WASHINGTON (2/4/14)--The Target data breach has affected 10% of the credit and debit card customers of every credit union and bank in the country, the Credit Union National Association and other financial services representatives said in a Monday letter to the U.S. Senate.
The letter was submitted for the record of a hearing conducted Monday by the Senate Banking subcommittee on national security and international trade and finance entitled "Safeguarding Consumers' Financial Data."
"The financial services industry stands ready to assist policymakers in ensuring that robust security requirements apply to all participants in the payments system," CUNA and the cosigners said.
"Our payments system is made up of a wide variety of players: financial institutions, card networks, retailers, processors, and new entrants. Protecting this eco-system is a shared responsibility of all parties involved and all must invest the necessary resources to combat increasingly sophisticated breach threats to the payments system," the letter added.
One hearing witness, Federal Trade Commission Bureau of Consumer Protection Director Jessica Rich, told the assembled senators that the FTC supports federal standards for data security and breach notification. She highlighted that there are state standards and yet no federal standard.
Subcommittee member Robert Menedez (D-N.J.) asked the assembled panelists if they could have a flexible standard like chip and PIN that could evolve when that technology was outdated. However, legislators also noted that Chip and PIN won't solve all financial data security issues, and said there should be more standards and technology adopted to address broader issues.
CUNA in the letter again urged legislators to follow three basic principles as they consider data security fixes:
All participants in the payments system should be responsible and be held to comparable levels of data security requirements;
Those responsible for the data breach should be responsible for the costs of helping consumers; and
Consumers should know where their information was breached.
The letter was cosigned by the American Bankers Association, The Clearing House, Consumer Bankers Association, Financial Services Information Sharing and Analysis Center, The Financial Services Roundtable, Independent Community Bankers of America and the National Association of Federal Credit Unions.
These principles were highlighted in a CUNA letter submitted for the record of Monday's hearing, and CUNA will provide similar statements as hearings are held later this week. The other data security hearings are:
A Tuesday Senate Judiciary Committee hearing entitled "Privacy in the Digital Age: Preventing Data Breaches and Combating Cybercrime.";
A Wednesday House Energy and Commerce manufacturing and trade subcommittee entitled "Protecting Consumer Information: Can Data Breaches Be Prevented?"; and
A Thursday Senate Banking Committee hearing entitled "Oversight of Financial Stability and Data Security." Several federal banking regulators will testify, but the National Credit Union Administration is not on the list of regulators invited to testify.