Who Pays For Credit Card Breaches?

← Back to Stories (view on slashdot.org)

Who Pays For Credit Card Breaches?

Posted by kdawson on Tuesday February 20, 2007 @06:36AM from the buck-stops-where? dept.

PetManimal writes "A scheme to steal customers' credit and debit card information at a New England supermarket chain highlights a little-understood fact about credit card security: Customers still think that the credit-card companies have to eat fraudulent charges, but since the PCI DSS standards were adopted, it's actually the merchant banks and merchants who have to pay up. And, according to the blogger writing in the latter article, it's a good thing." "The main reason PCI exists is that there are tens of thousands of merchants who don't understand the basics of information security and weren't even taking the very minimum steps to secure their networks and the credit card information they stored... PCI pushes that burden downstream and forces merchants to... put in a properly configured firewall, encrypt sensitive information and maintain a minimum security stance or be fined by their merchant banks... [T]he credit card companies have taken the bulk of the financial burden off of themselves and placed it on the merchants, which is where much of it belongs...'"

3 of 313 comments (clear)

Min score:

Reason:

Sort:

The customer pays. Always. by Anonymous Coward · 2007-02-20 06:40 · Score: 5, Insightful

The merchant has to make a living, the credit card company too. The money for fraud can only come from the end of the chain: the customer. The only notable thing here is that all customers pay, not just the ones who use a credit card.
1. Re:The customer pays. Always. by Bastard+of+Subhumani · 2007-02-20 07:25 · Score: 5, Insightful
  
  To offset that, the prices are raised.
  If the market would stand that higher price, why wasn't it being charged to start with? Conversely, if the market won't stand it, then lower volume (yada elasticity yada) could mean the merchant makes even less money.
  
  --
  Only three things are certain; death, taxes, and apocryphal quotations - Ben Franklin.
Re:Misses the point by letxa2000 · 2007-02-20 06:50 · Score: 5, Insightful

As a merchant, this is very annoying. If I submit a charge to Visa/Mastercard and it's authorized, I should be able to count on that unless the valid cardmember has a legitimate complaint that I did not resolve and charges it back. If the use was fraudulent, as the merchant I have absolutely no way to know that--that's why I'm asking Visa/Mastercard for authorization. If they authorize the charge then they think it's legitimate, too, so why should the merchant somehow be expected to think otherwise or be held responsible for 100% of the chargeback?

To pay extortionate discount charges on every transaction and not even be able to trust that the charge is legitimate is abusive on the part of Visa/Mastercard. What's worse, a chargeback comes with a chargeback fee. So not only does Visa/Mastercard not get harmed by fraud, it profits from it. As long as that is the case, Visa/Mastercard has no motivation whatsoever to increase security and decrease fraud.