These breaches; those of the Equifax, Target, Home Depot, Michael’s, and Jewel (Supervalue) sort, have become so commonplace that is likely impossible you have not been directly impacted by at least one of them. While you are protected from the responsibility of paying for any fraudulent charges that may show up on your account as a result of breaches such as these, do not fool yourself into thinking that you are immune from either the cost of these breaches or the potential long term consequences of them.
You may not realize that even in these well-publicized instances, where it is indisputable and clear that the breach occurred at the respective retailer level, none of these businesses are responsible for covering any of the cost associated with these crimes. Let me repeat, under the current laws, when Target publically admits that their system was hacked and that some of your personal information was potentially subject to that intrusion, Target is not responsible for even one cent of the cost of that crime.
The issuer of your credit or debit card, which is almost always your credit union or your bank, is responsible for bearing the cost of that breach. That’s right. The issuer didn’t have anything more to do with that breach then the individual consumers, but the issuer bears the responsibility for the cost of it and the costs are substantial.
Issuers are solely responsible for any fraudulent charges that occur, the cost to replace the cards that were affected by the breach, and the cost of the employees it needs to manage these occurrences and process all of the related information and paperwork. Issuers are responsible for the costs of their fraud detection software that helps them to minimize the damage caused by these breaches and they are responsible for their cyber security and fraud insurance related costs.
As the frequency and extent of these breaches has increased, all of these costs have also increased and at a very rapid pace. It is currently the practice of most issuers to take all possible steps to protect their clients from harm. Credit unions and banks will not only absorb any fraudulent charges on your bill, they will often issue you a new card with a new number the moment there is any indication that your information was subject to a breach, even before charges have accrued.
Were these breaches to continue at the pace they are currently occurring, however, it is fair to ask just how long consumers will be fully protected from the harm these events cause. In fact, you could effectively argue that every consumer is already impacted by the inconvenience of having to switch billing information and having to constantly notify businesses that they have a new card number.
It is unrealistic to think that any industry or business can 100 % protect itself from a data breach at all times simply because the bad guys will always have an advantage. Hackers spend their time finding the next loophole or weakness and then exploiting it regardless of the system or the Target (pun intended). The rest of us have jobs and families and hobbies. While we play by the rules, hackers only have an interest in getting around the rules and penetrating safeguards, but why does it keep happening at the retail level?
The answer is simple, data breaches and system hacks are crimes of opportunity. Crimes of opportunity are committed when the opportunity presents itself; and for the last several years, retailers and the data systems they maintain have been the weakest link in the chain. It really does not take long to identify the flaw in the law nor does it take long to assume that these breaches are going to continue to happen until that law changes.
If any business in any industry is insulated from the consequences of their action or inaction, there is absolutely no incentive for that business to take new actions or to stop being inactive. As long as the retailers are shielded from the costs of the breaches that take place at their businesses, the breaches will continue and the costs of these breaches will continue to escalate. In any aspect of life, there must be a consequence for the actions that are taken. An action or a series of actions devoid of consequence lead to chaos and a lack of balance and order.
So, what can you do about it? Before you answer, it may be helpful to remember that there is almost always actions that you can take or decisions that you can make that will positively influence a situation, even if that situation appears to be entirely outside of your control. Here are some suggestions along those lines.
Every cause starts with education. For your own sake, make it a point to learn more about how payments are processed, how your information is stored, and why these things should be important to you and your family.
When a cashier asks for proof of your identity, take the time to thank them for helping to protect you instead of chastising them for adding 30 seconds to your checkout process.
Be selective when and where you use your debit and credit cards. Be alert when you use your card, especially when you purchase something on line. You should be familiar with the sites that you visit and never allow any site to store your information or “remember” your form of payment for the next time.
Pay attention to the activity on your account and check your balance and statement frequently.
You may even consider contacting your congressman or senator and asking him or her why the current laws protect retailers from having to pay for breaches that occur within their own business.
None of these actions taken individually or even collectively will prevent all fraud from occurring. You can bet that despite your best efforts, data breaches will continue to occur. So, you may ask, why should you do any of these things and why should you care as long as you are not responsible for paying for a fraudulent transaction.
While your diligence may not fully stop these breaches, your diligence and that of others will eventually slow it down and may even encourage retailers to increase their own diligence in installing safe practices and better data protection systems. Once retailers are fully on board, the entire payment system will be better balanced and we might even be able to better contain costs. This is where the importance of this education and these actions directly impact you.
No matter how efficiently a business operates and no matter how good a business might be as an advocate and even a shield for the consumer, costs have to be accounted for. Sometimes costs can be absorbed, but when costs such as those related to the perpetuation and proliferation of fraud spiral upward and outstrip any ability to make them back in the form of revenue, those costs can and do get passed back to the innocent consumer.
If you plan on continuing to use a debit card or a credit card for the foreseeable future, make it personal and make it a point to get educated on this subject. Then, get active in doing something about it!
This article is part of Scott Arney's educational series, entitled The Serial Decision Maker.