Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CU System
Gartner Will be hard to get grocer to pay breach costs
FRAMINGHAM, Mass. (3/31/08)--Credit unions and banks will have a difficult time getting Hannaford Bros. to pay their breach-related costs if the grocery chain was compliant with the Payment Card Industry (PCI) Data Security Standard when the breach occurred. If that's the case, Hannaford has a safe harbor under PCI and will not be required to reimburse banks and credit unions for the costs they incur in replacing cards, notifying member/customers, and for fraud, Avivah Litan, an analyst for research firm Gartner Inc., told Computerworld (March 27). Hannaford says it was recertified as compliant with PCI in February and had been similarly certified last year. PCI refers to 12 security controls that merchants accepting payment-card transactions must follow. If they don't they are fined by Visa, MasterCard, and other major card companies. Litan said that under the rules, if a company is noncompliant and suffers a breach, it faces both potential fines and reimbursements to credit unions and banks of their breach-related costs, including actual fraud losses. The fines and reimbursement costs are not collected directly from the merchant but through that merchant's acquiring bank, which authorizes the merchant, such as Hannaford or TJX Cos., to accept the transactions. It is these banks that are directly responsible for ensuring that merchants are PCI-compliant, Litan said. Under PCI rules, the acquiring bank can't take the reimbursement problem back to the retailer. Computerworld noted that reimbursement is a sticky point for credit unions and banks. It mentioned that several credit union leagues lobbied state governments to pass laws that would make retailers responsible for the costs of a breach, and that only Minnesota has passed such a law. Although credit unions and banks--and consumers--may not have recourse under PCI rules, they still can file lawsuits, the article said. The Hannaford breach, which compromised 4.2 million cards in New England, New York and Florida, was discovered Feb. 27 and made public March 17. It affects transactions at grocery stores from Dec. 7 to March 10. So far about 2,000 actual incidents of fraud have been reported, said Hannaford.
Other Resources

RSS print
News Now LiveWire
St. Louis treasurer taps #creditunion to serve unbanked #NewsNow http://t.co/lWtcezJOej
23 hours ago
.@CUNAMutualGroup has committed $35K to @trustdotcoop over the next year to suppor the future of #creditunions.
1 Day ago
.@madison_mag gets the cooperative scoop from @SummitDoMore's @kimsponem http://t.co/RxSCeSegie
1 Day ago
.@VantageWestCU emeritus chairman Whittaker inducted into @DCUC_HQ Hall of Fame http://t.co/dpeP4ME49U
1 Day ago
Australian newspaper covers Gen Y tips from @ServusCU at @WOCCU conference http://t.co/xqmLfZVwaI
1 Day ago