirement in nearly 75% of all states) as well as pay for damages, legal costs, and court fees.

If you think you can get away with telling your customers and vendors that you are PCI compliant when in fact you aren't, think again. In June of 2005, CardSystems Solutions, a credit card processing company based out of Tucson, Arizona, exposed over 40 million card accounts due to a security breach. In 2006, CardSystems settled charges made by the Federal Trade Commission. But then later, the same breach reared its ugly head again. In 2009, one of the banks whose customers' card account information was affected launched a multi-million dollar lawsuit against the compliance auditor for erroneously telling the bank that CardSystems complied with credit card security regulations less than a year before the breach. It was found that hackers were able to access the data because CardSystems failed to follow the security regulations. [2]

Conclusion: You as a merchant should take responsibility for protecting your customers' data. To find out more about PCI Compliance, you can refer to the PCI Compliance Guide, found at http://www.pcicomplianceguide.org/pcifaqs.php.

[1] Retrieved March 31, 2010 from http://datalossdb.org/incidents/548-hack-exposes-94-million-credit-card-numbers-and-transaction-details.

[2] Retrieved March 31, 2010 from http://www.privacyrights.org/ar/ChronDataBreaches.htm#2.

If you need more information or would like to contact the Better Ticketing Association, you may do so via email.

Broker Survey: Currently, we are conducting a first-ever survey of ticket resale brokers involved in the secondary market. Your input is vital to ensuring that an industry profile can be developed. Please take the time to fill out the survey--you could even win an iPod Shuffle!

The survey can be found on the Better Ticketing Association website or by clicking here.

Disclaimer: The Better Ticket Association is a TicketNetwork-sponsored organization. The contents of this newsletter should not be interpreted as legal advice, and are for information only. TicketNetwork recommends you speak with your lawyer and/or accountant for any and all legal guidance and recommendations.