Who Should Pay for Reissuing Payment Cards Post Data Breach?

by Michael Misasi 0

Security breaches involving card data are amajor headache for financial institutions, but it’s not in creditcard issuers’ best interest to ask retailers to pay for cardreissuance after these events.

No matter how much banks might think retailers benefit fromaccepting credit cards, the fact is that merchants are gettingtired of what they perceive to be jumping through hoops just to getpaid. For many retailers, issuers are the enemy. Point-of-saleterminals, interchange fees, compliance with PCI standards,changing industry standards (i.e., EMV)-requirements all add up.Interchange in particular has become an undeniably dirty word inmerchant and regulatory circles alike.

Merchants’ frustration with card acceptance is visible in a numberof ways:

  • The recent Merchant Discount Antitrust Settlement regardingsurcharging (which, by the way, was the largest antitrustsettlement in U.S. history)
  • Retailers’ increasingly collaborative efforts to develop their ownpayment ecosystems (i.e., MCX)
  • Their support of virtual (and interchange-free) currencies likeBitcoin
  • Growing acceptance of alternative payment types such as PayPal atthe point of sale, and
  • Sustained interest in steering consumer to low(er) cost paymenttypes like private label, debit, and prepaid

Adding another cost item to payment card acceptance in the form ofdata breach liability will only incent retailers to ratchet uptheir promotion of payment products that compete directly withbankcards, not to mention the small cohort of merchants that willstop accepting cards altogether. Issuers, ideally with the help ofthe card networks, would be better served by working with merchantsto develop solutions that make accepting card payments easier andmore secure.

Follow Michael on Twitter @mikemisasi.