A lot depends on the particular incident, with respect to who's more responsible for the issue that occurs. First and foremost, an attacker is always the first person. They are the ones who did the wrong thing, but within the four-party model, there's an issuing bank, an acquiring bank, and then you have the merchant and the cardholder.
The cardholder reaches out and works with the merchant, and I would say a lot of times we encounter issues with the merchant because there's some sort of security issue, there's something wrong there. Maybe information is captured or stolen from this point.
We're doing a lot to remove the value of any information that the merchant may have with tokenization. If you use your Apple Pay, there's not a PIN, there's not a 16-digit number that you're most comfortable with. We provide a token that can only be used a certain way. You can't steal it and then make it usable on another device or a computer. There's a token that's on your Apple Pay. We power the token that's in Apple Pay. We're taking that tokenization—