Dawn Causey, Thomas Pinder and Andrew Doersam write:
Banks frequently absorb fraud losses when the consumer is compensated for damage done by other sectors. When retailers with questionable security protocols are breached, banks support the customer throughout the fraud cycle: consumer outreach and notification, card reissuance, enhanced transaction monitoring and reassurance that the bank’s systems are safe.
The payment brands provide processes for banks to recover some costs and to assign liability for transaction losses—and the EMV chip card transition both created liability incentives for retailers to accept payment credentials which are less susceptible to fraud and introduced technologies to drive down the frequency of card reissuances.
But as data breaches have continued to become more pervasive, some financial institutions are now suing merchants to recover additional data breach costs which may fall outside of those covered in contracts with payment brands. A recent Seventh Circuit decision provides a glimpse into how courts analyze liability for data breaches when there are established contracts governing data security.
Read more on ABA Banking Journal.