Protecting Banks from Retailers' Data Breaches
State Representative Michael Costello has introduced a bill in the Massachusetts legislature which would make retailers whose information systems are compromised reimburse banks for costs associated with cancelling and reissuing customers' accounts and credit cards. House Bill 213 would make a commercial entity which suffers a data breach liable to a bank for the "costs of reasonable actions undertaken by the bank on behalf of customers of the bank as a direct result of an actual breach of data security...." Types of costs covered include:
- cancelling and reissuing a credit card
- closing accounts and blocking transactions
- opening of new accounts
- refunding unauthorized transactions
The Wall Street Journal reports that similar legislation at the federal level is possible:
Massachusetts Rep. Barney Frank, chairman of the House Financial Services Committee, said yesterday that he believes Congress also will pursue data-security legislation that would require the entity responsible for a breach to bear the costs incurred from customer notification and card reissuance. He also favors a "national trigger" for notification about such a breach.Rep. Frank wrote to Visa and MasterCard in February 2006 complaining that the responsibility for notifying consumers that their financial information may have been compromised fell to banks rather than the retailers who lost the confidential data.
2 comments:
It's not as if the retailers aren't already taking a major hit in all of this (remember who gets hit with the chargeback -- It's not VISA).
When does the day come when the credit card companies take some responsibility for how easily anybody can 'authenticate' into their systems by the obtaining of very simple (and widely dispersed) data? This problem could be quashed quite quickly if it weren't so darned easy to get at the system in the first place.
People should read this.
Post a Comment