Removing Barriers Blog

Electronic Payments Coalition (EPC) Sends Letter in Support of Data Security Act
Posted May 10, 2016 by CUNA Advocacy

The Electronic Payments Coalition (EPC), a group representing financial services trade associations including CUNA, sent a letter on behalf of its members today to leadership in the House of Representatives in support of H.R. 2205, the Data Security Act, which passed out of the House Financial Services Committee last December by a bipartisan vote of 46-9.

H.R. 2205 and its Senate companion, S. 961, would establish strong data security standards for merchants, analogous to those with which credit unions must comply under the Gramm-Leach-Bliley Act (GLBA).

Under current law, retailers are not subject to any unified federal standard for the maintenance of consumers’ personal information, instead operating under a loose patchwork of various state laws and contractual obligations. In the recent wake of massive breaches of consumers’ sensitive personal information at major retailers across the country, there is growing recognition of the need for a strong, unified federal standard for all participants in the payment stream, from card issuers like credit unions, to the merchants who accept those cards for payment.

While the issuance of new chip-enhanced cards will help lower the incidence of fraud associated with forged cards, H.R. 2205 and S. 961 would help ensure the security of consumers’ data regardless of the nature of the transaction, including so-called “card not present” purchases, internet transactions, or transactions conducted by novel payment method, including Apple and Google pay.  Under the current regime, in the event of a breach, credit unions often bear the costs of reissuing cards as well as the reputational risk associated with loss of members’ trust. Therefore, we strongly support these and other efforts to require merchants to adhere to strong standards governing how they handle credit union members’ personal data.