American Bankers Association President and CEO Frank Keating told the Senate in a comment letter last week that banks—not retailers—provide zero liability to consumers for fraudulent transactions.
“It is often the case that banks must explain to their customers what has happened without the bank knowing where the breach has occurred,” Keating said. “Moreover, bankers have historically received little meaningful reimbursement for the costs they have incurred.”
Keating said the banking industry spends millions of dollars every year to adhere to regulatory data security standards, pointing to efforts like EMV migration and tokenization—processes aimed at enhancing payment security.
“These changes require significant financial investment by all parties—and have been the subject of some criticism by many, including parts of the retail industry—but are moving forward,” Keating said, adding that all payment system stakeholders should dedicate resources to combat the growing threat of data breaches.
Additionally, Keating said that policymakers should be reluctant to embrace any single solution that will address all concerns. As an example, Keating pointed to EMV technology, which he said addresses point-of-sale fraud but does not address online fraud.
“Much has recently been made about the ongoing disagreements between the retail community and the banking industry over who is responsible for protecting the payments system,” Keating said. “In our view, it is a shared responsibility of all parties involved.”