[ISN] How Main Street Will Pay for Home Depot’s Data Breach

http://www.businessweek.com/articles/2014-09-16/home-depot-breach-why-small-merchants-will-pay By Patrick Clark Businessweek.com September 16, 2014 Federal law protects consumers from the cost of fraudulent charges incurred when thieves steal credit-card and debit-card numbers. That’s good for the millions of Americans who had their payments data exposed by the hackers who breached Home Depot’s (HD) computer system earlier this year. And it’s bad for merchants, who often take losses on sales made to crooks with stolen cards. When a credit-card company identifies fraud, it wipes the payment off the cardholder’s account and notifies the merchant. Unless the store can prove the payment was authorized, the credit-card company debits money from a merchant’s checking account, leaving the vendor on the hook for the cost of items that were fraudulently purchased. Merchants also pay penalties, called chargeback fees, for accepting unauthorized charges. Accrue too many chargebacks and you’ll pay higher processing fees or lose the ability to accept certain credit cards. Those costs add up. The average merchant lost .68 percent of annual revenue to fraud in 2013, but the total cost is a multiple of that, according to a survey published (PDF) last month by LexisNexis. For every dollar lost to fraud, merchants spend a further $3.08, to replace lost inventory and cover chargeback fees and other penalties, according to the survey. The Home Depot hack left as many as 60 million credit cards and debit cards exposed, according to a report in the New York Times. Add those to the 40 million accounts affected by a hacker assault on Target (TGT) last year, plus the cards pilfered from Chinese restaurant chain P.F. Chang, luxury retailer Neiman Marcus, and others. A lot of stolen identities are floating around. […]