LIVONIA, Mich. (2/11/14)--The Michigan Credit Union League has sent a letter to the Consumer Financial Protection Bureau (CFPB) urging the agency to begin regulating retailers in the wake of recent data breaches, including incidents at retail giants Target and Nieman-Marcus.
The league said the retailers caused extensive harm to consumers by not implementing proper security protocols and not protecting consumers' sensitive personal and financial information.
The Dodd-Frank Act gives the CFPB authority to regulate retailers because the breaches have caused substantial injury to consumers, said MCUL CEO David Adams.
"MCUL strongly urges the CFPB to engage in supervision of retailers that pointedly fail to take proper steps to protect consumers and their private information in the course of offering and providing consumer financial services," Adams wrote in the letter. "Consumers would certainly benefit from the regulation of a retail industry that, at the moment, relies on largely self-policing standards that are inadequate to the point of consumer deception."
The interchange rule in the Dodd-Frank Act has shifted billions of dollars of interchange income from financial institutions to retailers with no discernable consumer benefit, according to the letter. However, financial institutions still bear most of the risk regarding potential fraud losses.
"This liability dynamic represents an arbitrary windfall that does nothing to encourage real reform or consumer protection, and cuts at financial institutions particularly hard-lost revenue, and lost wherewithal to pay for the sins of the retail community," Adams said. "It is time to bring shared accountability back into the equation for data breach liability."
Target announced in December that between Nov. 27 and Dec. 15--during the busy holiday shopping season--that debit and credit card information of about 40 million consumers had been compromised, a number that has grown to 70 million since. In addition, Neiman-Marcus announced a data breach to its system and Michael's said that its system may have also experienced a data breach.
The Credit Union National Association's survey on the cost of the Target breach to credit unions is an estimated $25 million to $30 million.