Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Government Security The Almighty Buck

Gridlock In Action: Retailers Demand New Regulations To Protect Consumers 127

Posted by Soulskill from the use-your-terrible-system-to-fix-your-terrible-system dept.
chicksdaddy writes: How bad is the gridlock in Washington D.C.? So bad that the nation's retailers are calling for federal legislation on cyber security and data protection to protect consumer information — even though they would bear the brunt of whatever legislation is passed. The Security Ledger notes that groups representing many of the nation's retailers sent a letter (PDF) to Congressional leaders last week urging them to pass federal data protection legislation that sets clear rules for businesses serving consumers.

"The recent spate of news stories about data security incidents raises concerns for all American consumers and for the businesses with which they frequently interact," the letter reads. "A single federal law applying to all breached entities would ensure clear, concise and consistent notices to all affected consumers regardless of where they live or where the breach occurs."

Retailers would likely bear the brunt of a new federal data protection law. The motivation for pushing for one anyway may be simplicity. Currently, there are 47 different state-based security breach notification laws, as well as laws in the District of Columbia and Guam. There is broad, bi-partisan agreement on the need for a data breach and consumer protection law. However, small differences of opinion on its scope and provisions, exacerbated by political gridlock in Congress since 2010 have combined to stay the federal government's hand. Meanwhile, reader schwit1 points out that banks are now starting to demand that retailers pay for all the financial damage their security breaches cause.
This discussion has been archived. No new comments can be posted.

Gridlock In Action: Retailers Demand New Regulations To Protect Consumers More

Gridlock In Action: Retailers Demand New Regulations To Protect Consumers

Comments Filter:

  • CYA (Score:5, Insightful)

    by thaylin ( 555395 ) on Tuesday November 11, 2014 @09:18AM (#48358863)

    I think this is just CYA. The government will set a minimum standard of security which the retailers will set as their default level and that way when a breach happens they can say, well we followed the government mandates, we should not be sued. This is not for the customers, it is for the retailers.

    In reality they should be securing their systems to the best of their ability.

    • The last sentence of TFS has a link to an article mentioning bankers are pressuring retailers to pay for the banks' costs in a post-breach cleanup.

      Money talks. In this case the bankers hold all the cards and the retailers will have no choice but to armor their payment systems. That, or spend hand-over-fist in cleanup and damaged reputation.

      Which road will they take? The cheaper one -- which I suspect is to armor their POS systems.

      • And if either the banks, the retailers, and/or any member of the supply chain gave up a single point in transactions TO UPGRADE THEIR SECURITY INFRASTRUCTURE and SELF POLICE, then government interaction would be unnecessary and consumer safety would soar.

        It's always someone else's problem, and someone else needs to eat the costs. So crappy POS, putting your fingers in your ears when IT warns you that your systems are about to explode, be breached, or become a PR nightmare, are all OK because it's the other

      • I'm not so sure that armoring POS systems is the cheaper option. Sure there are a myriad of things that can be done, but how effective are they likely to be? Even a company like RSA got breached, and their seed database was armored pretty well until reality pried it open. Ultimately the underlying issue will remain, which is that "shared secret" is an oxymoron. As long as the payment is verified by shared information someone will find a way to steal and use the shared information. After all, retailers can't

        • I'm not so sure that armoring POS systems is the cheaper option.

          The cheapest thing is to buy off politicians so that they can continue doing what they are currently doing, but shift the blame to the consumer. This, I assume, is the purpose of the legislation. (Cynicism is almost always the model with the most accurate predictions of political outcomes in the US).

        • The cheaper option is to stop storing credit data and have the banks and credit card companies and switch to one time tokens for all transactions.

          That way in the event of breaches credit and banking information can't be stolen.

          Guess which way it won't go. Though Amex is trying to go that way. Hence the support for Apple pay.

      • I'm really confused here. We've got the bankers pressuring the retailers for higher security or they will legally pursue them to cover the damages. Isn't this the picture perfect case where capitalism should solve the problem? Why are the retailers running to the government for regulation? Shouldn't the market solution be cheapest for the pure blooded capitalists of retail?

        • Shouldn't the market solution be cheapest for the pure blooded capitalists of retail?

          Two things:

          1) Whatever makes you think that retail giants are "pure-blooded capitalists"?

          2) A sufficiently powerful government usually means that the cheapest solution to any problem is to buy favourable legislation.

    • Re:CYA (Score:5, Insightful)

      by gstoddart ( 321705 ) on Tuesday November 11, 2014 @09:31AM (#48358961) Homepage

      In reality they should be securing their systems to the best of their ability.

      I wouldn't say "to the best of the ability of the retailers".

      They've already demonstrated themselves to be lazy, incompetent, and largely indifferent to security.

      They should be held to an entirely different standard than "the best of their ability", because we already know that's not good enough.

      • Comment removed based on user account deletion
      • Hmmm... what better way to close a bunch of small businesses than demand all businesses meet some arbitrary security requiremnts.

        "Sorry mom and pop, your shop doesn't have the required firewall, point of sale equipment, network security administrator, or minimum database standards.I'll have to shut you down"

        "But we dont even have a computer. All our sales are manual!"

        "Sorry, take it up with the Another Department to Fuck You Over**"

        **Name pending

        • Re:CYA (Score:4)

          by TigerPlish ( 174064 ) on Tuesday November 11, 2014 @11:10AM (#48359851)

          No, the Mom and Pop likely uses a 3rd-party payment processor.

          What, you thought *everyone* taking credit / debit payments have their own in-house?

          • I think you missed the point. New regulations means more stringent requirements, means newer equipment, upgrade costs, compliance testing, etc. If you don't think these new regulations are going to be a burden, you are naive.

            • If you don't think these new regulations are going to be a burden, you are naive.

              If you think having no regulations isn't already a burden on other people, you're also naive.

              So, if companies want to take risks with the financial information of their customers, they should be the ones assuming the risk, not the customers.

              Right now, in order to maximize corporate profits, customers are the ones bearing the risk for the crap the corporations do. Sorry, but screw corporate profits. We want to see some corpora

              • Actually you are taking the risk by using a credit card. Go to an ATM and get some cash. Problem solved.

                Better yet, lets get rid of capitalism all together. How about we just walk into a store and be given what we want. Clearly we are all entitled to it.

                • Re: (Score:2)

                  by AK Marc ( 707885 )
                  Yes, carrying around cash is lower risk than a credit card with $0 liability limits. Or not. I'll stick to credit cards. Safer for me. Worse for the retailer. They are likely hoping this legislation will lower liability for the retailer, and push it on the banks or customers.

                  • Re: (Score:2)

                    by tlhIngan ( 30335 )

                    Yes, carrying around cash is lower risk than a credit card with $0 liability limits. Or not. I'll stick to credit cards. Safer for me. Worse for the retailer. They are likely hoping this legislation will lower liability for the retailer, and push it on the banks or customers.

                    And there's the REAL reason.

                    The customer getting their CC stolen is a minor inconvenience of having to reset their auto-payment systems. But a retailer hit with a chargeback? Big problem.

                    If credit cards keep getting leaked out, eventual

                    • Re: (Score:2)

                      by AK Marc ( 707885 )

                      And yes, in the 14 years I've had a credit card, I've had 2 legit chargebacks - 1 was for a product they never shipped, and another was a product that never arrived. In the past 3 years, I've changed my credit card about 5 times already. Total loss to me? Maybe about $200 in cash that I had to run to the bank to pay off a bill because the replacement card didn't arrive in time to be billed to the card. (and likewise, a $200 less charged to my credit card. Since I pay it off every month, it washes out).

                      I had two chargebacks. Once I bought something off eBay, using PayPal (via credit card, never a bank account). The item didn't show up, I worked with the seller for a bit, but just did a chargeback. I paid and never got it. The seller told me I need to pay insurance to be able to do that. That's wrong. The "insurance" pays him, not me. That's his responsibility. His responsibility is to deliver the item in agreed condition. I don't care if he wants me to pay insurance, consumer law is clear, if I n

                • Better yet, lets get rid of capitalism all together.

                  The concept of ownership?

                  No, not really.

                  The absurdity which is the notion of laissez faire, free market, unregulated capitalism which is a self healing entity which achieves optimal outcomes over time because it's infallible and people will play by the rules??

                  Now, that version of Capitalism is a complete fucking lie perpetrated by people who are either intellectually dishonest enough to believe it, or sociopathic enough to want it anyway.

                  That version of ca

                  • Actually we live in a socialist oligarchy, far from any real capitalism. I also don't believe pure unadulterated capitalism is the way to go. There should be some oversight. However, the fundamental concept of capitalism, that I have to work for my own keep, is better than the idea of work or not you get your fair share.

                    As you pointed out in your post, the problem really isn't Capitalism or Marxism or any "ism." Its the corruptibility of people. So how do you plan to fix that?

                    • Actually we live in a socialist oligarchy

                      No, you do not. You live in an oligarchy, but it definitely isn't socialist. Oligarchies are pretty much orthogonal to socialist. In fact, the oligarchy wants to remove the last bit of "social" you have left, and the people cheering the oligarchy who are in government are working to hasten in.

                      So how do you plan to fix that?

                      Summary rejection of all economic and political theories which assume people will play by the rules of your "ism" and it will be a perfect syst

                    • Oligarchy refers to the organization of the government, socialism to how it handles economic activities. The two are mutually exclusive. Between welfare, medicaid, medicare, government subsidized health insurance, food stamps, disability, tax rebates, subsidized cell phones and internet plans, and many more programs, we live in a socialist society. Most people disagree because the rich don't pay as much into this system but that's because its an oligarchy. Those in power are redistributing the middle class

          • Re: (Score:2)

            by mjwx ( 966435 )

            No, the Mom and Pop likely uses a 3rd-party payment processor.

            What, you thought *everyone* taking credit / debit payments have their own in-house?

            I used to work for an outsourcing outfit that looked after small stores, including their EFTPOS systems and you'd be surprised how many small "mum and dad" stores used things like an EFTPOS client sitting on an unpatched XP box in the back room (half the time the staff would also be using this box for email/excel/Facebook). Using a 3rd party payment processor is expensive, you're talking about $500 p/m expensive per terminal for the most basic services. For a cafe $500 a month is the difference between bein

      • Re: (Score:2)

        by gmhowell ( 26755 )

        They've already demonstrated themselves to be lazy, incompetent, and largely indifferent to security.

        Maybe. Or maybe they're just cheap.

    • Consumers don't properly appreciate cyber security. Nor do stockholders. This makes it difficult to justify the expense of proper security. But if it is a legal requirement, then you can do it.

    • Re: (Score:2)

      by gmhowell ( 26755 )

      Holy shit. First post (that I can see at my threshold) captures things in their entirety. Are you sure you belong on slashdot?

    • I think this is just CYA. The government will set a minimum standard of security which the retailers will set as their default level and that way when a breach happens they can say, well we followed the government mandates, we should not be sued.

      I agree that this isn't some altruistic action motivated by concern over the poor consumers; but asking for regulation is something that also serves a secondary purpose: 'retail security' is a collective action problem: It costs money to do(best case, it costs money but at least you can do it unilaterally, as in the case of hardening your own network and backend; worst case it costs money and can't be done without industry-wide buy-in, as with replacing mag stripes with something less totally fucked); but t

    • In all fairness, those that may wish to put security solutions in place may need a way to justify the increased cost of additional security to the larger shareholders, who often can't see the forest for the trees. You'd think those shareholders would just invest in IT/security companies...

    • Re: (Score:2)

      by mlts ( 1038732 )

      I will be a bit of a devil's advocate here:

      We also need guidelines and standards for security. This isn't something that I can quantify, toss a high amount at a CISSP and get some unit of security. PCI-DSS3 is an example of decent guidelines. Another are the NIST SCAP items.

      What would be an ideal would be some standard body making up security standards, not just guidelines (segment and firewall networks), but actual steps to secure operating systems and appliances with varying levels of security [1]. Th

    • Re: (Score:2)

      by hey! ( 33014 )

      Well, this is the dark side of competition. Without regulation, you find yourself competing with bottom feeders.

      It's one thing to be competing with bottom feeders who simply externalize costs -- e.g. shipping waste to countries with weak environmental regulations. It's another thing to be competing with bottom feeders who undermine trust in your industry. You can't just copy them and say, "everyone does it, that's life." Winning that race to the bottom is actually bad for your bottom line.

    • Re: (Score:2)

      by AK Marc ( 707885 )
      Minimum standard laws usually come with liability limits. "If you put a disclaimer in your ToS, your liability is limited to $3." So the retailers want the rules so they can determine (and limit) liability and guard against it, rather than having unbounded liability, as currently exists.

  • Huh? (Score:1)

    by Anonymous Coward

    What's this got to do with traffic problems?

  • Regulations protect corporations!!
    Regulations protect corporations!!
    Regulations protect corporations!!
    Regulations protect corporations!!

    Say NO to regulation!!!

    • So you'd rather have it so there are no Federal consequences for being a sloppy, lazy, bug-infested easy target?

      Sometimes regulation protect all of us, not just corporations. This could be one of those.

      OK, I have a non-regulated approach to fighting breaches: If your company is stupid enough to get breached, the banks and card issuers must block you from doing credit and debit card business again -- ever. Good luck with cash-only.

      Is that too cold-hearted for you? You'd rather have that instead of rule

      • Sounds to me like the default outcome down this path is that the banks start forcing the retailers to eat the losses rather than covering it themselves. Which would mostly work for me - let the people responsible for allowing the breach pay for the privilege of being sloppy. In that context federal regulations would likely indemnify them against damages if they employed the legal minimum of protections, or at least make sure that all their competitors are footing a comparable bill so that the cost of securi

        • Re: (Score:2)

          by sjames ( 1099 )

          The problem is that the technology to make the breaches meaningless has existed for decades now but the banks refuse to implement anything like it. The banks are the ones that have foisted the fundamentally flawed system on the retaiolers and now expect them to spend bucketloads of cash on shoring it all up.

          As long as they are allowed to continue pushing the costs off onto merchants and consumers, the problems will continue.

          For example, if credit cards were smart cards and consumers carried a cheap dumb car

          • Which is the exact opposite of what merchants are trying to do with their shitty CurrentC.

            They don't want security, they want protection from liability. They probably want to move that liability onto the consumer.

            • Re: (Score:2)

              by sjames ( 1099 )

              Yes, but likely in part because the last few years have made it apparent that banks will never be held accountable for the laws they break.

          • Re: (Score:2)

            by afidel ( 530433 )

            Wrong, the reason we don't have EMV in the US is the retailers didn't want to pony up the cash to upgrade their POS systems. The banks finally put their foot down about 18 months ago and set a deadline that shifts the liability for non-EMV transactions to the retailer starting 9/2015.

            • Re: (Score:2)

              by sjames ( 1099 )

              Too bad they went from a totally broken system to a half broken system when they could have gone to a functional system.

              Then there's the matter of the tech being decades old. They had the option to introduce it through attrition so the cost would be part of the normal upgrade cycle.

              • Re: (Score:2)

                by afidel ( 530433 )

                In cryptography old is good as long as the cypher strength is still sufficient to thwart expected attacks. The only weakness in EMV I'm aware of is a man in the middle attack against chip-n-pin where you can send a pin not required signal to the terminal if you can get between the card and the terminal. Since most US banks will be doing chip and signature, not chip and pin that's moot. If you're aware of another attack on EMV then please enlighten me.

                • Re: (Score:2)

                  by sjames ( 1099 )

                  Web and mail order (that is, card not present transactions in general).

                  A proper public key signature card benefits from being old (well understood) and having a sufficient key strength. It could even be used to sign a recurring charge authorization.

      • Re: (Score:1)

        by Anonymous Coward

        If they are negligent, and you are harmed, you sue. Is this concept so difficult? With regulations, you still may be harmed, but they are protected from negligence, and you are unable to sue. Easier to pay off a few polticos than millions of victims, no?

      • Yo moron, they're trying to reduce their liability not protect the consumer. FTA: "Currently, there are 47 different state-based security breach notification laws, as well as laws in the District of Columbia and Guam." Do you understand now?

      • Re: (Score:2)

        by silfen ( 3720385 )

        Sometimes regulation protect all of us, not just corporations. This could be one of those.

        Or maybe not. Along with such regulations usually comes immunity from liability lawsuits.

    • Yeah, no, no they don't.

      Which is why the Republicans have been de-regulating, because when corporations can do anything they want, that protects corporate interests.

      Regulations protect us from corporations.

      • LMOL - do you know where regulations come from? They come from corporate lobbyists. Corporations write legislation that Congress passes. These "regulations" reduce the liability to Corporations. They do not protect consumers! Check out ALEC sometime.

        • Wow, such a simplistic and reductionist world view you have.

          Yes, laws which are written on behalf of corporate lobbyists are designed to game the system to give corporations the most freedom. This means you should stop the process of corporate lobbyists, because they don't help anybody except corporations.

          But, environmental laws, consumer protection laws, banking laws, laws designed to stop insider trading ... these are all intended to prevent corporations from being able to do anything they please without

    • FOUR LEGS GOOD TWO LEGS BAD

      I can't understand people who think reality is simple.

  • Er...lobbiest fails to do job, so panic? (Score:5, Insightful)

    by xxxJonBoyxxx ( 565205 ) on Tuesday November 11, 2014 @09:32AM (#48358979)

    >> gridlock...nation's retailers

    Er...lobbiest fails to do job, so panic?

    >> they would bear the brunt of whatever legislation is passed....there are 47 different state-based security breach notification laws

    In other words, they want a single Federal law to replace all the state laws, which would do two things: 1) allow them to concentrate their efforts on watering down the federal law 2) take the ability for people to collect damages against it out of state courts and 3) reduce their notification costs because they would only do the bare minimum required by the federal law (e.g., filing it in a basement drawer marked with "beware the leopard"). I see no "brunt" here. (IANAL)

    • There's more to it. Note the last line - banks want to make retailers pay for their expenses when these breaches occur. My bank just had to send me (and presumably thousands of other people) new debit cards due to the Home Depot breach, for instance. That cost them plenty in aggregate - sending me a letter and then a new card. It's not much, maybe $2 or $3 for me, but multiply that by 10,000 or 100,000 and suddenly some money's in play.

      So if the retailers can hijack the "regulation" they can write it su

      • Re: (Score:2)

        by Optic7 ( 688717 )

        Your guess for the cost to produce a regular credit/debit card is exactly right, but chip cards apparently cost a lot more. Bank of America sent me a new "chip-and-signature" card (yuck, why not chip-and-pin, so frustrating) after the Home Depot breach. According to this article [bankrate.com]:

        "The cost to produce and distribute a card to a customer is under $2. The cost to make and distribute a chip card to a customer is between $15 and $20," says Coleman.

        The last link on TFS says that just community banks and credit unions are already on the hook for $160 million. That's not even counting the banking giants. We're talking LOTS of money lost and wasted by a lot of people because of T

        • One thing to note is that the chip card shouldn't need to be replaced after one of these breaches since they're doing end-to-end encryption, so hopefully it's a one-time cost that they were going to incur anyway.

          • Re: (Score:2)

            by Optic7 ( 688717 )

            I'm not positive about the technical aspects of the chip, but just thinking about it, I don't believe that chip cards protect you from certain fraudulent transactions, like online purchases. I'm giving the website my card number, expiration date, card verification number, name, and billing address.

            Someone who gains access to all that information stored by the retailer would certainly have all they need to initiate another online transaction elsewhere. The only way the bank has of preventing that would be to

  • Translation (Score:3)

    by Charliemopps ( 1157495 ) on Tuesday November 11, 2014 @09:42AM (#48359059)

    Translation: Please pass a law that dictates the minimum effort we are required to put forward so we can barely meet that very low bar and not get sued. As it is, we have to actually pay attention to security and update constantly. If you pass a law, it will be out of date in about 3 months... but hey! At least we can't get sued. And that's all that really matters.

    • Re:Translation (Score:5, Insightful)

      by mrchaotica ( 681592 ) * on Tuesday November 11, 2014 @09:51AM (#48359119)

      There is a less pessimistic translation: "Please pass a law so that our competitors are forced to spend money securing their systems, so that we can justify doing so without fear of being out-competed."

      • Umm no, it's the above: "Currently, there are 47 different state-based security breach notification laws, as well as laws in the District of Columbia and Guam."

        Jackass.

      • There is a less pessimistic translation: "Please pass a law so that our competitors are forced to spend money securing their systems, so that we can justify doing so without fear of being out-competed."

        less pessimistic = extremely unlikely but supports my world-view so I chose to believe it despite the evidence.

  • Sorry, the Government has been drowned in the bathtub.

    This consumer protection stuff is just more liberalati socialistic hogwash.

    First, they'll want to regulate the hackers, next thing you know they'll be sending jack booted thugs to take your sons and daughters to FEMA homo training camps.

    Wake Up America!

    • Re: (Score:1)

      by Lehk228 ( 705449 )
      > FEMA homo training camps

      that is like boyscout camp but with somewhat less homoeroticism, right?

      • > FEMA homo training camps that is like boyscout camp but with somewhat less homoeroticism, right?

        Well played sir, Well played!

    • Except it's not consumer protection. It's corporate protection. Try taking our head out of your ass sometime.

      • Except it's not consumer protection. It's corporate protection. Try taking our head out of your ass sometime.

        Speaking of, it's pretty plain to see you have a sore one. It can be pretty tough at those Focus on the Family rallies.

        No humor gene, it would appear.

    • Re: (Score:2)

      by silfen ( 3720385 )

      FEMA homo training camps.

      That sounds like fun. Unfortunately, instead, they just hand the money to their corporate cronies.

      This consumer protection stuff is just more liberalati socialistic hogwash.

      Just because something is called "consumer protection" doesn't actually make it "consumer protection".

      • FEMA homo training camps.

        That sounds like fun. Unfortunately, instead, they just hand the money to their corporate cronies.

        This consumer protection stuff is just more liberalati socialistic hogwash.

        Just because something is called "consumer protection" doesn't actually make it "consumer protection".

        Should I send a Whoosh with my posts these days?

  • This isn't (just) about trying to dodge liability by having defined standards to meet.

    The big retailers are all spending shitloads of money on security because they have to. Now they want regulations that require everyone else to do the same.

    A few million each year for security compliance is nothing to Target or Walmart. It is a dagger in the heart of their local and regional competition.

    • A few million each year for security compliance is nothing to Target or Walmart. It is a dagger in the heart of their local and regional competition.

      Mom and Pop don't have their own POS. They use payment processing houses. It's the Big Dogs that have their own POS systems.

    • Jesus tap dancing Christ. Read the fucking article. It has nothing to do with forcing companies to spend any money on security! It's about the "...47 different state-based security breach notification laws, as well as laws in the District of Columbia and Guam" The retailers want one single system for NOTIFICATION of a breach: "A single federal law applying to all breached entities would ensure clear, concise and consistent notices to all affected consumers regardless of where they live or where the bre

  • Shift the cost to the consumer ... (Score:3)

    by CaptainDork ( 3678879 ) on Tuesday November 11, 2014 @10:09AM (#48359285)

    The banks are not the point of contact for the consumer ... the retailer is. Banks AND retailers want the retailer to bear the cost so the retailer can pass it on to the consumer.

    Consumers, in one form or another, will be responsible for breaches.

    • Re: (Score:2)

      by cdrudge ( 68377 )

      Consumers, in one form or another, will be responsible for breaches.

      We (the consumers) always have been. If breaches start to hurt the bottom line of the processors, merchant fees will just increase. Merchant fees increasing will result in merchandise prices to rise or credit card surcharges (where legal).

  • Gridlock (Score:3, Funny)

    by Anonymous Coward on Tuesday November 11, 2014 @10:10AM (#48359291)

    Gridlock? Yes, the democrat Senate has prevented many bipartisan House bills from passing. It will be good to see the Senate in the hands of the GOP. Hopefully Obama won't continue the gridlock by vetoing bills.

    • You mean like the immigration reform bills tied up in the house that would pass if Boehner allowed a vote? Yeah keep promoting that canard....
    • If the bills were bipartisan, then the democrats would be helping it by definition.

      How much do you get paid to put forth idiotic political propaganda like this?.

      As for your silly wish for Obama to roll over and be the GOP's lapdog, he's got way too much of a backbone to do that.

  • When I saw the first three words of the headline, I thought it was going to be about this fucktard. [twitter.com]

    "Net Neutrality" is Obamacare for the Internet; the Internet should not operate at the speed of government.

    Senator Ted Cruz, TX

    What an absolutely fucking disgusting display of "If Obama is for it, I'm against it."

  • Because really, who wants to deal with 47 different state laws when you can just have one federal law? At the very least, it would save their legal departments a lot of headaches.

  • Retailers can improve security in one big way (Score:4, Interesting)

    by Applehu Akbar ( 2968043 ) on Tuesday November 11, 2014 @10:28AM (#48359451)

    Just turn NFC back on while you wait for CurrentC to get off the ground and be tested sometime next year. It's already on your registers, and some of the NFC vendors have high-grade security that sharply reduces the risk of credit card breaches.

  • Data breach and identity theft etc would not be a serious issue if the lenders exercised due diligence before extending credit to make sure the borrower's credentials are correct. They make sure it is impossible for ordinary person to lock up the credit reports and credit to make sure no unauthorized accounts are opened unbeknownst to them.

    If we make the lenders liable for all the damage caused by them. We don't even need any new laws for this. The lender has all the right to be very lax and extend credit

  • Gridlock is so bad ... (Score:3)

    by RoccamOccam ( 953524 ) on Tuesday November 11, 2014 @10:41AM (#48359581)
    The gridlock has been so bad that the American public has voted to fix it. Yay!

    • The gridlock has been so bad that the American public has voted to fix it. Yay!

      I will gladly take gridlock over the out of control goverments we have had in the last 13 years or so.

      If Obama was incapable of passing a single law for the rest of his term, I would be very happy. I wish there was this gridlock when Bush was president pushing for bailouts.

  • The cost of fraud and security is built in to the interchange rates that make up the bulk of card-present fees from Visa et al. By and large, the retailers already cover those costs. If specific retailer-focussed fines are put in place they should be accompanied by a drop in interchange rates (not going to hold my breath here). Also, by reducing cost-sharing and increasing self-insurance, that's another way of squeezing out smaller merchants (who can't begin to cover those costs) in favor of the larger o

  • Now that the Rs are in power, it's time to Obama to lean in and take one (or ten) for the team. Everything that's good, come out against it; everything that's bad, say you support it. The Rs will slavishly oppose and BAM! Progress.

  • > and Guam

    "Oh no! Someone took the credit card receipts from the grocery's trash! Well, according to Guam law, we must notify consumers."

    (Opens window). "Hey, Frank! Charlie took your credit card receipt! Oh, and Paul, get your damned chickens off the runway!"

  • The summary claims that the retailers would bear the brunt of the legislation. The opposite is true. The letter is written by retailers, asking for increased regulation of cloud providers and banks. The letter is specifically calls out Apple and J.P. Morgan as the causes of recent data breaches. It complains that the retailers are responsible for notifying their customers of breaches, but they aren't the only link in the chain.

  • there are 47 different state-based security breach notification laws

    These retailers should be careful what they wish for. One of the main problems with health insurance used to be that every state had its own set of laws and licensing. Now that the feds took over the regulation of it they not only require everyone buy it but also dictate coverage levels, like it or not.

    • Re: (Score:2)

      by slew ( 2918 )

      there are 47 different state-based security breach notification laws

      These retailers should be careful what they wish for. One of the main problems with health insurance used to be that every state had its own set of laws and licensing. Now that the feds took over the regulation of it they not only require everyone buy it but also dictate coverage levels, like it or not.

      Sigh... Actually the way Obamacare is set up, insurance companies should *like* it. They theoretically get lots of new customers who are forced to buy their services and are pretty much guaranteed 20% of the premiums to run their business (80% has to go to medical reimbursement) and they are allowed to pick and choose the medical providers they will contract with... It's likely the patients that get the screw on this (other than the sorely underused HRA option which is another can of worms)...

      Similarly, t

  • ... of why libertarians are wrong about the role of governments.

    Free markets are nothing that comes about naturally. It is the governments that create the regulatory framework that allows for free markets to function.

    Business hurt when governments fail in this most important job.

  • Here we see people clamoring for government regulation of tech issues after numerous stories on that same government's lack of understanding of tech issues. Really?

    If the banks charge the retailer that suffered the breach for the damages resulting from the breach, then only the offenders suffer rather than making everyone suffer under onerous and ill-conceived regulations. Not to mention that charging for the damages from a breach means the punishment will actually fit the crime. Further, punishing a single

    • How do you determine what costs come from a particular breach? Some are obvious ("Here, Home Depot, this is a bill for $2 for every card we had to replace because of you"), some are not ("there's a fraudulent card-not-present transaction here from somebody whose card may have been leaked by Home Depot or Target or somebody").

Slashdot Top Deals

Get hold of portable property. -- Charles Dickens, "Great Expectations"

Close