The recent data breaches have every bank, retailer and credit card company running around pointing fingers at who’s to blame. Who’s at fault for the billions in cardholder data losses, fraudulent transactions, shaken consumer confidence, and lost trust in the U.S. payment system.
If the California legislature has its way – retailers will own the liability for data breaches. The legislature is voting on a new law that would make retailers liable for damages that customers incur as a result of these breaches – and would shift the liability from banks and credit card companies to retailers. Imagine no longer calling your credit company to dispute a charge made on your card as a result of a hack, but calling the retailer where the hack took place?
And if this bill is passed in CA, it could set a new standard for how retailers deal with security breaches in other states as well.
One thing is for certain, retailers need to figure out a better way to secure their point of sale systems. If the Target, Neiman and Michael’s breaches weren’t a big enough wake-up call, consider that 55% of small businesses in the U.S. have copped to one data breach, and 53% of those 55% have said yes, we’ve had more than one data breach. Fraudsters don’t care about the size of the company they are hacking – a PAN is a PAN to them, and the easier they can get it, the better.
We heard encouraging news at the beginning of March when MasterCard and Visa announced the launch of a cross-industry effort to accelerate payment security, including advancing EMV migration and promoting tokenization and point-to-point encryption. As the first, and to date the only, U.S. based company offering a PCI-validated P2PE solution, we are very encouraged to finally see industry leaders talking about P2PE as part of the payment security solution.
But the question on our minds is when does this “security” happen – maybe after the next breach, or perhaps the breach after that? How many hacks will it take for a change in payments security to be made? Until we stop talking about all of this and put a plan of action in place? Or perhaps we just wait for the U.S. legislature to do it for us.
Bluefin Chief of Product Innovation Ruston Miles will be at ETA Transact 14 this week. Drop us a line if you want to meet up and learn more about our PCI-validated P2PE solution and how it protects the POS.