Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive
150x172_CUEffect.jpg
Contacts
LISA MCCUEVICE PRESIDENT OF COMMUNICATIONS
EDITOR-IN-CHIEF
MICHELLE WILLITSManaging Editor
RON JOOSSASSISTANT EDITOR
ALEX MCVEIGHSTAFF NEWSWRITER
TOM SAKASHSTAFF NEWSWRITER

News Now

CU System
Gartner Will be hard to get grocer to pay breach costs
FRAMINGHAM, Mass. (3/31/08)--Credit unions and banks will have a difficult time getting Hannaford Bros. to pay their breach-related costs if the grocery chain was compliant with the Payment Card Industry (PCI) Data Security Standard when the breach occurred. If that's the case, Hannaford has a safe harbor under PCI and will not be required to reimburse banks and credit unions for the costs they incur in replacing cards, notifying member/customers, and for fraud, Avivah Litan, an analyst for research firm Gartner Inc., told Computerworld (March 27). Hannaford says it was recertified as compliant with PCI in February and had been similarly certified last year. PCI refers to 12 security controls that merchants accepting payment-card transactions must follow. If they don't they are fined by Visa, MasterCard, and other major card companies. Litan said that under the rules, if a company is noncompliant and suffers a breach, it faces both potential fines and reimbursements to credit unions and banks of their breach-related costs, including actual fraud losses. The fines and reimbursement costs are not collected directly from the merchant but through that merchant's acquiring bank, which authorizes the merchant, such as Hannaford or TJX Cos., to accept the transactions. It is these banks that are directly responsible for ensuring that merchants are PCI-compliant, Litan said. Under PCI rules, the acquiring bank can't take the reimbursement problem back to the retailer. Computerworld noted that reimbursement is a sticky point for credit unions and banks. It mentioned that several credit union leagues lobbied state governments to pass laws that would make retailers responsible for the costs of a breach, and that only Minnesota has passed such a law. Although credit unions and banks--and consumers--may not have recourse under PCI rules, they still can file lawsuits, the article said. The Hannaford breach, which compromised 4.2 million cards in New England, New York and Florida, was discovered Feb. 27 and made public March 17. It affects transactions at grocery stores from Dec. 7 to March 10. So far about 2,000 actual incidents of fraud have been reported, said Hannaford.
Other Resources

RSS





print
News Now LiveWire
Maine credit unions put Food Mobile on the road to relieving hunger in rural areas http://t.co/R0xpt6BAZE
13 hours ago
.@TheNCUA's Matz: PALS should be exempt from Military Lending Act proposal #NewsNow http://t.co/Vy9uNhOIEr
13 hours ago
#NewsNow Iowa loan growth 3 times national bank rate http://t.co/fUvudPLg5d
16 hours ago
.@ICBA tallies its Home Depot data breach costs: $90M, 7.5M cards http://t.co/iJgRDC2AKZ
17 hours ago
.@icul's Jury elected treasurer of @WOCCU exec committee http://t.co/HEF1UChN8f
18 hours ago