Julia S. Cheney, Robert M. Hunt, Katy Jacob, Richard D. Porter and Bruce J. Summers, all of the Federal Reserve, have written The Efficiency and Integrity of Payment Card Systems: Industry Views on the Risks Posed by Data Breaches. Here is the abstract:
Consumer confidence in payment card systems has been built up over many decades. Cardholders expect to use their cards to execute payment instructions in a reliable and timely manner. Data breaches that degrade the perceived safety and reliability of payment cards may weaken consumer confidence in those systems and potentially cause cardholders to shift to other, and perhaps less efficient, forms of payment. A sizable shift away from payment cards — induced by the consequences of one or more data breaches is unlikely. Even so, the probability of such an outcome is uncertain. In other words, this could be an example of “tail risk” for payment card systems. The authors informally interviewed a number of market participants and several experts to better understand the risks presented by data breaches, the efforts to protect payment card systems against data breaches, and areas where more might be done to secure these systems. In particular, the authors investigated whether existing levels of investment,
coordination, information sharing, and management of incentives in securing payment card systems by firms and organizations in the private and public sectors are adequate to confront the threats arising from modern data breaches. The lessons learned from these conversations are described in this paper. These insights may also be helpful in considering the risks that data breaches may broadly pose to retail payments in the United States.