Credit unions are repeating their calls to Congress to establish federal data security standards.
In a letter on Wednesday to congressional leadership, the National Association of Federal Credit Unions pointed to recent high-profile data breaches, including one at Target that impacted the financial and personal information of tens of millions of consumers.
"How many more consumers will have to be affected before Congress will act?" the group wrote.
Among a series of hearings and calls for action earlier this year, lawmakers — including Senate Commerce Committee Chairman Jay RockefellerJay RockefellerObama to preserve torture report in presidential papers Lobbying world Overnight Tech: Senators place holds on FCC commissioner MORE (D-W.Va.), Senate Judiciary Committee Chairman Patrick LeahyPatrick LeahyDem senator asks for 'top to bottom' review of Syria policy A guide to the committees: Senate Verizon angling to lower price of Yahoo purchase: report MORE (D-Vt.), and Sens. Tom CarperTom CarperA guide to the committees: Senate Senate advances Trump's Commerce pick Warren: Trump's EPA pick the 'attorney general for Exxon' MORE (D-Del.) and Roy BluntRoy BluntA guide to the committees: Senate Judiciary Committee wants briefing, documents on Flynn resignation Intel Dem: House GOP now open to investigating Flynn MORE (R-Mo.) — have introduced legislation aimed at heightening data security standards.
In its letter this week, the credit union group urged Congress to create federal standards to protect consumers and financial institutions.
While financial institutions are subject to federal data security standards, "retailers and many other entities that handle sensitive personal financial data are not subject to these same standards, and they become victims of data breaches and data theft all too often," the letter said.
The group outlined the costs of data breaches on credit unions, such as monitoring accounts for fraud and issuing new credit cards.
Credit unions "suffer steep losses in re-establishing member safety after a data breach occurs," the letter said.
The credit union group pushed back on the idea that financial institutions should "expedite the switch" away from traditional credit cards with magnetic strips to those that use "chip and PIN" technology.
While some — including some members of Congress — want to push financial institutions to adopt the technology more quickly, the chip and PIN technology "is no panacea for data security and preventing merchant data breaches," the group said.
That technology "does not protect against online fraud" and only heightens security of customer data if retailers also adopt the technology, the letter said.
Instead, Congress should establish standards to protect consumers from data breaches, the group wrote.
The relevant companies should have to alert financial institutions when they suffer data breaches and shoulder some of the data-related costs that credit unions face, "especially when [the companies'] own negligence is to blame," the letter said.
Additionally, Congress should require that companies limit their data retention, be more transparent about their data protection policies and tell customers when their systems have suffered from a data breach, the letter said.
"The colossal scale of recent data breaches continues to demonstrate the necessity for Congressional action."