-
An American Banker poll finds that only 10% of financial institution executives say reissuing cards is too expensive and inconvenient.
December 27 -
Merchant and banking groups are again at odds over cybersecurity policy, sparring over whos to blame for recent data breaches and how lawmakers can ensure greater protections.
November 12 -
With media outlets reporting the grisly details, there has never been a better time to educate commercial account holders about the risks associated with online banking, particularly phishing attacks.
February 26 -
Retail and financial services trade groups have launched a new partnership aimed at improving cybersecurity across both industries.
February 13
It is hard to believe that a year has gone by since Target disclosed a massive data breach and harder still to accept that consumers face a new holiday shopping season without the benefit of national standards on
This inertia is especially disconcerting given the continuing rash of retail data breaches that consumers have had to endure since the Target hack, including breaches at Home Depot, Michaels, Sally Beauty Supply, Neiman Marcus, AOL, eBay, P.F. Chang's Chinese Bistro, Supervalu, Dairy Queen, Jimmy Johns, Kmart, Staples and Bebe Stores. More than 679 breaches have occurred in 2014 thus far, according to the
Clearly, consumers' data remains extremely vulnerable to cybercriminals who often target the weakest links in data protection: retailers. Unfortunately, consumers and their financial institutions are paying the price. The Target data breach alone will cause financial institutions to lose nearly $500 million in card replacement costs and other expenses, according to estimates by the National Association of Federal Credit Unions. U.S. District Judge Paul Magnuson ruled in December that financial institutions claiming to have spent
Unlike retailers, financial institutions maintain rigorous internal protections to ward off criminal attacks. They are required by federal law specifically, the Gramm-Leach-Bliley Act and by regulation to protect this information and to notify consumers when a breach occurs that may put them at risk.By contrast, retailers are not subject to any federal laws or regulations on consumer financial data protection and breach notification.
This disparity in data security standards is both irrational and hazardous for our economy. No amount of diligence on the part of financial institutions will help prevent future data breaches if retailers are not held responsible by national data security standards like the ones applied to financial institutions under Gramm-Leach-Bliley.
It's clear that retailers' investment in cybersecurity is disproportionate to that of financial institutions. Financial services companies will
While retailers continue to resist responsibility for breach costs or federal supervision, they continue to push for the adoption of chip-and-PIN technology. Many financial institutions are already moving toward this goal ahead of the October 2015 deadline for implementation of the technology.
Although chip-and-PIN technology is an important security measure, it is not a panacea. The improved technology can help reduce fraud and strengthen data security. But for consumers to be more reasonably protected, advances in technology must be implemented in conjunction with merchants' compliance with federal standards for the safekeeping of financial data, cost liabilities, and breach notification in the event of an attack.
NAFCU
Ultimately, Congress needs to take action to end the raid on American consumers' financial and personal information. This goal has a better chance of being realized if retailers are subject to the same national data security standards that apply to financial institutions. Until we close the loop on cybercriminals, it will be open season on American consumers and on our nation's economy.
B. Dan Berger is president and chief executive of the National Association of Federal Credit Unions.
