WASHINGTON -- The ongoing debate between retailers and banks over who foots the bill and bears the responsibility following a data breach is heating up as 2014 comes to a close, according to a NACS report.
This week, NACS joined retail groups including the Food Marketing Institute, Retail Industry Leaders Association, National Retail Federation and the National Restaurant Association to send a letter clarifying what the groups call a misleading survey from the Independent Community Bankers of America (ICBA), which alleged that banks are shelling out millions of dollars because retailers can’t secure their networks.
Throughout much of the year, and with little legal framework and even less governmental guidance, retailers and banks have debated who is at fault in the wake of an attack. According to an article in The Hill this week, retailers argue they are victims of malicious attacks, are rapidly improving their security and are calling on banks to quickly adopt chip-enabled credit cards, a more secure technology than the current magnetic strip. Banks counter that they are moving toward chip technology, but that it can’t protect against the poor security standards at retailers.
The ICBA survey, released Dec. 18, said community banks had to reissue nearly 7.5 million credit and debit cards at a cost of $90 million in the wake of the massive Home Depot data breach, which exposed 56 million customers’ payment card information, continuing to advocate that the cost of a data breach should be borne by the retailer who was affected.
The letter signed by NACS and fellow merchant groups argues that the ICBA survey and accompanying statements contained inaccuracies and misrepresentations. “ICBA cannot simply dismiss data breaches as a retail problem and refuse to recognize the risk to financial institutions—to do so would be a disservice to your members,” the groups said in the letter, pointing out that retailers bear equal or greater costs after a data breach, according to a 2013 Federal Reserve study of debit card fraud.
The retailers also called out ICBA on not committing to chip-and-PIN cards. Banks have pledged to move by October 2015 to at least chip-and-signature cards, which still has the microchip encryption but is backed up by a more fallible signature. “The added security provided when each customer is given a unique personal identification number or PIN has already been shown to make debit-card transactions 700 percent safer,” the groups said.
Click here to read the complete letter.
Members help make our journalism possible. Become a CSP member today and unlock exclusive benefits, including unlimited access to all of our content. Sign up here.