Payment card system breaches can cause millions of dollars in damages. Consumer losses are generally minimal, because Regulation E obliges card issuing banks to generally reimburse consumers for fraud. There are nevertheless millions of dollars of damages associated with responding to payment card breaches in the form of fraud reimbursements and card re-issuance costs. These damages are apportioned among the various banks and card networks involved in processing credit and debit card payments. That was the environment the case of Spec’s Family Partners v. First Data Merchant Services arose in, a case decided by the United States Court of Appeals for the Sixth Circuit.
The case involved a credit card breach at dozens of liquor stores in Texas owned by Spec’s Family Partners (“Spec’s”). The breach occurred because of the chain’s failure to comply with and implement the Payment Card Industry Data Security Standard (“PCI DSS”). As a result, fraudsters were able to install malware that harvested the credit and debit card data of Spec’s customers. The damages were created when banks that issued customer credit and debit cards learned of the breach. The issuing banks had to reimburse customers for fraud losses, and incur the costs of reissuing cards to customers.
Community Banking News
Current news, events, regulations and other information in banking, and at Community Bankers of Iowa.
CBI Blog Archives