WASHINGTON (1/28/14)--"The idea that retailers have no responsibility for protecting consumer data presents a dangerous moral hazard," Credit Union National Association President/CEO Bill Cheney said in a letter sent Monday to all members of the U.S. Congress.
That danger, Cheney warned lawmakers, is reflected in the current effort by retail organizations to try to shift both the cost and liability during breaches away from the retailers involved and on to financial institutions, their customers and members, and taxpayers.
The CUNA letter comes as many in Congress and across the country debate how best to respond to recent data breaches at Target and Neiman Marcus that have compromised the financial and personal information of tens of millions of Americans. Arts and crafts store Michaels has also launched its own investigation into a potential data breach at its stores, and the Federal Bureau of Investigation in recent weeks has warned retailers these breaches will become more common. (See Jan. 27 News Now: FBI warns hacking attacks are on the rise.)
CUNA was the first trade group to communicate with members of Congress following the breach, seeking hearings on the issue, and House and Senate members in at least three committees are considering holding hearings on the topic, perhaps as early as next week. (See related story: Senate Banking to conduct Feb. 3 data security hearing.)
"The recent data breach at Target and other retailers has launched an important conversation about what happens during data breaches, why they happen, who is impacted, who is liable and who should be held responsible," Cheney wrote.
Immediately following the Target breach, credit unions responded and did not wait to determine how the breach occurred or who was at fault, he said. "Rather, credit unions took action immediately to ensure the safety and security of their members. These efforts often represent substantial and sometimes crippling costs for credit unions, but these protections are a few of the reasons why consumers, including credit union members, value electronic payments," Cheney emphasized.
"Our primary interest is to protect consumers and work with our partners across industry to develop solutions and prevent future breaches," Cheney told legislators.
The CUNA CEO warned that retailers are using the data breaches to push policies that they claim would "solve" the problem, like the "chip and PIN" technology. "I would urge caution when evaluating solutions that appear too good to be true. In reality, cyber security is a complicated issue that has no silver bullets," Cheney said.
Retailers have pushed many times and made great strides over the past decade to try and slash their financial responsibility for funding the electronic payments system that protects customers and benefits retailers, in part by attacking the debt interchange fee system.
"I have to question some retailers' motives when they claim to be concerned about consumers, while actively trying to eliminate a key revenue stream that is used to protect consumers and strengthen the electronic payments system," Cheney wrote.
For the full CUNA letter, use the resource link.