The Target data breach has affected millions of consumers by compromising their credit and debit cards, once again raising the issue of a retailer’s responsibility in securing sensitive information for card transactions at their stores. How many millions of cardholders have to be harmed by financial data breaches before Congress enacts legislation to hold merchants accountable?
A data breach might be embarrassing for the merchant involved, but keep in mind that they still get paid! Consumers and financial institutions, on the other hand, bear significant burdens and costs. For compromised consumers, information and identities can be stolen, fraudulent account charges can occur, credit scores can be damaged, and enormous amounts of time can be spent on dealing with the issue.
When a security breach occurs, card-issuing financial institutions incur significant costs — canceling and reissuing cards, freezing payments and closing accounts, monitoring card usage, handling customer inquiries and reimbursing fraudulent charges for customers – most of which are absorbed even if the losses were incurred through no fault of the bank.
It’s time that Congress acts to improve the safety and security of consumer card transactions by holding retailers accountable for breaches that occur on the retail side of a transaction:
• Require merchants to disclose in a timely manner any security breach to their customers and the public. In the cases of Target, Schnucks and others, they waited weeks to notify the media and affected customers.
• Financial institutions are required to meet rigid privacy and security standards for safeguarding personal financial information. Merchants should be held to these same high standards.
• Merchants should be held accountable to customers and to card issuers for the costs and losses they incur from the merchant’s own negligence.
• A uniform, national standard governing how merchants respond and handle data breaches should be enacted to ensure that consumer protections are applied consistently to retailers across state lines.
We think consumers have the right to have their financial and personally identifiable information protected by all parties involved — don’t you?
Linda Koch, president and CEO of Illinois Bankers Association