Banks pay price for retailers' data breaches

While news about who perpetrated the data breaches at Target and other retailers continues to trickle in, there is little question about who is paying much of the price for the attack. To protect the tens of millions of consumers whose personal financial information was compromised by the massive assault on retailers, banks and other financial institutions large and small are taking action.

For many financial firms, this is an issue of necessity. Banks are in the business of safeguarding their customers’ accounts. For banks small and large alike, their very survival depends on their customers’ economic well-being. These institutions and the services they provide represent a vital line of defense for Americans whose data may be compromised.

ADVERTISEMENT
As a result, the impact of the security breaches at Target, Neiman Marcus and Michaels is very real for the banks charged with protecting their customers. The intrusion is touching every street of the nation, and banks of all sizes must monitor their customers’ accounts for fraudulent activity and reissue debit and credit cards that are at risk. With the costs of plastic, embossing and encoding, PIN generation, mailers and postage, card activation, new account setup, expanded call center operations and processor fees, the cost to a bank of reissuing cards can reach up to $15 per card.

That adds up quickly for banks, regardless of their size. Already the nation’s banks have proactively reissued 15.3 million cards, according to a Consumer Bankers Association survey.

Clearly, banks of all sizes are paying more than their share to mitigate the damage of the colossal fraud perpetrated against large retailers and are working to ensure the soundness of customer accounts.  That is why we are particularly offended by the retailers’ recent attempts to deflect blame for the attack toward the financial sector. The fact remains that retailers and their processors are responsible for the systems in their stores that process payment cards.

That is why banks believe that parties suffering a data breach should bear responsibility for fraud losses and restitution to affected parties. Whether it is a retailer, data broker, financial institution or other entity, the party that suffers a data breach should be responsible for fraud losses and the costs of mitigation and restitution when consumer information is compromised.

Card security controls such as chip-based technology alone, which retailers say they support, would not have prevented the breach of up to 70 million U.S. consumers’ personal information, according to Target’s estimate. This is precisely why banks and retailers need to work together on solutions for better protection of consumers and not pass along the responsibility of a breach when it occurs. 

That’s also why the banking industry supports a single national standard to replace the patchwork of state laws on data breaches, which has fostered marketplace confusion to the detriment of consumers.

By stepping up, and working to mitigate risks to the sensitive personal information of American consumers, together we—banks and retailers—can help prevent retailer data breaches like the one we are now experiencing from ever happening again.

Fine is president and CEO of the Independent Community Bankers of America, and Hunt is president and CEO of the Consumer Bankers Association.

More in Technology

Critical that Congress pass national data security standards for retailers now

Read more »