LANSING, Mich. (1/22/14)--In a letter to U.S. Sen. Debbie Stabenow (D), Michigan Credit Union League President/CEO Dave Adams addressed the financial liability of merchants when data breaches occur.
"Despite standards held up by the retail industry as protections for consumer data, industry self-policing and enforcement of such is inadequate and often retroactive," Adams wrote in a Jan. 10 letter.
"This becomes less startling, however, when one considers that it is the financial institution supporting the breached card, and not the retailer, that is often 'left holding the bag' for the initial costs related to card replacement (including analysis and member communication) and the later cost of fraud itself."
Initial results of a survey by the Credit Union National Association show that credit unions already have incurred $30 million in costs since the announcement of retail-giant Target's massive data breach (See related story: "Target breach to cost CUs estimated $25M-$30M, CUNA study shows"). More than 40 million credit and debit card accounts and personal information of 70 million consumers was compromised in the breach that occurred around prime holiday shopping season last year.
Adams queried why financial institutions and their members bear the consequences of a retailer's failure to adequately store and protect consumer data.
"Shouldn't a retailer be held accountable for their own inadequate efforts, and shouldn't there be some recourse for those harmed that must ultimately bear the costs involved?" he wrote.
In a Friday column on Huffington Post, CUNA President/CEO Bill Cheney also called for merchants to be held financially liable for the impact on consumers and their financial institutions.
Adams referenced the Dodd-Frank Act-imposed debit interchange cap, too. "As you will recall, during the passage of Dodd-Frank, the 'Durbin amendment' shifted billions of dollars of interchange income from financial institutions into retailers' pockets, with no identifiable price-relief or benefit to consumers."
On Friday, the debit card interchange case NACS, et al. v. Board of Governors of the Federal Reserve System was heard by the U.S. Court of Appeals for the District of Columbia. (See Tuesday's News Now: "Appeals court to closely examine lower court interchange ruling.")