Who Benefits from the changes, and How it will affect the Retailers and Customers

Credit card surcharge was the bone of contention in an antitrust lawsuit filed 2005. As a result, the judgment in this case, which came in mid-2012, prohibited credit card surcharge in ten States. The implementation of their respective laws is underway in another 12 States.

Credit card regulations have traditionally opposed surcharging. Yet, companies have been devising ways by which they have sidestepped merchant rules and have continued to ensure that credit card surcharge gets levied. A kind of cat and mouse game is currently being witnessed, with State laws continuing to override networks merchant rules and companies looking out for ways to skirt the laws.

The issue of credit card surcharging in the US

The reason for which credit card surcharge is an issue for businesses is that it is the last link in the payment chain. A business that makes use of this facility incurs this expense at the rate set out by the authorities. It can be understood as a checkout fee that gets added to every consumer’s shopping bill whenever a credit card is used to make payments for the purchases made at the business. Businesses are not willing to bear this expense, and naturally, like to pass it on to the consumer.

What the court judgment of 2012 did was to permit charging of credit card surcharge for certain card transactions from January 2013. This judgment brought about a change in not only merchant processing transactions but also of credit card usage. The settlement it directed makes it mandatory for businesses that levy the credit card surcharge to follow requirements relating to consumer disclosure and to set limits on the amounts for which the surcharge is collected.

In addition, those businesses that accept credit cards to receive payments should also notify Visa and their acquirer of their decision to charge credit card surcharge a month before they begin to levy the surcharge. These rules vary from State to State, and the business is free to choose the brands of its outlet for which it wants to keep the credit card surcharge.

Total clarity on the issue

Sorting out the various confusions and misunderstandings pertaining to the credit card surcharge issue is the purpose of a webinar that Compliance4All, a leading provider of professional trainings for all the areas of regulatory compliance, is organizing. The speaker at this session, Ray Graber, a highly experienced professional in the payment industry, who brings deep and profound understanding of the way banking and finance converge with technology, will clarify the issues relating to this topic at this webinar.

In order to have your issues relating to credit card surcharging cleared, please visit payment methods like checks and cash to register for this webinar.

Clarity on all aspects of credit card surcharging

The aim of this webinar is to clear the muddle that has resulted from the changes in the rules. The speaker will explain who benefits from the changes, and how these changes are going to affect the retailers and customers. The adverse consequences of an uninformed reaction to surcharging by end-user organizations will be explained. Ray will emphasize the importance of first looking at the big picture of credit card surcharging, as end-users should also educate suppliers about the economics of card acceptance, explaining to them the savings possible and other benefits.

Business logic dictates that suppliers should not be adding a surcharge when they are reaping the rewards. Ray will explain how they might overlook the benefits of card acceptance, as well as the cost of other payment methods like checks and cash.

At this webinar, Ray will cover the following areas:

o  What changed in the rules?

o  Why did it change?

o  What rules apply to surcharge?

o  Survey results

o  Who may benefit?

o  Will this change anything?

o  Summary.

This learning session will offer benefit to every level of employee who works in the credit card industry, such as financial officers, small business owners, corporate risk officers, internal auditors, operational risk managers, credit card program administrators, CPA’s and attorneys and legal staff.

For more Interesting topics

Advertisements

What You Need To Know For Validated Systems?

Instances of cyberattacks that lead to disruption of service, data theft or compromise and even ransomware are making the news headlines of late with alarming frequency. Cyberattacks are carried out because computer systems used in highly regulated companies house very sensitive and valuable information.

Data relating to valuable electronic submissions, clinical information, medical device design control records, legal information, and other such information are usually placed in these systems, which is what makes them targets of cyberattacks. Cyber attackers have become so sophisticated and emboldened in recent times that they have not even spared the White House.

Computer Systems Validation has a major role

Companies that hold vital information should ask themselves many questions on this topic. Some of these include: Will my company able to cope with a breach of one of our validated systems? How secure is the information we have stored in the cloud? Are we conducting adequate due diligence on our cloud provider?

Even as the dependence on the cloud, by which life sciences companies are increasingly implementing and deploying systems in a cloud environment goes up; the procedures and controls to effectively manage and protect their validated systems environments is somewhat inadequate.

In the current situation of higher and stronger attacks on computer systems unaided by solid safety and security guarantees; Computer Systems Validation (CSV) has a critical role to play. Validation engineers need to take a serious relook at testing strategies. They must look at systems that provide objective evidence that computer systems have the requisite technologies, processes, and practices designed to protect networks, computers, programs, and data from attack, damage, or unauthorized access.

There is an acute need for validation engineers to be more vigilant in today’s systems environment that is sometimes hostile, in order to detect and prevent cybersecurity issues before they become real problems. Proper and diligent CSV goes a long way in helping to ensure that this happens.

Valuable learning on lean validation 

The ways of doing this will be the learning a valuable webinar from Compliance4All, a leading provider of professional trainings for all the areas of regulatory compliance. Valarie King-Bailey, who is the CEO of OnShore Technology Group, an independent Chicago-based consultancy founded in 2004 specializing in Independent Validation and Verification (IV&V) services and solutions; will be the speaker at this webinar.

Please enroll for this webinar by visiting concept of Cybersecurity Qualification

Full aspects of cybersecurity

The regulatory, legal, compliance and business risks associated with the threat of cybersecurity constitute the core of this webinar. It will address the unique threat of cyberattacks on validated systems environments and discuss how to mitigate and protect validated systems.

As validation engineers continue to conduct IQ, OQ, PQ, CyQ testing must be added as a defense against cyberattacks to validate computer systems.  Valerie will discuss the NIST Cybersecurity framework and how it can be applied to validated computer systems. She will also discuss a new level of qualification for validated computer systems known as Cybersecurity Qualification (CyQ), a concept she will introduce at this webinar.

Being organized for the benefit of enterprise and validation professionals such as validation engineer, validation project manager or software quality engineer, and IT Managers, Directors, VPs, Chief Information Officers, Quality Assurance/Quality Control Managers, Validation Engineers, Validation Project Managers and Program/Project Managers; this webinar will cover the following areas:

o  The Cyber Threat Megatrends: What You Need to Know for Validated Systems

o  Understanding Cybersecurity Regulatory Guidance and Standards

o  Cybersecurity Qualification: The NEXT Frontier

o  Automated Testing in the Cloud

o  Top 20 Critical Security Controls for Validated Systems

o  Cloud Security Technology Maturity

o  Cloud Quality Assurance & Governance

o  The Changing State of Computer Systems Validation in a Cyber World

o  Understanding the NIST Cybersecurity Framework for Validated Systems.

Here to continue further How to mitigate and protect validated systems

Many UK SMBs don’t invest in security solutions

A third of UK small businesses are risking their online safety by operating at or below the “security poverty line,” according to new research from Duo Security.

The cybersecurity company partnered with YouGov to survey 1,0009 senior decision makers across the UK to determine how much they are spending on cybersecurity and whether government initiatives such as Cyber Essentials and Cyber Risk Aware have been effective at protecting SMBs from cyber threats.

The survey found that 38 percent of small businesses had spent nothing at all to protect themselves from cybersecurity threats this year and 30 percent of respondents said that less than three percent of their overall budget was allocated for cybersecurity.

Duo Security’s survey also revealed that 36 percent of UK small businesses are operating at or below the security poverty line and are close to being unable to effectively protect their organization from cybersecurity threats. Despite this though, 45 percent of those surveyed do not consider themselves to be possible targets for hackers.

For depth Article http://snip.ly/pcmfy

U.S. asks China not to enforce cyber security law

GENEVA (Reuters) – The United States has asked China not to implement its new cyber security law over concerns it could damage global trade in services, a U.S. document published by the World Trade Organization showed on Tuesday.

China ushered in a tough new cyber security law in June, following years of fierce debate around the move that many foreign business groups fear will hit their ability to operate in the country.

The law requires local and overseas firms to submit to security checks and store user data within the country.

The United States, in a document submitted for debate at the WTO Services Council, said if China’s new rules enter into full force in their current form, as expected by the end of 2018, they could impact cross-border services supplied through a commercial presence abroad.

“China’s measures would disrupt, deter, and in many cases, prohibit cross-border transfers of information that are routine in the ordinary course of business,” it said.

“The United States has been communicating these concerns directly to high level officials and relevant authorities in China,” the U.S. document said, adding it wanted to raise awareness among WTO members about the potential impact on trade.

“We request that China refrain from issuing or implementing final measures until such concerns are addressed.”

China’s Ambassador to the WTO Zhang Xiangchen spoke on Tuesday at a WTO conference panel on trade protectionism, which he said was an underestimated problem that was causing a crisis at the WTO.

For more to Continue http://snip.ly/ixxzt

Which leads to fines in the millions of dollars per intrusion

Developments in the area of medical device software –i.e., the software that is put to use in medical devices –have been taking place at such a torrid pace that regulatory agencies such as the FDA have been unable to keep pace with them. Almost invariably, every development in medical device software brings about a new level of complexity.

Also, the classification of the device is another factor the FDA and other regulatory agencies have had to contend with: Different regulations have to be made depending on whether the software in medical devices is to be classified as a device itself, is used to alter the performance of the device, or is used for computing values. The inability of the regulatory agencies to catch up with the speed of developments in the medical device software arena has had the agency scurrying for quick solutions.

Among these are its decision to integrate the current provisions of voluntary standards developed by the National Institute of Standards and Technology (NIST), which it considers as a useful guidance for medical software professionals and voluntary information sharing organizations to meet cybersecurity challenges into its regulatory oversight. The onus of being knowledgeable about FDA regulations thus rests on firms that design and market software.

Learning on all the aspects of medical device cybersecurity

A formal learning session that examines this complex relationship is being organized by Compliance4All, a leading provider of professional trainings for all the areas of regulatory compliance. The speaker at this webinar is Casper Uldriks, ex-FDA Expert and former Associate, Center Director of CDRH. Participants who wish to gain clarity on these aspects of medical device cybersecurity can register for this webinar by visiting National Institute of Standards and Technology

The speaker at this webinar will seek to help participants identify the FDA’s fundamental premarket and postmarket requirements that involve software. When medical device companies go to the FDA for approval to market their product; they need to be very well informed about everything that the FDA states and requires in this regard, because, as we have examined, the burden of design factors requires well informed considerations about how medical device manufacturers protect their product’s software and how they outsmart increasingly sophisticated cyber attackers.

All-round plans

At the same time, device manufacturers also need to be totally compliant with the regulatory options and responsibilities lie with them when a cybersecurity problem is located in their device. Their responsibilities include plans about how to recover and publicly disclose cyberattacks, especially when private medical records are involved. Not getting this right leads to fines that run into millions of dollars for every breach.

So, their cybersecurity efforts should be inclusive of important factors such as these among others:

o  Design planning

o  Postmarket vigilance

o  Training for employees

o  An action plan for managing an attack.

Learning on the factors to consider

Casper will help participants identify these basic considerations at this webinar. He will explain the kind of device cybersecurity programs that protect and foster the performance of device based software or standalone software that device manufacturers need to instill in order to assure the safe use of the device. Such programs need to use the FDA’s premarket and postmarket information requirements when entering and staying in the market.

This session is of very high value to professionals who deal with some or another form of medical device software and its marketing. This includes those in Regulatory Affairs, Quality Assurance, Software Design Engineers, Manufacturing, the Complaint Department, Hospital Risk Department, and those who market their own labels.

Casper will cover the following areas at this webinar:

o  FDA’s Cybersecurity Premarket Design Information

o  FDA’s Postmarket Controls

o  Voluntary Controls

o  Cybersecurity Training

o  Recovery Plans.

cGMP Data Integrity is of Critical Importance

Of late, the FDA has been turning on the heat on manufacturers in the FDA-regulated industries that violate its regulations. It has a penchant for going after manufacturing facilities that show laxity in implementing current Good Manufacturing Practices (cGMP). This ardor is understandable. cGMP violations affect the quality of the product; hence the strictness, considering that it is patients who consume these products.

internal_audit_pichet_1524848489489

There are ways of ensuring that the product meets the acute scientific requirements set out for it at all stages, from the beginning till the end. Data integrity is the most important of these. As the term suggests, data integrity is the assurance that there is complete accuracy, security, reliability and completeness of the records relating to the product and its processes.

Data integrity comes about by tightening cGMP requirements

In the FDA’s line of thinking, the way of ensuring uncompromising quality of a product is by tightening its laws on cGMP and implementing them. The FDA believes that only extremely stringent actions on its part help manufacturers meet regulatory requirements and give patients the assurance that the products they use meet quality standards.

Among the many mechanisms that the FDA has undertaken towards ensuring this, requirements relating to data integrity rank high. Data integrity is critical to ensure the quality, safety, and efficacy of products in the FDA-regulated industries. These include biologics, pharmaceuticals, life sciences and medical devices, among others.

What happens when there is no data integrity?

Issues relating to data integrity have been high on the list of items that the FDA finds out during its inspections. When companies fail to meet the FDA’s data integrity expectations and requirements; data integrity is compromised. When this happens, many batches of finished goods that do not comply with regulatory authorization terms get manufactured. The FDA prohibits such lots and batches for release for sale.

Lack of data integrity is viewed very seriously by the FDA. It considers this as falsification or breach of data and passes heavy strictures on such companies. It initiates a series of penal actions on such companies after comprehensive investigations show lack of data integrity. These are some of the FDA actions that could accrue from data integrity breach:

Another additional enforcement action that could result from this scenario is carrying out a full risk assessment to establish the potential of the data integrity-deficient drug to cause problems for patients who consume their products. And then, the FDA could also suggest management actions that seek to correct the issues arising out of data integrity breach.

Complete understanding of data integrity

A look at the grave consequences arising out of the inability to meet the FDA’s requirements on data integrity points to the absolute need for organizations in any FDA-regulated industry to get a complete grasp of all aspects of data integrity, which will help it to avoid FDA citations. This learning will be imparted at a valuable webinar that Compliance4All, a leading provider of professional trainings for all the areas of regulatory compliance, is organizing.

Data-Integrity 123486484084

 

Danielle DeLucy, who owns ASA Training and Consulting, LLC which provides Pharmaceutical and Biologics based companies with training and quality systems assistance in order to meet Regulatory compliance, will be the speaker at this webinar. Want to hear from her on how to implement steps for ensuring data integrity? Then, please enroll for this webinar by visiting Management of GMP Data Integrity

Total grasp of cGMP requirements on data integrity

21 CFR Part 11 is only a part of data integrity and security breaches. Data integrity and security breaches can also involve severe cGMP violations. This webinar’s speaker will analyze these and offer information about practices that the participants can review and implement at their own site and identify gaps in their practices. The importance of data integrity in assuring the quality of raw materials, in-process materials and finished goods in the cGMP for FDA-regulated industries will be explained.

These areas will be covered at this webinar:

  • Discover the Criteria for Data Integrity
  • Recognize what needs to be addressed to ensure Data Integrity within a regulated GxP Laboratory
  • Learn about approaches to improve Data Integrity in a Laboratory Environment.

Professionals in the regulated industries, such as Site Quality Operations Managers, Quality Assurance Personnel, Plant Managers and Supervisors, Manufacturing Superintendents and Managers and Regulatory Affairs Managers will find this webinar on implementation and management of cGMP data integrity highly worthwhile.

The GDPR differs Significantly from EC Data Protection Directive 95/ 46

The General Data Protection Regulation (GDPR), which has been codified as Regulation (EU) 2016/679, is a very powerful law regarding the protection of data of the half billion people who live in the European Union (EU). Having come into effect as a result of the European Commission having adapted the proposal for its creation on January 25, 2012; it will replace Directive 95/46/EC, the data protection directive that has been in use in the EU since 1995.

European 023456106501

The GDPR becomes a full-fledged law and is enforceable from 25 May 2018. This is after it goes through a two-year transition period from its adaption date of 27 April 2016.

The GDPR doesn’t require members to endorse it

Just how powerful is this regulation? Well, an idea of its overarching potency can be understood from the fact that it becomes law and will be binding from the date of its enforcement without requiring legislative support from any of the EU members.

Rationale for the creation of the GDPR

The GDPR has been created for the purpose of harmonizing and strengthening all the legislative and secretarial bodies of the EU, namely the European Parliament, the Council of the European Union and the European Commission, and to tighten the various fragmented elements concerning data protection for all individuals within the European Union (EU). The GDPR also governs the export of personal data to regions beyond the EU.

It is being created to serve two important purposes:

  • Equipping EU citizens the power to control their personal data
  • Smoothening the regulatory environment and synchronizing and unifying all regulations concerning data protection regulations across the EU, and lubricating the process of doing global business within the EU.

What benefits does the new legislation offer?

The GDPR has been legislated to offer many advantages:

  • Within the company, Personally Identifiable Information (PII) will be processed with greater ease and clarity
  • The security controls in place till now will be unified and strengthened across all the EU members
  • Its stronger safeguards for data protection inspire greater customer confidence
  • The process of doing business in the EU is now a lot more simplified

What happens when companies fail to comply with the GDPR rules?

The EU mandates strict penalties for companies that fail to comply with the GDPR provisions on data protection provisions on data protection:

  • They have to pay penalties of between two and four percent of their worldwide revenues
  • Fines can go up € 20 million
  • The EU laws can initiate serious and expensive lawsuits
  • All these mean that companies obviously lose face

GDPR 1235416484

These are the reasons for which companies that want to do business in the EU need to have thorough knowledge of this law and the ways in which it applies to them. This is the means to avert the expensive consequences that follow from noncompliance.

 

Proper understanding of the ways in which the GDPR works

Compliance4All, a leading provider of professional trainings for all the areas of regulatory compliance, will be offering a clear and thorough understanding of this new legislation at a webinar that it is organizing. Founder of GO DPO® and the Co-Director of the GDPR Transition Programme at Henley Business School and one of the leading data protection practitioners in Europe, Ardi Kolah, will be the speaker at this session.

Want to understand how Ardi will bring the varied and rich experience he has gained over the years into this very important topic? Then, please register for this webinar by visiting Features including a risk-based approach

Ardi will show how important it is for Data Controllers, Joint Data Controllers and Data Processors to address all the points relating to business continuity, risk and technology if they have to achieve the outcomes expected by the Supervisory Authorities and Industry Regulators. He will explain how to use this knowledge to build deeper trust with customers, clients, supporters and employees and a strong reputation.

The following areas will be covered at this webinar:

  • Difference in scope between Directive 95/46/EC and key data protection principles
  • Expanding the definition of personal data and special personal data
  • Enhanced individual Data Protection Rights
  • Key organisational and Personnel Changes
  • Mandatory personal data Breach Reporting
  • Global personal Data Transfers outside of the EEA and co-operation between Supervisory Authorities
  • New financial Penalties and Sanctions
  • Member State laws and the GDPR.