20 October 2017
visit www.response.ncr.com

Credit Union lobby urges Congress to act on retailer data security failings

20 December 2013  |  6516 views  |  1 Washington capitol hill

In the wake of the massive data card breach at Target retail stores in the US, the National Association of Federal Credit Unions (Nafcu) has urged Congress to crack down on data security weaknesses in the merchant industry.

Retail chain Target confirmed yesterday that approximately 40 million credit and debit card accounts may have been impacted over a two-week period beginning on Black Friday, the busiest shopping day of the year.

The stolen data includes customer names, credit and debit card numbers, card expiration dates and the CVV1 security code stored on the card's magnetic stripe.

The break-in at Target follows similar mammoth lapses at other major retailers, including TJX and Marshall's stores.

In a letter to House Speaker John Boehner and Minority Leader Nancy Pelosi, Nafcu President and CEO Dan Berger noted that financial institutions, including credit unions, have been subject to standards on data security since the passage of Gramm-Leach-Bliley. However, retailers and many other entities that handle sensitive personal financial data are not subject to these same standards.

Says Berger: "While these entities still get paid, financial institutions bear a significant burden as the issuers of payment cards used by millions of consumers. Credit unions suffer steep losses in re-establishing member safety after a data breach occurs. They are often forced to charge off fraud-related losses, many of which stem from a negligent entity's failure to protect sensitive financial and personal information or the illegal maintenance of such information in their systems."

The letter urges Congress to make data security a priority issue in 2014, including convening hearings on the data protection standards of merchants and what can be done to strengthen them.

It also calls for a legislative change that would enforce retailers to cover financial institution costs associated with a data breach and to address the violation of existing agreements and law by merchants and retailers who retain payment card information electronically.

Nafcu also supports the passage of legislation requiring any entity responsible for the storage of consumer data to meet standards similar to those imposed on financial institutions under the Gramm-Leach-Bliley Act, and rules requiring mandatory disclosure to consumers and banks of retailer breaches.

"Target Corporation is just the latest in a string of several large-scale data breaches impacting millions of American consumers. The aftermath of these previous breaches demonstrate what we have been communicating to Congress all along: credit unions and other financial institutions - not retailers and other entities - are out front protecting consumers, picking up the pieces after a data breach occurs," writes Berger. "It is the credit union or other financial institution that must notify its account holders, issue new cards, replenish stolen funds, change account numbers and accommodate increased customer service demands that inevitably follow a major data breach. Unfortunately, too often the negligent entity that caused these expenses by failing to protect consumer data loses nothing and is often undisclosed to the consumer."

Comments: (1)

A Finextra member
A Finextra member | 20 December, 2013, 11:18

Crime will always migrate to the weakest point. Having failed to implement Chip & Pin in the USA it's innevitable that something like this would happen (again!), though why Target were keeping and storing the card security codes is beyond me!  It'd be interesting to know if they were PCI-DSS compliant and exactly how the compromise took place.....

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Target says 40 million cards may have been compromised in data breach

Target says 40 million cards may have been compromised in data breach

19 December 2013  |  10315 views  |  2 comments | 11 tweets | 12 linkedin
Connecticut resorts to cheques for tax refunds after JPMorgan Chase data breach

Connecticut resorts to cheques for tax refunds after JPMorgan Chase data breach

17 December 2013  |  4585 views  |  0 comments | 3 tweets | 2 linkedin
Connecticut hits Citi with fine over card data breach

Connecticut hits Citi with fine over card data breach

02 September 2013  |  11251 views  |  0 comments | 8 tweets | 4 linkedin
Corporate data breaches increasingly correlated with consumer fraud reports

Corporate data breaches increasingly correlated with consumer fraud reports

07 June 2013  |  5406 views  |  0 comments | 5 tweets | 1 linkedin
Full extent of FIS data breach comes to light

Full extent of FIS data breach comes to light

04 June 2013  |  14617 views  |  0 comments | 10 tweets | 9 linkedin
US supermarket data breach exposes 2.4m cards

US supermarket data breach exposes 2.4m cards

16 April 2013  |  10301 views  |  3 comments | 13 tweets | 5 linkedin
Retailer sues Visa over data breach penalties

Retailer sues Visa over data breach penalties

12 March 2013  |  9648 views  |  0 comments | 12 tweets | 4 linkedin
Global Payments breach extends to merchant accounts

Global Payments breach extends to merchant accounts

13 June 2012  |  6394 views  |  0 comments
US security agencies to alert consumers of data breaches

US security agencies to alert consumers of data breaches

14 March 2012  |  4519 views  |  0 comments
PCI security standards in the dock

PCI security standards in the dock

12 January 2012  |  11732 views  |  7 comments
Card fraud reports follow supermarket check-out breach

Card fraud reports follow supermarket check-out breach

07 December 2011  |  8093 views  |  2 comments
Citi raises the numbers hit by data breach

Citi raises the numbers hit by data breach

16 June 2011  |  8869 views  |  0 comments
Financial services firms caught up in massive Epsilon breach

Financial services firms caught up in massive Epsilon breach

04 April 2011  |  13008 views  |  2 comments
Heartland pays $5 million settlement to Discover over data breach

Heartland pays $5 million settlement to Discover over data breach

02 September 2010  |  9226 views  |  0 comments

Related blogs

Create a blog about this story (membership required)
visit www.capgemini.comvisit www.vasco.com

Top topics

Most viewed Most shared
Ripple looks to drive bank adoption with $300m XRP rebate programmeRipple looks to drive bank adoption with $...
16027 views comments | 12 tweets | 4 linkedin
satelliteGates Foundation backs Ripple collaboratio...
8259 views comments | 13 tweets | 10 linkedin
HSBC partners Bud for open banking trialHSBC partners Bud for open banking trial
7612 views comments | 20 tweets | 26 linkedin
IBM uses blockchain to improve cross-border payments processingIBM uses blockchain to improve cross-borde...
7253 views comments | 9 tweets | 17 linkedin
Sibos 2017: API or the highwaySibos 2017: API or the highway
6557 views comments | 10 tweets | 21 linkedin

Featured job

Competitive base, double ote, benefits
London, UK

Find your next job