CHICAGO—The Comptroller of the Currency, Thomas Curry, said that it’s “only fair” merchants bear some of the burden for expenses resulting from data breaches when they are responsible.
Speaking to community bankers here, Curry said, "These recent [retail breach] incidents highlight the need for improved cyber-security. But they also demonstrate why we need to level the playing field between financial institutions and merchants…When breaches occur in merchant systems, it seems only fair to me that they should be responsible for some of the expenses that result."
Noting the costs involved to banks and credit unions in replacing plastic cards, Curry said, “That's not easy for any bank, but it's a burden that falls especially heavily upon community institutions.”
Both CUNA and NAFCU have been pressing Congress to pass cyber-security legislation that would hold merchants responsible.
Related links
NASCUS CU Cyber Security Symposium