Jimmy John’s Restaurants, a popular chain of sandwich shops, became the latest retailer to announce that it had suffered a breach of its customer's credit card data. According to a statement released on September 24, 2014, "It appears that customers’ credit and debit card data was compromised after an intruder stole log-in credentials from Jimmy John’s point-of-sale vendor and used these stolen credentials to remotely access the point-of-sale systems at some corporate and franchised locations between June 16, 2014 and September 5, 2014."
This announcement follows shortly after Home Depot announced a major security failure, and at a time when so many other national retailers have disclosed that their systems had been compromised. More importantly, it leaves credit card users wondering if there is any end in sight to this string of data thefts that appears to compromise their credit card accounts.
Computer hacking is nearly as old as computers themselves, and no one has yet created a system that cannot be compromised by resourceful and determined criminals. That said, it is true that the credit card industry in the United States has not kept pace with technology as fast as it should have. For example, credit cards are still relying on primitive, decades old magnetic stripe technology, rather than the latest EMV smart chips that have been in use for some time in Europe and other parts of the world. In addition, American payment networks seem too content to enjoy large profit margins and to absorb the cost of fraud, rather than aggressively fight it.
Although we can never expect credit card fraud to be completely eliminated, we have virtually eliminated cardholder's liability for fraudulent charges. According to the Fair Credit Billing Act of 1974, credit card account holders cannot be held responsible for more than $50 of fraudulent charges. Yet in practice, nearly all credit card issuer waive this requirement by reimbursing customers for the entire amount of any unauthorized charge.
In fact, this law also prevents credit card issuers from being held responsible for goods and services not received, and even when any goods and services are not delivered as exactly as promised. For example, if an order place over the Internet never arrives, the cardholder can request a chargeback against the merchant. Likewise, if a service is paid for but was not performed as described, that transaction can also be disputed through the card issuer's chargeback process.
Cash can be easily stolen, and customers are always in danger of being short changed, or even receiving counterfeit bills. Fraud involving checks is even more common as they are easily forged. Debit cards are a more secure alternative, but like cash and checks, customers lack protection against goods and services not being received, as well as when any goods or services received are not as described.
If there is a flaw in the Fair Credit Billing Act of 1974, it is that cardholders are largely responsible for scrutinizing their own statements and notifying card issuers when there is a fraudulent charge. This task is made more difficult due to the fact that many merchants do business under one name, while having their credit card charges processed under another.
When credit card users do spot suspicious charges, they can be assured that they will not have to suffer a loss, no matter which retailer is discovered to have lost their data.