Visa and Mastercard are fining merchants with unsecured credit card transactions. Read more at CreditCards.com.
In their latest attempt to prevent credit card fraud, Visa and MasterCard have begun imposing fines on merchants that have not met the associations’ requirements for keeping card transactions secure. In recent weeks, MasterCard has fined merchants that have failed to meet its rules, while beginning at the end of September 2006, Visa will levy fines of $10,000 to $100,000 a month against the largest U.S. merchants who remain non compliant.
Such fines represent the latest attempt by the credit card and debit card industry to lessen both financial exposure and negative publicity from a series of well-publicized security breaches. While cardholders generally are not responsible for unauthorized credit card charges, merchants and stores involved with both retail store and online transaction fraud can be held liable.
Rather than fining the merchants directly, Visa and MasterCard penalize those that process the transactions on behalf of merchants — and who often pass the fines on to their merchant customers. Visa and MasterCard impose fines for failing to comply with the rules, as well as charging separate fines for non compliant merchants that experience a security breach.
The two massive card network operators have set comprehensive security rules for merchants, banks, and others who process, store, or transmit cardholder information. For example, rules state that merchants cannot store data that is contained on a credit card’s magnetic stripe, they must take precautions with individuals who have access to computer systems, and they must limit access to cardholder information.MasterCard noted that the decision to charge fines is taken as a last resort. According to the card network’s chief risk officer, MasterCard is issuing penalties for noncooperation, not for noncompliance. While MasterCard has been handing down fines for over a year, several industry members commented that the fines appear to have accelerated recently. These industry members estimate the fines as ranging from $5,000 to $15,000.
Currently, Visa is focusing its efforts on fining the largest merchants for noncompliance. Visa counts 334 merchants as its largest, representing almost 50 percent of annual Visa transactions. The card association reported that 20 of them were in violation as of Sept. 22, 2006, and could get hit with fines it they don’t comp by month’s end.
Visa says it plans to concentrate on the issue as it relates to certain smaller merchants starting in 2007. Small merchants may find the security rules somewhat daunting, as they may not be sophisticated about security issues or may not want to spend the funds needed for required computer system upgrades.