Credit cards are the primary form of payment received by most retailers. In order to process a credit card, a retailer must enter into an agreement with a bank and a payment processor. Payment processing agreements often have significant impacts on a retailer’s financial liability in the event of a data breach. In many cases, the contractual liabilities that flow from a payment processing agreement surpass all other financial liabilities that arise from a data breach, including the cost to investigate an incident, defend litigation, and defend a regulatory investigation.
The following checklist describes common data security related provisions to look for within most payment processing agreements: