In a recent op-ed on the Congress blog by Lyle Beckwith of the National Association of Convenience Stores (NACS) about the merchants “responsibility” for data breaches, he ends by saying “that instead of pointing fingers we should all find ways to prevent data breaches and fraud.”
Credit unions couldn’t agree more. It is imperative that we both do what we can to protect consumers from these frequent and inconvenient breaches on their credit and debit cards. Below are three simple suggestions that we feel could go a long way towards easing the burden of data breaches on the American consumer.
- National standards for safekeeping information- It is critical that a consumer’s sensitive personal information be safeguarded at all stages of transmission. There should be a federal standard that personal information, including names, addresses, and phone numbers; bank and credit card account numbers; income and credit histories; and Social Security numbers are all secure. Consumers should be able to trust that entities collecting this type of information will, at the very least, make a minimal effort to protect them from such risks. Credit unions and other financial institutions already have this requirement under federal law. We hope that NACS will support such a law for their members.
- Set notification and disclosure standards- Guarantee that all necessary parties are informed in a timely manner when and where a data breach has occurred. Establish standards for identifying potential identity theft threats and require standards for information sharing so when red flags come up we are able to act early and act fast to protect consumer’s financial well-being. Credit unions and other financial institutions already have this requirement under federal law. We hope that NACS will support such a law for their members.
- Limit a consumer’s liability- If a data breach occurs it is our job to provide affected consumers with necessary resolution tools such as remuneration; monitoring accounts for fraud; reissuing cards and other tools necessary to help them recover from financial burden. Credit unions are already doing this, often on their own dime. What Mr. Beckwith’s editorial doesn’t tell you is that his association is fighting tooth and nail not to do this by opposing a legal settlement on the credit interchange issue that is supported by hundreds of other merchants and even challenging in court the fraud costs their members are being asked to pay under the Federal Reserve’s new Durbin Debit Interchange Rule.
When data breaches have occurred, like recent ones at Target and Neiman Marcus, credit unions were the ones who monitored (and continue to monitor) their members accounts for possible fraudulent charges; who reimbursed consumers whose accounts were compromised; and who replaced thousands of debit and credit cards that were potentially affected. The estimated costs of the Target breach alone on credit unions is close to $30 million dollars. Most credit unions have yet to see a dime back from the retailers to cover these costs. With the Wall Street Journal reporting that investigators at Verizon are looking into two additional similar data breaches at undisclosed retailers, the cost on credit unions will likely continue to rise. Unfortunately, the cost of these breaches takes money away from credit unions that they would return to their members in the form of lower rates, rebates and higher interest for checking and savings accounts.
We agree that it is important to work together to prevent data breaches and fraud and protect the American consumer. We hope NACS will join us in that effort by supporting congressional action on the three suggestions we’ve outlined here.
It is time for the government to step in and hold merchants that accept electronic payment transactions to the same standards that they hold financial institutions. It’s common sense for the consumer, the credit union and the merchant.
Marisic is vice president of Political Affairs at the National Association of Federal Credit Unions.