WASHINGTON (12/2/14)--While Cyber Monday brings online deals from retailers around the country, it also brings fresh concerns for the credit union community about future merchant data breaches. Credit Union National Association President/CEO Jim Nussle said future breaches are only going to add to the costs already borne by credit unions.
"On Cyber Monday--the biggest online shopping day of the year--credit unions and CUNA remain very concerned that most retailers are doing little or nothing to stop data breaches. Under today's standards for retailers, it's not a question of if retailers will be breached again--whether online or at their brick-and-mortar stores--it's only a matter of when," he said. "And credit unions will once again be left holding the bag to protect their members."
It was just about a year ago hackers were compromising millions of Target customer data records in a huge breach of information. Nussle remarked on the nearing that anniversary, and again called for retailers to adopt the same data security standards financial institutions are subject to.
"A year ago, Target allowed its customers' data to be breached and fall into the hands of criminals. To date, Target has yet to pay a penny to financial institutions--including the $30 million credit unions and their members incurred--to cover the costs that the data breach imposed on them. And costs to credit unions have continued to add up this year," Nussle said.
"The Home Depot cost credit unions nearly double the Target breach, meaning that credit unions have spent at least $90 million on just those two data breaches. It's high time for retailers to take responsibility and adopt the same data standards as financial institutions under the Gramm-Leach-Bliley Act. Unless standards at merchants are raised, there's little hope for consumer protection at retailers."
A CUNA survey identified that after the Target breach alone, credit unions reissued roughly 4.6 million credit and debit cards. Credit unions not only covered the cost of fraud, but also the costs of blocking transactions, reissuing cards, increasing staff at call centers and monitoring members' accounts.
The per-card cost was approximately $5.68 per card for the Target breach and higher than that for the Home Depot security failure.
"At CUNA, we continue to push for rules that will bring the data security requirements for merchants up to the higher standards that apply to credit unions and other financial institutions," said CUNA Chief Policy Officer Bill Hampel Monday.
CUNA supports legislation that would require any business that maintains sensitive personal and financial information--including financial institutions, retailers, and data brokers--to implement, maintain, and enforce reasonable policies and procedures to protect the confidentiality and security of sensitive information from unauthorized use.
CUNA also continues to add resources to its consumer-facing website, Stop the Data Breaches, which assists consumers in their efforts to urge the U.S. Congress to improve merchant standards.