First, no one knows the precise cause of the breach at Target. The company made statements regarding responsibility following the incident, but how the intrusion occurred is still a mystery. What is known, however, is that the breach has left tens of millions of customers with their
Across the credit union industry, our immediate response has been to
In his recent post, Mr. Kantor uses the settling dust from the recent Target attack to mask a lack of evidence supporting his points. He pointed to payment networks and the Durbin amendment, and while those networks certainly facilitate billions of global transactions at high speeds, at their core, they're simply a cost-sharing mechanism supported by interchange, interest, and fees. These three revenue streams support not just the system, but its security as well. Sen. Durbin's amendment placed price controls on interchange, which changed that system and hamstrung the credit unions' and banks' resources for security. Financial institutions of all sizes, big and small, have experienced a decrease in debit interchange revenue per transaction in the
Big box retailers assert that they should retain all of the benefits of electronic payments without taking on any of the responsibility for security, and instead, pass all the costs onto the consumers, taxpayers and financial institutions. They
In fact, these tools could not have done anything to alter the theft of consumer marketing data. Chip and PIN, to be truly effective, requires that retailers encrypt all data along the point of sale chain, decrypting it only outside of the merchant environment. Are retailers really willing to undertake this expense and responsibility when all of their waking efforts are devoted to socializing their legitimate costs? As we see increasing announcements about the varying types of data that were stolen, this notion that retailers carry no responsibility for protect consumers presents a dangerous and cyclopean view. Cyber security is simply not a one-dimensional issue.
Electronic payments began with the retail industry. Retailers sold their products to organizations that could run the system more efficiently and at a lower cost, avoiding the risk and liability of payment cards. If merchants want to issue their own cards today and develop their own networks, they can. And yet they choose not to. It seems like a clear question, but if issuing cards is such a rewarding business especially under the terms that retailers have enacted why aren't they in the field themselves?
Protecting consumers is our shared responsibility. Everyone, merchants included, must do their part. Electronic payments in the United States are part of a sophisticated system that handles millions of transactions worth billions of dollars every day. When a data breach occurs, the system protects the consumers. But for the system to continue functioning when these breaches occur, all the participants of the system have to meet their responsibilities, take care of American consumers and save the finger pointing for another day. It's time for the merchants to take responsibility.
Bill Cheney is the president and CEO of the Washington, DC.-based Credit Union National Association.
