Cybersecurity in the Payment Card Industry
Cybersecurity in the Payment Card Industry
Full Citation
Richard A. Epstein and Thomas P. Brown, Cybersecurity in the Payment Card Industry, 75 (1) U. Chi. L. Rev. 203-223 (2008).
Categorization
Issues: Actors and Incentives, Financial Institutions and Networks, Regulation/Liability, Attribution, Cybercrime
Key Words
Crimeware Hacker Organized Crime Malware Credit Card Fraud
Synopsis and Key Themes
The payment card industry has of late received an enormous level of critical academic scrutiny. The two issues that have dominated the literature are antitrust and consumer protection. The former deals with the various ways in which credit card companies structure them- selves and their possible exposure to charges of monopolization. The latter deals with various forms of legislation that ask whether, and if so how, state regulation should mandate disclosure on the one hand and limit the substantive terms of consumer contracts on the other. From our classical liberal perspective, we think that these two jump- ing-off points are odd places to begin the inquiry, given the high level of competition that exists everywhere in the credit card industry, both from established players and from new entrants.' Using a payment card (as opposed to some other form of payment) rests on voluntary decisions by consumers and merchants, as well as the banks with which they interact. Although it is theoretically possible to imagine government intervention improving on the outcome that these multi- ple parties are able to achieve through contract, in practice, a litany of political pressures and regulatory glitches make it highly unlikely that those results could be achieved.