ALEXANDRIA, Va. (1/30/14)--"The United States is the leader in point-of-sale vulnerability and a veritable playground for enterprising hackologists," but the recent Target data breach can be the catalyst for changes that improve data security, National Credit Union Administration Board Member Richard Metsger wrote in his first NCUA Report piece.
The Target data breach resulted in the theft of 40 million debit and credit cards, and encrypted PIN data, and the names, mail and email addresses, and phone numbers of up to 70 million individuals. Some financial institutions are buying consumer information back from the hackers that stole it to prevent further fraud from occurring, Metsger noted.
The impact on credit unions and others continues to grow, Metsger said, and credit unions across the country are assessing damage, reissuing cards and intensifying member outreach efforts.
While the Target breach is the most publicized breach in some time, it is not the only one to occur recently, the NCUA official said. One analysis has found as many as 600 reported breaches in 2013.
However, Metsger wrote, the national attention given to the Target breach can serve as a reminder of "how critical it is that all data systems, both internal and external, must be constantly evaluated and modernized to address evolving risks."
One improvement that could be made is conversion to a chip-and-PIN system. Many have resisted such a move, citing regulatory uncertainty. Metsger added that the U.S. has a plethora of financial stakeholders that struggle over when and how to convert. And, what's more, "the business case has been, at least up to now, not compelling enough for most retailers, processors and financial institutions to collectively invest the billions of dollars needed to make the switch."
The Credit Union National Association has noted that switching to chip-and-PIN cards would help address data security issues, but has also said that such a switch would not be a panacea.
For more of this month's NCUA Report, use the resource link.