-
The Department of Homeland Security has sounded an alarm about Backoff, a relatively new type of malware. The warning was directed mainly at retailers' point-of-sale networks, but banks are also susceptible.
August 4 -
The Senate Intelligence Committee on Tuesday approved a bill that would expand information-sharing between the public and private sectors about cybersecurity threats.
July 8 -
As expected, the U.S. House of Representatives on Thursday passed a controversial bill that aims to bolster the nation's defenses against cyber threats.
April 18 -
The U.S. government's push to fortify the nation's cyber defenses should complement industry efforts, bank and credit union lobbying groups are expected to tell Congress on Tuesday.
May 21
The lazy, hazy days of summer appear to have no effect on cybercriminals. If anything, they seem to be emboldened to conduct more attacks. The continued absence of national
The recent massive malware attack called
That's far from the only cyberattack this August.
Since most of the major data breaches have been engineered through malware, chip-and-pin technology alone would not have prevented them. In order to make customer transactions safer, Congress should hold retailers and any other businessesresponsible for the storage of consumer data subject to standards similar to those imposed on financial institutions under the Gramm-Leach-Bliley Act. Under Gramm-Leach-Bliley, credit unions and other financial institutions are required to meet certain criteria for safekeeping consumers' personal information.
In order to relieve financial institutions saddled with the costs of replacing compromised credit cards through no fault of their own, Congress should require merchants to pay for the costs of breaches that occur on their end particularly when negligence may have led to the attack. The Target data breach alone will cause financial institutions to lose $480 million in card replacement costs and other expenses, according to estimates by the National Association of Federal Credit Unions.
Merchants should also be required to post their data security policies at the point of sale if they take sensitive financial data and to notify account servicers or owners including financial institutions whenever any personally identifiable information has been collected. Such a disclosure requirement would come at little or no cost to the merchant, but would allow consumers to be better educated about what merchants may be doing with their personal information and the risks to which they are exposed.
To help prevent future security issues, breached merchants or retailers should be required to demonstrate that they have taken all necessary precautions to guard data. And Congress should enforce data retention prohibitions in existing agreements between merchants and card companies, as well as establish statutory standards prohibiting retailers from retaining payment card information. Many retailers today store sensitive personal data in their systems, leaving that information vulnerable to breaches.
For the sake of America's economy and consumers, Congress must take steps to protect consumer financial information from cybercriminals. Retailers must be held to the same strict standards of data security and breach notification to which all financial institutions must adhere.
Carrie Hunt is senior vice president of government affairs and general counsel at the National Association of Federal Credit Unions.
