Even as it is, retailers spend a hefty sum after a breach just to be able to manage the situation, and pay for the damages their customers might have faced. Banks do pay a portion as well. In the example of Home Depot, the banks ended up paying $160 million for re-issuing cards and other associated cots, while the retailer estimated that it lost around $62 million, the report said, citing information from the Financial Times.
Here’s the latest. “Financial services industry bodies are apparently now joining forces to lobby lawmakers into introducing new legislation which would force retailers to foot the entire clean-up bill.”
On its website, the National Association of Federal Credit Unions (NAFCU) argues that “credit union expenditures for data breaches resulting from credit and debit card use be reduced. A reasonable and equitable way of addressing this concern would be to require merchants to be accountable for costs of data breaches that result on their end, especially when their own negligence is to blame. The entity that is best situated to mitigate the risk to sensitive data should be the liable party when a breach occurs.”
Another spokesperson Phil Lieberman feels that retailers should become more responsible. “Given that consumer tolerance for data loss is at an all-time low, and that the threat landscape is developing at an increasing rate also, remaining reactive to security challenges is no longer sufficient.”
“Businesses should look to create a strategic approach to security that allows them to analyse the threats that the business actually faces, and look at ways to develop a proactive stance to dealing with those threats in a flexible and consistent manner before breaches and security incidents occur.”