Target Data Breach: Retailers should pay for card-theft losses

On Dec. 21, Target, one of the nation’s largest retailers with more than 1800 stores in the United States, reported that hackers had stolen data for 40 million debit and credit cards during a period that spanned more than two weeks (Nov. 27 to Dec. 15). The security breach was the second largest such theft involving a major retailer, second only to the attack on TJX Companies, Inc. – owner of TJ Maxx and Marshalls – in 2007. While it is true that the breach will likely cost Target millions to fix its information-security system and repair the damage to its reputation, the real losers are aggrieved consumers and their financial institutions.

Tens of thousands of Target shoppers were, at minimum, inconvenienced during one of the busiest buying seasons of the year as financial institution issuers cut off or restricted card use. These consumers – and I’m one of them – now face potential exposure (although limited by card system rules) to unauthorized purchases. Many affected financial institutions will bear the expense of absorbing losses incurred by their customers and the costly expense of reissuing cards – estimated at $4 per card.

Retailers have recently succeeded in passing federal legislation to enact price controls regarding the fees they must pay to enable their customers to buy goods and services using debit cards. A federal court is currently reviewing whether the fee, as determined by the Federal Reserve Bank, should include expected losses from breaches like the Target debacle. Many state legislatures, including the Texas Legislature, have rejected legislation requiring retailers to either adhere to minimum card security standards or bear the full cost of unauthorized use of customer cards and financial institution losses. Isn’t it time our courts and elected officials got serious about the responsibilities of operating a business establishment and ensuring that consumers and their cards are protected – or at the very least bear the full cost of all losses associated with compromised financial data? Seems only fair to me.

Christopher L. Williston is president and CEO of the Independent Bankers Association of Texas, the largest state community banking organization in the nation.