Congress Eyes Data Security Breaches
WASHINGTON – NAFCU called on Senate leaders yesterday to heed the spreading threats posed by new data security breaches and proceed with legislation that would protect consumers and card issuers from breaches.
NAFCU called on leaders of the Senate Banking Committee to pass legislation that would make merchants responsible for a breach to pay the costs of resolution; set national standards for safeguarding data; disclose publicly the source of a data breach; and enforce current industry rules on data retention.
The Senate’s renewed interest comes as dozens of credit unions and banks are shutting down cards and issuing new ones to stem major breaches, such as the one at Michaels Stores.
“This demonstrates what we have been communicating to Congress all along; credit unions and other financial institutions, not retailers, are out front protecting consumers in picking up the pieces after a data breach occurs,” Dan Berger, NAFCU’s chief lobbyist, told the Senate leaders in a letter yesterday. “It is the credit unions and other financial institutions that must notify their account holders, issue new cards, replenish stolen funds, change account numbers, and accommodate increased customer service demands that inevitably follow a major data breach. The negligent merchant who caused these expenses by failing to protect consumer data loses nothing and is often undisclosed to the consumer.”
The NAFCU lobbyist was referring to costs born by credit unions to resolve data breaches on debit cards, which they are hoping the Federal Reserve includes in calculating its impending cap on debit fees.
Like the fight over debit fees, the issue of data security pits the credit unions and banks against their long-time business partners, the retailers. The retailers, who lobbied for the cap on debit fees, have been fighting to prevent tougher penalties and costs for sources responsible for data breaches. Their opposition has stalled data security legislation for the past three congresses.