Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CU System
Gartner Will be hard to get grocer to pay breach costs
FRAMINGHAM, Mass. (3/31/08)--Credit unions and banks will have a difficult time getting Hannaford Bros. to pay their breach-related costs if the grocery chain was compliant with the Payment Card Industry (PCI) Data Security Standard when the breach occurred. If that's the case, Hannaford has a safe harbor under PCI and will not be required to reimburse banks and credit unions for the costs they incur in replacing cards, notifying member/customers, and for fraud, Avivah Litan, an analyst for research firm Gartner Inc., told Computerworld (March 27). Hannaford says it was recertified as compliant with PCI in February and had been similarly certified last year. PCI refers to 12 security controls that merchants accepting payment-card transactions must follow. If they don't they are fined by Visa, MasterCard, and other major card companies. Litan said that under the rules, if a company is noncompliant and suffers a breach, it faces both potential fines and reimbursements to credit unions and banks of their breach-related costs, including actual fraud losses. The fines and reimbursement costs are not collected directly from the merchant but through that merchant's acquiring bank, which authorizes the merchant, such as Hannaford or TJX Cos., to accept the transactions. It is these banks that are directly responsible for ensuring that merchants are PCI-compliant, Litan said. Under PCI rules, the acquiring bank can't take the reimbursement problem back to the retailer. Computerworld noted that reimbursement is a sticky point for credit unions and banks. It mentioned that several credit union leagues lobbied state governments to pass laws that would make retailers responsible for the costs of a breach, and that only Minnesota has passed such a law. Although credit unions and banks--and consumers--may not have recourse under PCI rules, they still can file lawsuits, the article said. The Hannaford breach, which compromised 4.2 million cards in New England, New York and Florida, was discovered Feb. 27 and made public March 17. It affects transactions at grocery stores from Dec. 7 to March 10. So far about 2,000 actual incidents of fraud have been reported, said Hannaford.
Other Resources


News Now LiveWire
.@CUCB #Creditunion #CherryBlossom Run registration transfer period is 2/1 - 2/28. Read more here: 2of2
30 minutes ago
.@CUCB CU Cherry Blossom Run organizers say accepted runners who can't race can transfer registratrion to runners who didn't get in. 1of2
33 minutes ago
Jobless claims drop to lowest level since 2000 @USDOL #unemployment #workforce #labor
58 minutes ago
Wanted: 12 young writers for @CUNA's youth fin ed resource #Googolplex #NewsNow
1 hour ago
Registration now open for @CUNA @WOCCU summer conference in Denver July 12-15 #ACUC #CUinDenver2015
17 hours ago