adam's notes

Minnesota’s Plastic Card Security Act (2007)

  • the first state law that attempted to codify certain parts of the PCI DSS
  • forbids businesses from storing cardholder information for more than 48 hours after the credit card transaction is approved
    • Info that cannot be stored includes:
      • Card verification number
      • PIN number
      • Contents of the card magnetic stripe
  • PCI DSS also states that businesses may not retain this information
  • The law shifts the cost of a breach to a business that violates the law
    • business can be held responsible for costs related to the breach
    • E.g., a bank can sue the business to recover their costs in responding to the breach
      • issuing new cards or refunding unauthorized charges
    • Banks and credit unions pushed for this law because they were tired of having to pay costs for other businesses breaches

Graph View

Backlinks