Congress Wrestles With Fix For Data Thefts
While millions of consumer-and hundreds of credit unions and banks-are working to resolve the latest incidents of online security theft, Congress is struggling to find a way to deal with the broadening problem.
In the latest incident, information from as many as 40-million accounts at Visa, MasterCard, American Express and Discover Financial may have been compromised by hackers who accessed secure data at third-party processor CardSystems Solutions. Dozens of credit unions around the country are either notifying members or replacing cards that may have been affected.
That's only the latest of a growing number of incidents where online thieves have been able to obtain consumers' information for use in fraudulent activity. In the notorious BJ's Wholesale Club last year more than 160 credit unions had their cards' information stolen, some of which was used to fraudulently charge hundreds of thousands of dollars of goods.
Members of both the Senate and the House are dropping bills left and right aimed at addressing the problems, with no one agreeing on any one approach. Most of the proposals would deal with resolution after the fact of the theft. Such as, a measure that would require credit unions and banks to notify consumers that their personal information may have been compromised, even if a theft or unauthorized use has yet to occur.
Another proposal would require credit card companies to notify card issuers, such as credit unions, when a breach in security or theft of information has occurred. The card companies were criticized heavily, especially by credit unions, for waiting several weeks before notifying their issuers, possibly giving thieves some lead time to use the stolen data.
Other proposals would require tougher security for companies that hold consumers' personal information. While others, still, would preempt state laws on consumer protection and privacy.
Credit union lobbyists say they will be working with Congress in the upcoming months on the issues. Their concern is both that consumers and credit unions are protected, while not overly burdened by expense and regulation. This will be a fine line to walk.