We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Manage Tomorrow's Surprises Today

Steven Minsky

Increased Credit Card Security Means Increased Compliance Risks and Liabilities for Businesses

Vote 0 Votes

Here at LogicManager, we've spent a lot of time considering issues related to cybersecurity. To find a new way in which a cybercriminal has exploited electronic vulnerabilities, all you need to do is skim today's newspaper, which will almost inevitably report a data breach or fraud-related scandal. An evolving set of threats means incident likelihood is increasing, and generally, cybersecurity risks have serious impacts - meaning such risks have very high inherent indices, or combinations of impact and likelihood.

Mitigation methods are evolving just as rapidly as the security threats they're designed to counteract (see our blog posts on "Avoiding Insider Trading with Cybersecurity and ERM," and "OCC Targets Cybersecurity and AML Deficiencies" for more information).

One of the newest security measures adopted in the United States is an obligatory changeover to credit cards with embedded microchips that are very difficult to replicate.

Newly implemented securities are obviously meant to mitigate risks - and to some extent, they do - but ironically, they can also have the potential to create a whole new subset of compliance risks that businesses must deal with. As of October 1st, 2015, if retailers haven't adopted the technology to read chip-embedded credit cards, they expose themselves to compliance risks and potential liability. They could also be responsible for reimbursing any funds hackers steal from customers, something card-issuing banks used to cover.

compliance risk changes aheadBob Gereke, a business owner in Manhattan, is doing all he can to comply with upcoming deadlines and avoid shouldering a burdensome liability, according to NPR. In order to comply with the requirements, Gereke will have to acquire equipment capable of reading the new cards, which are inserted rather than swiped. Gereke is not alone, considering every business capable of accepting credit cards is trying to do the same thing; high demand for the technology means it might not arrive until December, 2015. The unfortunate delay, even though out of the business owner's control, "will potentially leave him on the hook for fraud."

To compound the dilemma, many small businesses aren't even aware of the new risk, says Holly Wade of the National Federation of Independent Business. Businesses face a few scary hurdles, including "'higher costs, more liability in their business, and not knowing what they need to do to comply.'" Credit card chips have steadily been getting more and more news coverage, but other risks might not get the same exposure. This means it's vital for companies large and small to, firstly, maintain a risk-based compliance system to streamline how risks and requirements are identified, assessed, and evaluated for potential impact on the business.

A risk-based compliance management software can help make sense of where mitigation efforts are worth the investment, as blindly applying the latest technology can often leave a small to mid-sized business not only in the hole financially, but poorly protected from vulnerabilities.

While embedded chips do add another layer of security, they can't completely prevent identity theft and fraud; the axiom, "Where there's a will, there's a way," holds especially true when it comes to hackers. Gerenke, like thousands of other business owners, is feeling the pressure of these new compliance risks. "'It's another thing we have to deal with,'" he says. "'There's so many.'"

Gerenke is right. A constantly changing compliance landscape is riddled with potential pitfalls, and it is up to business owners to find a solution that can help identify and mitigate their biggest vulnerabilities.


To learn more about LogicManager and how it can help your organization stay both secure and compliant, read about ourcompliance management software or watch our on-demand webinar: "Streamline Compliance with a Risk-Based Approach".

Leave a comment

In this blog, risk expert Steven Minsky highlights the differences between traditional risk management and true enterprise risk management, which is about helping things happen rather than preventing them from happening. Manage Tomorrow's Surprises Today is designed to help you think about risk in new ways and learn how to benefit practically from this rapidly evolving field.

Steven Minsky

Steven is the CEO of LogicManager, Inc. the leading provider of ERM software solutions. Steven is the architect of the RIMS Risk Maturity Model for ERM, author of the RIMS State of ERM Report among many other papers, and a RIMS Fellow (RF) instructor on ERM. Steven has conducted ERM and RIMS Risk Maturity Model training for hundreds of organizations around the globe. Steven is a patent author of risk and process management technology and holds MBA and MA degrees from the University of Pennsylvania’s Wharton School of Business and The Joseph H. Lauder Institute of International Management. You can reach Steven at steven.minsky@logicmanager.com.

Recently Commented On

Monthly Archives