Sharing the cost of cybersecurity

Unless you happen to be massive global conglomerate distributing a movie about assassinating the leader of North Korea, your risk of a cyber security problem probably won't draw international attention.

But it's drawing plenty of attention at your local bank.

As the Iowa Bankers Association points out, it's financial institutions that carry most of the costs for data breaches, no matter where those breaches occur or who is responsible for a security breakdown. So it makes sense that the association is pursuing the adoption of new fraud-fighting technologies and is making the argument to state leaders and beyond that the cost of cybersecurity should be shared by all players in the digital commerce system.

That includes consumers, who should not be liable for fraudulent purchases but who must learn more about reducing their personal risk.

Among 73 Iowa banks that responded to an IBA survey early last year, 97 percent reported having customers with credit or debit that had been compromised, and 53 percent of those banks lost funds from those cards. Adding up those losses with the cost of reissuing cards, the cost of data breaches for those banks topped $700,000.

New technology is coming, including chip-based EMV payment cards that will replace cards with magnetic strips. Banks also are optimistic about the potential effect of tokenization technology, which assigns a separate number to each card transaction and makes it harder to pass account information between systems.

Fighting fraud, cleaning up problems and adopting new technology all carry costs. And we agree with banks those costs should be shared beyond financial institutions. Businesses and processor networks also should have more skin in the game, not only as a matter of fairness, but also to encourage owners and operators to take cybersecurity seriously.

Consumers now expect it. But it's also fair to expect more from consumers, so long as they have access to the resources and information they need to limit their exposure to fraud. Banks, other financial institutions and businesses should do as much as they can to distribute that information and educate customers. Even if they aren't directly responsible the cost of fraud, its costs to the banking system will hit the pockets of customers.

Now, we hope state and federal lawmakers will pay attention to the need for better balance in the fight to guard our financial data.

' Comments: (319) 398-8262; editorial@thegazette.com