WASHINGTON (1/6/14)--In the aftermath of the Target data breach, the Credit Union National Association has reached out to House Financial Services and Senate Banking Committee leaders, encouraging them to "fully examine the chronic issue of merchant data breaches, their impact on consumers and financial institutions."
The Target data breach compromised 40 million debit and credit cards and included stolen encrypted PIN data. "The cost of a merchant data breach--whether it is at a large national merchant or a local merchant--can be significant for credit unions of all sizes," CUNA President/CEO Bill Cheney wrote.
"Failure to hold merchants fully accountable for data breaches when they occur ultimately harms consumers, undermines their confidence in our payments system, and adds to their growing frustrations that government is not protecting their interests," Cheney added in the letter, which was sent to House Financial Services Committee Chairman Jeb Hensarling (R-Texas), ranking committee minority member Maxine Waters (D-Calif.), Senate Banking Committee Chairman Tim Johnson (D-S.D.) and ranking committee minority member Mike Crapo (R-Idaho).
"In the weeks following this breach, the first priority for credit unions has been to ensure that their members are protected from fraudulent transactions now and in the future...The steps credit unions have been taking include notifying members who have been affected, helping them to monitor their accounts and urging them to review their account statements, reversing fraudulent transactions and reissuing their cards, when appropriate," Cheney wrote. CUNA is also surveying credit unions about the effects and costs of the recent Target data breach. (See News Now item: CUNA Survey Seeks Data Breach Cost Details.)
"By contrast, Target's response to the breach has been in line with some other companies' responses to breaches since merchants are rarely held responsible for reimbursing financial institutions for the cost that the data breach has caused the financial institution or consumers to incur," he added. Cheney suggested that merchants that accept debit and credit cards should be subject to the same high data security standards as credit unions. Further, credit unions should have the ability in all instances to tell their members the name of the merchant where their accounts were compromised, and merchants that have data breaches should by law be financially liable for the impact of the breach on affected consumers and financial institutions, Cheney added.
Senate Banking Committee members Mark Warner (D-Va.) and Robert Menendez (D-N.J.) have also called for a hearing on consumer data security. (See Jan. 3 News Now: Senators Push for Consumer Data Security Hearing.)