Sports-Level Fairness Needed in Data Breaches

The National Collegiate Athletic Association (NCAA) Men’s Basketball Championship came to a close Monday evening, with the Duke Blue Devils earning the title of 2015 champions. Along the way, many outstanding college basketball teams were eliminated. Probably the biggest upset took place on Saturday, when the Wisconsin Badgers defeated the previously unbeaten Kentucky Wildcats, only to lose to Duke in the final game. At any rate, it was an exciting tournament, full of talented teams and players from throughout the country.

Each participating team has to stand on its own. Each team is responsible, within its capabilities, for its own destiny. No team gets off easier because of its height, or the location of its school, or the quality of its academic programs. Though zealous fans may blame referees for a loss, most players understand that it is their ability and effort versus that of the opposing team that determines the outcome of the game.

Unfortunately, this cause and effect does not always exist outside of the sports arena. Some people seem to be successful despite themselves, while others, who work their craft diligently, fail. Life is not always fair.

Last week a court required Target Corp. to set aside $10 million for a fund to pay for harmed parties in the Target data breach from a couple of years ago. While this sum may seem excessive, it must be put in context. The banking industry, which issued most of the credit and debit cards, has spent over $100 million in reissuing cards to customers and covering the fraud losses that resulted from Target’s negligence, which resulted in this breach. Where is the money set aside by Target to cover the losses of these innocent businesses? Oh, there isn’t any. Target, like most of the big box stores and many other retailers, doesn’t think it should have to cover those losses on cards suffered by the banks, which provide the infrastructure by which Target makes over 90 percent of its sales.

Efforts are being made by both retailers and the banking industry to develop better standards to which retailers will need to adhere in order to combat the seemingly daily breach occurrences. The first step is set to take place Oct. 1, when retailers will be required to accept EMV cards, which provide a chip that deters breaches much more effectively than the existing PIN cards. Regretfully, while banks are spending millions of dollars preparing for this day, many retailers have made little or no progress toward upgrading to the necessary equipment required to utilize the EMV technology. I suspect that we are headed for another retailer/banker train wreck, or a postponement of the effective date.

Regardless of these divisive issues, both the retailers and the bankers continue to work with government to establish better rules and/or guidelines by which we can all combat the crooks who perpetrate these cybercrimes on businesses and their customers.

There will be many more tournaments where every team is judged on its own merits. Fairness and skill will separate the winners from the losers. Let us hope that the same kind of fairness begins to creep into the business world as it relates to data security issues.

– S. Joe DeHaven

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: