MADISON, Wis. — A new website from CUNA wants to send a message to merchants: take some accountability after a consumer data breach.
The site,
It also explains how CUs are working to protect members from breaches and encourages members to contact their legislators.
"This is saying 'Hey, look, tell members of Congress your concerns about your security, tell them about your concerns for your credit unions and what it costs not just to credit unions but what it costs you in terms of your time,' " said Richard Gose, SVP of political affairs at CUNA. [P]eople are really frustrated and they need to let Congress know their data needs to be secured."
The site, underwritten by CUNA Mutual Group, is aimed at CU members and legislators. Gose told Credit Union Journal the trade group is also working in conjunction with state leagues to get the word out and is promoting it on social media.
"This is just a kick off and it will mature," said Gose, noting that while the focus now is on merchant accountability, "down the road we see consumer awareness being a key component."
CUNA is hoping the site takes off with social media and that those channels can help start a larger conversation about data braches.
"Grassroots is different today than it was five years ago," said Gose. "It's a continuous conversation; it's not just send an e-mail or letter or fax something over. It's an ongoing conversation and those conversations are monitored, and lawmakers and policymakers can look at the conversation and see where it's going. We're trying to create a valid conversation about an issue that concerns millions of Americans and the security of their personal information and their data."
Survey Says
Some of the data that CUNA relied on for the site comes from a survey it conducted following the massive data breach at Target late last year, querying all CUs that offer credit or debit cards as to the impact of the that breach. In the wake of September's Home Depot data breach — which industry insiders say may be wider than the Target breach — CUNA recently sent out another survey to credit unions.
"They're nearly identical," CUNA VP of Economics and Statistics Mike Schenk said of the two surveys. "We're asking a couple of follow-up questions related to Target simply to ensure that we can go back to those numbers and update them and ensure that we're all-in on the costs associated with Target, but primarily the questions that relate to the Home Depot breach are essentially identical to what we did last time."
While Schenk did not have data on hand to illustrate the response rate to the post-Target survey, he said that the respondents represented 36% of all credit union debit cards and 39% of all outstanding credit cards at credit unions.
Schenk said that while the scenarios surrounding the two breaches are different, the survey results following the Home Depot breach may reflect the fact that it is believed to be a significantly bigger breach.
"It was about 40% bigger than the Target breach, so the overall costs more than likely will be substantially higher," he said. "We did not survey on fraud costs after the Target breach; we'll begin to survey on fraud costs related to the Home Depot breach, so we'll be all-in on this one and that will be helpful in terms of giving us a more complete picture."
The economist added that he has heard anecdotally that the costs associated with the Home Depot breach have "not been as obvious or as large or as rapid as they were last time around," though he did not know why.
"The point is that timing-wise there may be an issue with the costs and certainly there might be some differences in terms of overall magnitude."
The survey is due back on Oct. 24 and CUNA will make the results public sometime after it analyses the results. Schenk said that it took about a month following the Target survey's deadline to release results but "if fact I'm right and we do have an even greater response rate, it might take a little bit longer."
He anticipated that the results would be available by around early December.
'It's About Fairness'
Schenk and Gose conceded that it may be impossible to completely prevent all data breaches, what's most important at this point is that the right people are held accountable.
"We essentially want the people that are responsible for the losses to pay for the losses," said Schenk. "It's about fairness."
Gose emphasized the importance of stating an online conversation to push legislators to move on merchant accountability.
"We'll be genuine grassroots in this particular effort," he said. "We'll just keep having the conversations online and with our members and giving them voice to express our concerns to Congress."
