WASHINGTON (7/18/13)--Merchants must be held to the same high data security standards that are required of credit unions if the nation is to make any progress in the fight to shore up personal financial data, the Credit Union National Association will tell lawmakers today.
In a statement submitted for the record of an 11 a.m. (ET) House Energy and Commerce subcommittee hearing entitled "Reporting Data Breaches: Is Federal Legislation Needed to Protect Consumers," CUNA urges lawmakers to make two important statutory changes.
First, CUNA says, the nation's laws must impose higher merchant data security standards. Second, credit unions and other financial institutions must be allowed to disclose the source of data breaches affecting their members or customers.
CUNA also urges that merchants be required to reimburse consumers and financial institutions for the costs associated with data breaches.
"The chain of data security is only as strong as its weakest link. A data breach can occur anywhere along the payments transaction, from the merchant, to the merchant bank, the issuing card bank, and ultimately the financial institutions," the letter from CUNA President/CEO Bill Cheney notes. The letter reminds lawmakers of the "very high data security standards" required of credit unions and other financial institutions under the Gramm-Leach Bliley Act of 1999.
The letter underscores that merchants benefit greatly from the electronic payments system, especially through the elimination of risk they would otherwise have to assume if the transaction were paid with cash (theft risk, handling and security costs) or a check (bounce risk, which includes non-payment and collection expenses). Merchants also benefit from streamlined accounting, reduced credit risk, faster check-out and increased purchase amounts compared to checks or cash.
However, merchants are not required to follow the GLBA standards, and until they are held to the same standard, consumers will remain vulnerable to a system that does not protect their information, Cheney warns.
"Until there are consequences to these bad actions, voluntary standards will not be sufficient to protect consumers ...To protect consumers, Congress should require merchants to be regulated to at least the same extent that financial institutions are when it comes to data security," the CUNA letter says.
When posted to the CUNA website, the hearing statement will be available through the resource link below.