Target Breach — Are Dodd-Frank “Swipe Fee” Price Controls to Blame?

Target wants  you to know it is oh-so-sorry for any inconvenience its data SNAFU (as OpenMarket is a family blog, please look up the acronym) has caused, and as a token of its concern, it offered customers a whooping 10 percent discount this weekend!

In the meantime, who is cleaning up the mess from Target’s breach that has affected as many as 40 million credit and debit card accounts? The nation’s banks and credit unions — big and small. In East Tennessee, for instance, Citizens National Bank canceled and reissued 1,000 credit and debit cards potentially affected, but took the step of calling each customer beforehand.

This is just the latest incident in which banks and credit unions that issue credit and debit cards have had to step up to the plate after a retailer’s customer data is compromised. As noted by Wisconsin Credit Union League CEO Brett A. Thompson, upon a data breach at Michaels craft stores in 2001, the financial institutions “had to determine which states were involved, monitor potentially compromised accounts, manually reduce limits for both ATM and PIN transactions, monitor ATM transactions in the affected states, notify debit card holders of potential fraud on their accounts, issue new debit cards to those whose accounts were compromised and refund money to fraud victims.”

Yet how do retailers repay banks and credit unions and their own customers? By complaining about how much the have to pay in credit and debit card “swipe fees” and lobbying for price controls, such as the Durbin Amendment of the 2010 Dodd-Frank financial “reform,” which limited what retailers can be charged for debit cards to 21 cents per swipe (a level a judge has now ruled is not draconian enough in a pending court case!).

The Target data breach shows how empty and self-serving the retailers’ arguments really are. The very term “swipe fees,” invented by the retailers’ lobby as a pejorative for interchange fees, implies that all there is to enabling debit and credit card processing is a couple “swipes.” But even when things seem to be running perfectly, banks, credit unions, and card networks are constantly maintaining and updating a sophisticated electronic infrastructure. They have thwarted several attempted “denial of service” attacks by hacker groups such as Anonymous.

In 2011, I was privileged to be part of a bipartisan group of observers at the Visa data center on the East Coast. As described by USA Today, “A NASA-like command center, with a 40×20-foot wall of screens and 42 firewalls, monitors the company’s worldwide network, which Visa says processes 2,500 transactions per second.” According to what USA Today calls a “conservative estimate,” Visa and its member banks and credit unions probably have spent “hundreds of millions of dollars, based on construction costs and equipment housed at the facility.”

But these costs do not vanish when retailers get politicians to put limits on what banks and credit unions can charge them for processing debit and credit cards. When the price controls from Dodd-Frank’s Durbin Amendment went into effect in 2011, most of the costs were simply shifted from retailers to consumers. In 2009, the year before Dodd-Frank and its Durbin Amendment became law, 76 percent of banks offered free checking with no minimum balance. According to a survey by Bankrate.com, by 2011 just 45 percent offered this service, and this figure dropped to 39 percent in 2012. Bankrate fingered the Durbin price controls as a big factor, pointing to “new rules capping the cost of debit card swipe fees for U.S. retailers.”

The biggest cost of the Durbin Amendment may be in what, in the words of the great economist Federic Bastiat, is “not seen.” As I have noted previously in OpenMarket in the months after Dodd-Frank became law,

There are only so many costs that can be transferred to consumers, and merchants are likely reap what they’ve sown in terms of both the quantity and quality of services from financial institutions in debit card processing, which will slow down sales and enable more security breaches. Shortages are an outcome of all price controls that act as price ceilings. As the great free-market economist Thomas Sowell writes in his book Basic Economics, price ceilings mean “less is supplied at a lower price than at a higher price — less both quantitatively and qualitatively.”

If the Durbin price controls hadn’t reduced incentives for new payment processing technologies, would banks, credit unions, and card networks have come up with new ways to fight data breaches like Target’s? We will never know. The discomfort consumers are feeling as a result of the data breach may partially be the fault of the same administration and pre-2011 Democratic-controlled Congress that, by ramming through Obamacare in the same way it rammed through Dodd-Frank, is causing so much legitimate panic due to cancelled insurance policies.

Despite everything, please have a wonderful Christmas or whatever occasion you are celebrating. And let’s make 2014 a year for the restoration of our liberty and prosperity!