Most retailers do not understand the legal and technical jargon that applies, but they are exposed to risks that can result in suits of 100,000 USD or more. Of course, the retailer can also lose customers who have been the victims of fraud. Chances are the customers will not return. The trust between the retailer and the customers has been lost.
The question is, who is liable for the breach?
The retailer can plead ignorance and say that the responsibility is due to the software provider or reseller. But, legally speaking, the data was stored on the retailer’s database. So it is the duty of the retailer to ensure that the sensitive data is kept safe. As a result, retailers can be sued for losses that result from a security breach. Retailers can in turn sue the software vendor or reseller.
Thankfully, there is a way to avoid these problems. It’s far safer to process credit card payments via a certified PCI-compliant POS system like Posterita. But, unfortunately, there are still many legacy and old POS systems being used to process payments that are non PCI compliant. So they do not meet legal security requirements.
Retailers should contact their POS reseller to ask about PCI compliance.