ENDNOTES

1. Verizon, “2019 Data Breach Investigations Report,” 2019. https://enterprise.verizon.com/resources/reports/dbir/ (accessed April 29, 2020).

2. Secureworks, “A Famous Data Security Breach & PCI Case Study: Four Years Later,” October 25, 2012. https://www.secureworks.com/blog/general-pci-compliance-data-security-case-study-heartland (accessed April 29, 2020).

3. Ponemon Institute, “The Cost of Cybercrime,” 2019. https://www.accenture.com/_acnmedia/pdf-96/accenture-2019-cost-of-cybercrime-study-final.pdf#zoom=50 (accessed April 29, 2020).

4. National Bank Act (1864), 13 Stat. 99 (1864), current version at U.S. Code Vol. 12.

5. Fair Credit Reporting Act (1970), U.S. Code Vol. 15, sec. 1681, et seq.

6. U.S. Code Vol. 31, sec. 5312.

7. Bank Secrecy Act (1970), Pub. L. No. 91-508, 84 Stat. 1114 to 1124, codified as amended in scattered sections throughout U.S. Code Vols. 12, 15, and 31.

8. Gramm-Leach-Bliley Act (1999), Title V of the Financial Services Modernization Act of 1999, Pub. L. No. 106-102, 113 Stat. 1338, codified at U.S. Code Vol. 15, sec. 6801, et seq.

9. U.S. Code Vol. 12, sec. 1843(k)(4).

10. American Bankers Association, “Digital Banking Infographic,” November 12, 2019. https://www.aba.com/news-research/research-analysis/digital-banking (accessed April 29, 2020).

11. Federal Reserve Act (1913), Pub. L. No 63-43, 38 Stat. 251, codified as amended throughout U.S. Code Vol. 12.

12. CNN, “America’s Economy Just Had Its Worst Quarter Since 2008,” April 29, 2020. https://www.cnn.com/2020/04/29/economy/us-economy-downturn-coronavirus/index.html (accessed April 29, 2020).

13. Board of Governors of the Federal Reserve System, “Structure of the Federal Reserve System,” March 3, 2017. https://www.federalreserve.gov/aboutthefed/structure-federal-reserve-system.htm (accessed April 29, 2020).

14. Banking Act of 1933 (also called the Glass-Stegall Act), Pub. L. No. 73-66, 48 Stat. 162, codified as amended throughout U.S. Code Vol. 12.

15. Federal Deposit Insurance Corporation, “Who Is the FDIC?” May 3, 2017. https://www.fdic.gov/about/learn/symbol/index.html (accessed April 29, 2020).

16. Federal Credit Union Act (1934), U.S. Code Vol. 12, sec. 1751, et seq.

17. National Credit Union Association, “About NCUA,” Undated. https://www.ncua.gov/about-ncua (accessed April 29, 2020).

18. Office of the Comptroller of the Currency, “Who We Are,” Undated. https://www.occ.treas.gov/about/who-we-are/index-who-we-are.html (accessed April 29, 2020).

19. Financial Institutions Regulatory and Interest Rate Control Act (1978), Pub. L. No. 95-630, 92 Stat. 3641, codified as amended in scattered sections of U.S. Code.

20. U.S. Code Vol. 12, sec. 3305.

21. Federal Financial Institutions Examination Council, “Annual Report 2019,” March 30, 2020. https://www.ffiec.gov/PDF/annrpt19.pdf (accessed April 29, 2020).

22. Consumer Financial Protection Bureau, “Creating the Consumer Bureau,” Undated. https://www.consumerfinance.gov/about-us/the-bureau/creatingthebureau/ (accessed April 29, 2020).

23. Federal Trade Commission Act (1914), U.S. Code Vol. 15, sec. 41–58.

24. U.S. Code Vol. 15, sec. 46(a).

25. U.S. Code Vol. 15, sec. 45(a)(1).

26. Federal Trade Commission, “About the FTC,” Undated. https://www.ftc.gov/about-ftc (accessed April 29, 2020).

27. Federal Trade Commission, “Federal Trade Commission, Consumer Financial Protection Bureau Pledge to Work Together to Protect Consumers,” January 23, 2012. https://www.ftc.gov/news-events/press-releases/2012/01/federal-trade-commission-consumer-financial-protection-bureau (accessed April 29, 2020).

28. Gramm-Leach-Bliley Act (1999), Title V of the Financial Services Modernization Act of 1999, Pub. L. No. 106-102, 113 Stat. 1338, codified at U.S. Code Vol. 15, sec. 6801, et seq.

29. U.S. Code Vol. 12, sec. 1843(k)(4).

30. U.S. Code Vol. 15, sec. 6801(a).

31. U.S. Code Vol. 15, sec. 6809.

32. U.S. Code Vol. 15, sec. 6801–6803.

33. Dodd-Frank Wall Street Reform and Consumer Protection Act (2010), Pub. L. No. 111–203, 124 Stat. 1376–2223, codified as amended in scattered sections throughout U.S. Code Vols. 12 and 15.

34. Code of Federal Regulations, Title 12, sec. 1016.

35. U.S. Code Vol. 15, sec. 6809.

36. U.S. Code Vol. 15, sec. 6803.

37. U.S. Code Vol. 15, sec. 6802.

38. Privacy Rights Clearinghouse, “Oversight Hearing on Financial Privacy and the Gramm-Leach-Bliley Financial Services Modernization Act: Testimony for U.S. Senate Committee on Banking, Housing and Urban Affairs,” September 20, 2002. https://privacyrights.org/resources/oversight-hearing-financial-privacy-and-gramm-leach-bliley-financial-services (accessed April 29, 2020).

39. Code of Federal Regulations, Title 16, sec. 313.

40. U.S. Code Vol. 15, sec. 6801(b).

41. U.S. Code Vol. 15, sec. 6805(b)(2).

42. Standards for Insuring the Security Confidentiality, Integrity and Protection of Customer Records and Information (“Safeguards Rule”), Code of Federal Regulations, Title 16, sec. 314.

43. U.S. Code Vol. 15, sec. 6821.

44. Fair and Accurate Credit Transaction Act of 2003 (FACTA), Pub L. No. 108-159, 117 Stat. 1952, made amendments to the Fair Credit Reporting Act of 1970.

45. Code of Federal Regulations, Title 16, sec. 681.1, Appendix A.

46. Federal Register 72, No. 217 at 63,719, background information.

47. Code of Federal Regulations, Title 16, sec. 681.1(b)(9).

48. U.S. Code Vol. 15, sec. 1681a(r)(5).

49. Code of Federal Regulations, Title 16, sec. 681.1(b)(3)(i).

50. Red Flag Program Clarification Act of 2010, 15 U.S.C. 1681m(e)(4), Pub. L. No. 111-319, 124 Stat. 3457 (Dec. 18, 2010).

51. Code of Federal Regulations, Title 16, sec. 681.1, Appendix A.

52. American Bankers Association, “Credit Card Monitor,” February 2020. https://www.aba.com/-/media/documents/reports-and-surveys/2019-q3-credit-card-monitor.pdf?rev=9c1664304c9149a8a08e6d146791126f (accessed April 29, 2020).

53. PCI Security Standards Council, “About Us,” Undated. https://www.pcisecuritystandards.org/about_us/ (accessed April 29, 2020).

54. PCI Security Standards Council, “PCI Data Security Standard, v 3.2.1,” May 2018. https://www.pcisecuritystandards.org/document_library (accessed April 29, 2020).

55. VISA, “PCI Compliance Helps Keep You and Your Customers Safe,” Undated. https://usa.visa.com/support/small-business/security-compliance.html (accessed April 29, 2020).

56. Mastercard, “What Merchants Need to Know About Securing Transactions,” Undated. https://www.mastercard.ca/en-ca/merchants/safety-security/security-recommendations/merchants-need-to-know.html (accessed April 29, 2020).

57. VISA, “Information Security,” Undated. https://cw.visa.com/run-your-business/small-business/information-security/compliance-validation.html (accessed April 29, 2020).

58. PCI Security Standards Council, “PCI Data Security Standard, v 3.2.1,” May 2018. https://www.pcisecuritystandards.org/document_library (accessed April 29, 2020).

59. VISA, “What to Do if Compromised,” October 1, 2019. https://usa.visa.com/dam/VCOM/download/merchants/cisp-what-to-do-if-compromised.pdf (accessed April 29, 2020).

60. Target Corporation, “Target Confirms Unauthorized Access to Payment Card Data in U.S. Stores,” December 19, 2013. https://corporate.target.com/press/releases/2013/12/target-confirms-unauthorized-access-to-payment-car (accessed April 29, 2020).

61. Target Corporation, “Target Provides Update on Data Breach and Financial Performance,” January 10, 2014. https://corporate.target.com/press/releases/2014/01/target-provides-update-on-data-breach-and-financia (accessed April 29, 2020).