Comptroller of the Currency Thomas Curry says “it’s only fair” that merchants should be responsible for some of the expenses that result when their systems are breached. Security experts say Curry’s statements could signal a recommendation from banking regulators that either they or Congress should get more involved in making sure retailers’ cybersecurity practices are monitored. National Association of Federal Credit Unions has called for legislation that would regulate merchant point-of-sale security. Banks and credit unions that do not comply with GLBA data protection requirements face civil and criminal penalties.”]
Source: https://www.cuinfosecurity.com/occ-retailers-accountable-for-breaches-a-7555