Banking Blog

Finance Blogs » Banking Blog » Banks, retailers spar over breach costs

Banks, retailers spar over breach costs

By Marcie Geffner ·
Tuesday, February 18, 2014
Posted: 3 pm ET

Who should pay the costs of helping consumers recover when bad guys break into a corporate computer system and steal their personal financial information?

The question has attracted new scrutiny in the aftermath of data breaches at major retailers during last year's holiday season.

Traditionally, banks have paid for fraud detection, customer service and card cancellation and reissuance. But now, some banks are saying merchants should be financially responsible.

The Independent Community Bankers of America, or ICBA, a trade group in Washington, D.C., recently told a congressional subcommittee that such costs can be significant and should be paid by whoever is at fault.

"We strongly believe that these costs should ultimately be borne by the party that experiences the breach. This is critical to aligning incentives to maximize data security by all parties that store consumer data," the group said in its statement.

Banks are already subject to data-protection standards mandated by the federal Gramm-Leach-Bliley Act, or GLBA. Now they want merchants and payment-processing companies to be subject to similar standards.

"To adequately protect consumers and the payments system, all participants in the payments system -- including merchants -- should be subject to GLBA-like standards," the association said.

Separately, the National Retail Federation, or NRF, said it wants banks to issue more secure credit cards and debit cards with newer technology.

The group sent a letter to Senate Majority Leader Harry Reid, D-Nev., and House Speaker John Boehner, R-Ohio, saying retailers are committed to combating data breaches.

"We strongly recommend the adoption of meaningful steps to fight cybertheft and credit card fraud," NRF President Matthew Shay wrote in the letter.

The NRF said it supports "an immediate transition" to so-called chip-and-PIN cards that store data in a chip and require the use of a personal identification number, or PIN, instead of a signature. These cards are more common in Europe and other parts of the world than they are in the U.S.

"Retailers cannot do this alone," Shay wrote.

Follow me on Twitter: @marciegeff.

Bankrate wants to hear from you and encourages comments. We ask that you stay on topic, respect other people's opinions, and avoid profanity, offensive statements, and illegal content. Please keep in mind that we reserve the right to (but are not obligated to) edit or delete your comments. Please avoid posting private or confidential information, and also keep in mind that anything you post may be disclosed, published, transmitted or reused.

By submitting a post, you agree to be bound by Bankrate's terms of use. Please refer to Bankrate's privacy policy for more information regarding Bankrate's privacy practices.
1 Comment
February 19, 2014 at 7:45 am

the banks are doing ever one in and the gov isn't doing any thing . they are making all the money .if it don't get straiten out real fast ever thing is going to go crazy .people are coming to a point they can't it to much longer