Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CU System
Gartner Will be hard to get grocer to pay breach costs
FRAMINGHAM, Mass. (3/31/08)--Credit unions and banks will have a difficult time getting Hannaford Bros. to pay their breach-related costs if the grocery chain was compliant with the Payment Card Industry (PCI) Data Security Standard when the breach occurred. If that's the case, Hannaford has a safe harbor under PCI and will not be required to reimburse banks and credit unions for the costs they incur in replacing cards, notifying member/customers, and for fraud, Avivah Litan, an analyst for research firm Gartner Inc., told Computerworld (March 27). Hannaford says it was recertified as compliant with PCI in February and had been similarly certified last year. PCI refers to 12 security controls that merchants accepting payment-card transactions must follow. If they don't they are fined by Visa, MasterCard, and other major card companies. Litan said that under the rules, if a company is noncompliant and suffers a breach, it faces both potential fines and reimbursements to credit unions and banks of their breach-related costs, including actual fraud losses. The fines and reimbursement costs are not collected directly from the merchant but through that merchant's acquiring bank, which authorizes the merchant, such as Hannaford or TJX Cos., to accept the transactions. It is these banks that are directly responsible for ensuring that merchants are PCI-compliant, Litan said. Under PCI rules, the acquiring bank can't take the reimbursement problem back to the retailer. Computerworld noted that reimbursement is a sticky point for credit unions and banks. It mentioned that several credit union leagues lobbied state governments to pass laws that would make retailers responsible for the costs of a breach, and that only Minnesota has passed such a law. Although credit unions and banks--and consumers--may not have recourse under PCI rules, they still can file lawsuits, the article said. The Hannaford breach, which compromised 4.2 million cards in New England, New York and Florida, was discovered Feb. 27 and made public March 17. It affects transactions at grocery stores from Dec. 7 to March 10. So far about 2,000 actual incidents of fraud have been reported, said Hannaford.
Other Resources

RSS print
News Now LiveWire
NCUA re-schedules start of tomorrow's closed meeting to 9 a.m. ET. Open meeting still at 10 a.m. ET.
11 hours ago
.@lisamurkowski @SenatorEnzi @SenJohnBarrasso are latest to weigh in on NCUA risk-based capital proposal. See #NewsNow tomorrow for more
12 hours ago
Now up on News Now: Fed stays course on taper, interest rates http://t.co/6DntsW58vA
14 hours ago
Positive performance indicators and the potential for rising interest rates in @TheNCUA 's latest economic update. http://t.co/yptPbIGvnU
17 hours ago
The @CFPB has launched a nationwide effort to provide financial education. http://t.co/sF3FXHpv3k
17 hours ago