Who can put a stop to data breaches?

As more and more data breaches occur, every participant in the U.S. payment system must equally share the responsibility and liability associated with these events. Retailers, card networks, processors, and banks must work hand-in-hand and on a level playing field in order to protect consumers. It’s time to target those who are truly responsible for data breaches: the criminals stealing credit and debit card information.

After a breach, the refrain from retailers is “consumers will not be responsible for any fraudulent charges to their accounts.” While that is absolutely true, retailers aren’t responsible for those fraudulent charges either. It is the banks in Wisconsin and across the nation that shield their customers from the financial harm caused by data breaches. It is as simple as this: When a breach occurs, banks bear the brunt of the costs so their customers won’t have to.

Industry experts can’t determine the extent of the harm to consumers and banks from the Home Depot data breach yet, but we only have to look back at Target’s recent data breach for a glimpse of how bad it could be. That particular data breach resulted in 40 million compromised credit and debit cards, and financial institutions eventually replaced an estimated 21.8 million cards. Not taking into account the cost incurred by fraudulent activity on those cards (which the bank protected consumers from), the toll to the financial industry was $200 million. Home Depot’s breach impacted 56 million cards and will undoubtedly have a worse effect on everyone involved.

Banks dedicate hundreds of millions of dollars annually to data security while adhering to strict regulatory requirements. It’s time for retailers to step up their efforts just as banks, card networks, and processors have in keeping consumers safe. Criminals are becoming increasingly smart and sophisticated in their approach to stealing credit and debit card data. The only way to protect consumers and stop these offenders is for the entire payment systems industry to focus on prevention rather than simply react after the fact.



There is also a cost of time and effort to consumers after a data breach. They need to make arrangements for alternative payment methods until their new cards arrive. They have to pore through records to determine which automatic payments and other transactions are linked to the compromised card number and ensure that their bills and other financial obligations continue to be met without incurring penalties or late fees. While banks can help them through these particular steps, that doesn’t solve the problem or help any of us avoid being victims of this growing, deplorable trend.

It’s time retailers start bearing more of the responsibility, including financial liability, for data breaches. It is past time for congressional leaders to pass legislation holding all users of the U.S. payment system to the same level of responsibility and accountability. The first step toward a meaningful solution to cybercrime is retailers, banks, card networks, and payment processors working as a united front, a barrier between consumers and criminals.

Rose Oswald Poels is the president and CEO of the Wisconsin Bankers Association.

Click here to sign up for the free IB ezine — your twice-weekly resource for local business news, analysis, voices, and the names you need to know. If you are not already a subscriber to In Business magazine, be sure to sign up for our monthly print edition here.