Credit unions press for data security mandate on retailers

The spat between retailers and credit unions over data breaches is escalating as customers head into the holiday shopping season.

A top credit union trade group is pressing Congress to issue national data security standards for retailers, arguing that they are putting customer information at risk and unfairly costing credit unions.

ADVERTISEMENT
Cyber thieves “often target the weakest links in data protection — that is, retailers,” said Dan Berger, CEO of the National Association of Federal Credit Unions (NAFCU).

“To protect consumers’ data, help prevent identity theft and reduce breach costs overall," Berger said, "NAFCU urges Congress to establish national data breach and notification standards for retailers."

For several years, Congress has considered passing laws that would mandate consistent data security standards for any industry handling consumer information.

These laws would also create a single standard for notifying customers of a data breach, replacing the 47 different state-based standards.

Industry groups and lawmakers generally agree federal standards are needed on data breach notifications. More contentious is how much data security Congress should require of companies, and how those levels would be enforced.

Because of congressional inaction, Berger said, “consumers and their financial institutions — including not-for-profit, member-owned credit unions — are paying the price.”

Retailers have pushed back against credit union criticism, pointing to a joint cybersecurity partnership with the financial services industry. Credit union groups, though, refuse to join the partnership, despite invitations from retail trade groups — a source of friction between the two sides.

The NAFCU is particularly worried about incurring costs from data breaches heading into November and December, traditionally the two biggest shopping months of the season.

According to the National Retail Federation (NRF), those two months will generate $616.9 billion in total sales this year.

Many of those purchases are moving online. Compared to the end of 2013, the NRF expects online sales to increase 8 percent to 11 percent this year.

Two days in the coming week — Black Friday and Cyber Monday — will generate a good chunk of those boosted online sales, more than $5 billion, according to Adobe Systems's Digital Index.

But the increased volume, both in stores and online, is an attractive target for cyber criminals seeking credit card information and personal data on shoppers.

The Target data breach, one of the biggest credit card information hacks of all time, occurred during last year’s holiday shopping season.

Credit unions say retailers haven’t done enough to prevent a repeat, despite notable increases in cybersecurity spending.

“Consumers’ sensitive personal and financial information, both online and in the stores, is as vulnerable as ever to cyber criminals,” Berger said.