Shops fight back on data breaches

The National Association of Convenience Stores is hitting back against credit unions over “finger pointing” on data breaches.

In a letter to congressional leaders on Tuesday, the trade group pushed back against calls for new laws on retailers’ data security.  


“Financial institutions do not reimburse retailers for fraud costs retailers incurred when the financial institutions suffer data breaches,” trade group senior vice president Lyle Beckwith wrote. “Nor, of course, do financial institutions object to getting paid for these costs twice.”

He pointed to banks’ and credit unions’ habit of issuing “fraud-prone” credit and debit cards, which do not come with the extra security of a special microchip and PIN number, as some foreign cards do.

The financial industry’s resistance on those cards, Beckwith, added, “directly contradicts our shared interest in improving data security.”

Last week, the National Association of Federal Credit Unions urged lawmakers to pass a federal data security standard for retailers that handle people’s financial data. 

Unlike stores and restaurants, financial institutions are subject to certain data security rules under the Gramm-Leach-Bliley Act, and the credit union trade group claimed that “entities must be capable of protecting their own systems in order to protect consumers.”

Banks and retailers have sparred repeatedly in the past over responsibility for data breaches, among other issues.

Despite the tensions, many major companies on both sides of the divide managed to come together in the wake of last year’s massive hack at Target to share information and work on ways to fight hackers. 

Industry groups have pushed Congress to act on some type of federal law for notifying people after their personal or financial information may have been hacked, but so far those efforts have largely stalled in Congress.