CONTINUE TO SITE »
or wait 15 seconds

Blog

More regulation isn't the answer to breach losses

July 10, 2013 by Kevin Christensen — Vice President, Audit, SHAZAM

Data breaches have become somewhat of a fact of life for those of us in the payments field. For financial institutions, unfortunately, these breaches have also become a cost of doing business.

As BankInfoSecurity editor Tracy Kitten recently wrote in an editorial, FIs "rarely recover the financial losses they suffer after cards are exposed … "

At least one FI association is taking action — specifically on behalf of credit unions — to reduce these losses by holding merchants responsible for breaches. But is this really the best approach? (Absolutely not, according to a heated response to Kitten's editorial.)

If the federal government takes hold of this and agrees to hold retailers responsible for the financial consequences of leaks or breaches in their systems, there has to be a regulatory body to enforce the new regulations. Today, no such likely agency exists.

What's more, merchants in many cases will not be able to afford the consequences, as often these breaches result in millions of dollars in losses.

Can Walmart afford this? You bet. But what about the regional craft store targeted by a sophisticated international crime ring? Not likely. In cases of small-retailer breaches, the victimized FI would still be left holding the bag.

If the group battling for this legislation wants to create meaningful change that would truly help the country's community FIs, they should set their sights less on senators and congressmen and more on the executives running the major card networks.

Getting the Visas and MasterCards of the world to change their operating rules (those that hold FIs responsible), would make an actual difference.

Only then would an FI be able to contractually hold a merchant more liable. If the merchant is unable to pay, then the sponsor FI would cause these acquiring FIs to take a much harder look at who they onboard.

It's easy to understand why an FI association would target the federal government instead of the major card networks. Too often for many networks, acceptance trumps security. Persuading them to take action that may ultimately reduce the number of merchants capable of accepting card payments would be a pretty tough sell for an FI association.

And, if FI leaders truly consider their cardholders, do they really want fewer places for them to be able to transact? Probably not.

About Kevin Christensen

None

Connect with Kevin:

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf
Recent Posts
Eurasian Bank selects Diebold Nixdorf's self-service software
Replacing the ATM: Pros and cons of new vs. remanufactured
Romanian man arrested for alleged cash trapping ATM scheme
First National Bank to open 30 branches
U.S. Bank resumes crypto custody services


©2025 Networld Media Group, LLC. All rights reserved.
b'S2-NEW'