The penalties for noncompliance are significant. The card brands can fine the retailer, and raise the transaction fees levied for each credit or debit card transaction.
A finding of noncompliance also will be potent ammunition for the inevitable lawsuits that will likely emerge.
One plaintiff is likely to be the banks that issued the cards to consumers. These banks eat any fraudulent charges made on the cards, and may have to cancel existing accounts and reissue new cards. So far, 1,800 fraud cases have been reported in connection with the breach.
This wouldn't be the first time banks sued a retailer. It's exactly what happened in the TJX case: a group of banks in the Northeast sued TJX and then settled. TJX also has settled separate class-action suits brought on behalf of consumers -- and promised to have a one-day sale as part of the settlement.
And here's another wrinkle. If Hannaford Bros. is a Level-1 merchant, it had to undergo an assessment by a third party to determine PCI compliance. If the card brands rule that Hannaford is noncompliant, will Hannaford sue its assessor? If so, that could have a chilling effect on other assessors and throw a monkey wrench into the PCI compliance process.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
