Who is stuck with the tab when a retail point-of-sale security breach occurs? Increasingly, it’s the retailer—not the financial institution.
Due to a regulatory change on Oct 1, 2015, much of the liability for credit card counterfeit schemes shifted from financial institutions to merchants. Retailers who don’t have chip technology for credit card processing have been on the hook since then for damages stemming from in-store security breaches.
The change of law has brought several 7- and 8-digit legal settlements. For instance:
- Home Depot settled a lawsuit brought against it by financial institutions for $25 million in March of 2017.
- Wendy’s lost even bigger, settling for $50 million for its 2018 security breach.
- Sonic settled a $4.3 million class action lawsuit on behalf of numerous customers who were victims of a breach involving 325 locations. The settlement entitled individual customers to payments ranging from $10 to $40.
The good news is that, even in the event of a security breach, you won’t be held liable if you’re compliant with PCI (Payment Card Industry) Data Security Standards. Making big changes may sound like a pain, but it’s also an opportunity: Modern POS and CRM solutions do more than keep you and your customers secure. They take a lot off your plate, including manual data entry, running promotions, and other marketing and administrative operations.