Known as the Plastic Card Security Act, the Minnesota law was passed largely in response to the massive data breach at TJX Companies when card issuers were required to reissue millions of debit and credit cards. The Minnesota law prohibits anyone conducting business in Minnesota from storing sensitive information from credit and debit cards after the transaction has been authorized. The law also makes noncompliant entities liable for financial institutions costs related to cancelling and replacing credit cards compromised in a security breach. As a result, any business that is breached and is found to have been storing “prohibited” cardholder data (e.g., magnetic stripe, CCV codes, tracking data, etc.) are required to reimburse banks and other entities for costs associated with blocking and reissuing cards. This law also opens up the business to the potential of private lawsuits. This law applies to any “person or entity conducting business in Minnesota” that accepts credit cards, debit cards, stored value cards, or similar cards issued by financial institutions. Failure to comply with the law may result in the reimbursement to the card-issuing financial institutions for the “costs of reasonable actions” to both protect its cardholders’ information and to continue to provide services to its cardholders after the breach. Costs may be related to the notification, cancellation and reissuance, closing and reopening of accounts, stop payments, and refunds for unauthorized transactions. The financial institution may also bring an action itself to recover the costs of damages it pays to cardholders resulting from the breach. Target and other businesses hit with massive data security breach incidents are likely to see this law used by credit card companies trying to recover the costs incurred to replace credit cards of affected customers. The full text of the Plastic Card Security Act appears below. 325E.64 ACCESS DEVICES; BREACH OF SECURITY. Subdivision 1. Definitions. (a) For purposes of this section, the terms defined in this subdivision have the meanings given them.
105
Made with FlippingBook - Online Brochure Maker