The duking out between banks and retailers was launched this past December when a credit card data breach occurred to an estimated 110 customers of a big retail store.
Is the retailer responsible? Should the credit card issuers or banks take the brunt of preventive action? What about the consumer? Lawmakers are trying to figure out what can be done to keep the consumer’s data safe from hackers.
The 110 million breach aside, the generality is that the big tripod (banks, retailers, credit card issuers) doesn’t seem to grasp the concept of shared responsibility when it comes to protecting consumers’ data.
James Reuter of the American Bankers Association points out that banks tend to take the brunt of the responsibility with data breaches, way more than what banks are even accountable for. Banks “are making customers whole,” he says.
Meanwhile, retailers are all banding together saying that the customers have zero liability. Retailers know that the banks will swoop in and bear much more financial burden than they’re actually responsible for.
Reuter believes whichever entity—be it a retailer, card company or even bank—is responsible for hacking due to lame protection strategies, should take full responsibility.
Banks really want retailers to step up to the plate too. Forty-six states already have standards for businesses to inform customers of data breaches. However, banks would like a federal standard. Senators Tom Carper and Roy Blunt have introduced such a bill.
After a breach may be too late:
The customers of the breached retailer in December didn’t just have their credit card numbers taken, but other data such as e-mail addresses and phone numbers. Once hackers have these, they have more tools with which to drum up identity theft schemes—something they can’t do with just a credit card number.
Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.