WASHINGTON (1/21/14)--"The cost of a merchant data breach--whether it is at a large national merchant or a local merchant--can be significant for credit unions of all sizes," and merchants that are involved in data breaches "should by law be financially liable for the impact of the breach on affected consumers, as well as their financial institutions," Credit Union National Association President/CEO Bill Cheney wrote in a Huffington Post column published Friday.
Cheney in his column commented on the recent Target and Neiman Marcus data breaches, which are not the first breaches of their kind and "are not likely to be the last." Much attention has been paid to the Target breach because of its size and scope, but these occurrences happen more frequently than we would like to admit, and even at smaller vendors, he wrote.
Credit unions provide exceptional service to their members in responding to these events, but many members wonder why their credit unions must bear the cost of the merchants' negligence, and why Congress has not done more to make merchants responsible for breaches of their data systems, he said. CUNA is working to assess the costs the Target breach has created for credit unions, and is releasing preliminary results from a survey on the issue this week. (See News Now story: Initial results expected this week from Target breach survey.)
Credit unions are working with members that have been impacted by data security breaches, notifying those that have been impacted, helping them to monitor their accounts and urging them to review their account statements and reversing fraudulent transactions and reissuing cards at no cost. However, these actions will not be reimbursed by Target. Target and other merchants are rarely held responsible for reimbursing financial institutions for the cost that the data breach has incurred on them and, in the case of credit unions, their members, Cheney emphasized.
When all is said and done, credit unions and banks will have spent millions on what appears to be a major security failure caused by Target and other retailers' inability to protect consumer data. "It's time for Congress to act to stop the cycle," Cheney said.
For the full Huffington Post column, use the resource link.