You may have heard that once again, a major data breach has compromised thousands of credit cards. Chipotle Restaurants is the latest merchant to have their computer system hacked resulting in the compromise of volumes of personal data stored on cards used at most of their 2100+ locations between 03/24/17 and 04/18/17.
According to a recent report, less than fifty percent of all U.S merchants who process credit cards have invested in a Data Breach Policy. In October of 2015, the liability for such data breaches was shifted from banks to merchants. We’re not just talking about the liability of a fraudulent use of the compromised card.
Here is what Chipotle can expect to pay. The first expense will be a forensic audit to determine how it happened and every single card that was compromised. They will next pay for the cost of a replacement card for every single card that was compromised. That is replacement card itself, a letter explaining what happened and why the person has been given a new card as well as the postage to get it there. IF any of the cards were subsequently used for making fraudulent purchases and another merchant experienced a loss, Chipotle will be required to reimburse them as well. They will also be assessed fines from the card sponsors such as Mastercard, Visa and others.
As you might imagine, this will be a significant cost to Chipotle as well as another black eye to a brand name that already had a tarnished image from several food contamination incidents linked to illnesses across the United States.
In the same survey referenced above, twenty seven percent of merchants say they have no plans to purchase an insurance policy to protect themselves while sixty one percent say they almost expect an attempt to breach their own systems. This seems so foolish when protection plans are as low as $10 a month ($500,000 aggregate).
If you accept credit cards, it is wise to invest this nominal amount to protect yourself from liability. In this particular breach, the information was stolen from the magnetic stripe which provided the hacker with the credit card number, expiration date and the three digit code needed to process most internet or phone orders. If you operate a small business that processes “card-present” transactions, you need this protection. The policy will even cover employee theft of card numbers in addition to “skimmers” installed on your credit card terminals to capture the data.
Contact Chosen Payments for additional information on protecting yourself for a very nominal fee. Call 855-4CHOSEN or email Jim.Luff@chosenpayments.com