Merchants Respond to Erroneous Claims by Banks

The fight over who pays for data breaches continues as NACS voices concerns about false statements made by banker's group.

December 30, 2014

WASHINGTON – The ongoing debate between retailers and banks over who foots the bill and bears the responsibility following a data breach is heating up as 2014 comes to a close.

Yesterday, NACS joined retail groups including the Food Marketing Institute, Retail Industry Leaders Association, National Retail Federation, and the National restaurant Association, to send a letter clarifying what the groups call a misleading survey from the Independent Community Bankers of America (ICBA), which alleged that banks are shelling out millions of dollars because retailers can’t secure their networks.

Throughout much of the year, and with little legal framework and even less governmental guidance, retailers and banks have debated who is at fault in the wake of an attack. According to an article in The Hill this week, retailers argue they are victims of malicious attacks, are rapidly improving their security and are calling on banks to quickly adopt chip-enabled credit cards, a more secure technology than the current magnetic strip. Banks counter that they are moving toward chip technology, but that it can’t protect against the poor security standards at retailers.

The ICBA survey, released Dec. 18, said community banks had to reissue nearly 7.5 million credit and debit cards at a cost of $90 million in the wake of the massive Home Depot data breach, which exposed 56 million customers’ payment card information, continuing to advocate that the cost of a data breach should be borne by the retailer who was affected.

The letter signed by NACS and fellow merchant groups argues that the ICBA survey and accompanying statements, contained inaccuracies and misrepresentations. “ICBA cannot simply dismiss data breaches as a retail problem and refuse to recognize the risk to financial institutions — to do so would be a disservice to your members,” the groups said in the letter, pointing out that retailers bear equal or greater costs after a data breach, according to a 2013 Federal Reserve study of debit card fraud.

The retailers also called out ICBA on not committing to chip-and-PIN cards. Banks have pledged to move by October 2015 to at least chip-and-signature cards, which still has the microchip encryption, but is backed up by a more fallible signature. “The added security provided when each customer is given a unique personal identification number or PIN has already been shown to make debit card transactions 700 percent safer,” the groups said.

NACS Day on the Hill

March 10-12, 2025
Washington, DC

Join your colleagues in Washington DC to magnify our industry’s voice on Capitol Hill as we meet with lawmakers whose work can have a very real impact on you and your business.

View All Events

Explore Cool New Products