Quote:
Originally Posted by Shopaholic
Carpetmojo, what happens where I work is that when a card has been used at a location that has been identified as being compromised it goes on a watch list. They watch the activity on that card and when there is usage that is out of the norm for the actual account holder, they shut it down.
If they immediately shut down all cards that were used at a location that has been compromised it would be a huge inconvenience for patrons because sadly, it happens a lot. Some people would end up constantly getting new cards.
|
Depends on the circumstances. When a web site gets compromised, they do, in fact, cancel
all the cards and reissue them. And the cost is, in fact, millions in the larger breaches. It's a big, big deal. That's the whole point of PCI compliance (network security standards that all credit card merchants are expected to meet). A merchant who isn't compliant is responsible for 100% of the costs assocaited with investigating the breach, and 100% of all remediation costs. In short, it can put nearly any company out of business. If, however, they are compliant, the issuing banks foot the bill. And they are far more concerned with stopping the fraud than they are with their customers' inconvenience (as they must be - it would be far more inconvenient if they went bankrupt).