You've been redirected from MobilePaymentsToday.com to PaymentsDive.com. In March 2021, Mobile Payments Today became a part of Payments Dive. For the latest payments news, sign up for the daily newsletter.

Community bankers say retailers should pay for data breaches

Published

Feb. 3, 2014

The costs of reissuing cards to customers after recent data breaches at major retailers should be borne by the party at fault for the breach, according to the Independent Community Bankers of America.

The group today issued a statement for a U.S. Senate Banking Subcommittee on National Security and International Trade and Finance hearing.

After prominent breaches at retailers such as Target and Neiman Marcus, banks are absorbing the costs of reissuing cards, responding to customer concerns and protecting against fraud, the organization said, and those costs can be significant.

"In a wide-scale breach, even a community bank may have to reissue thousands of payment cards," ICBA said in its statement for the record. "Community banks absorb these costs upfront because their primary concern is to accommodate their customers. However, we strongly believe that these costs should ultimately be borne by the party that experiences the breach. This is critical to aligning incentives to maximize data security by all parties that store consumer data."

In its statement, ICBA also noted that financial institutions have been subject to rigorous data-protection standards under the Gramm-Leach-Bliley Act, which have been effective in securing consumer data at financial institutions. To adequately protect consumers and the payments system, all participants in the payments system — including merchants — should be subject to GLBA-like standards, the association said.

Additionally, ICBA noted that community banks already are investing in technologies that will better secure transaction processing and thwart criminals. The sssociation noted that community banks and other financial institutions are migrating to chip-and-PIN technology for debit and credit cards, but that that technology, while helpful, may not have prevented the recent retailer breaches. Further, the group said, chip-and-PIN does not protect against fraud in card-not-present transactions, such as online purchases.

The ICBA statement can be read in full at www.icba.org.

Learn more about regulatory issues and security.