WASHINGTON (11/26/14)--Merchant data security breaches--their effects on consumers and the reactions of retailers--were highlighted on a recent segment of NPR's "All Things Considered."
Reporter Aarti Shahani followed a security expert who was able to point out how easily a hacker could infiltrate a retailer's point-of-sale network. EMC's Davi Ottenheimer noted a card reader--similar to ones he had at home--connected to a tablet left unattended in a high-end retail store. At another large retailer, no one noticed that he was paying more attention to a computer plugged into the network than to the merchandise.
"A lot of times, a lazy approach to security is just to make information difficult to get," Symantec security expert Orla Cox told NPR. "Just because you're not talking about it isn't actually making you any more protected."
The incentives are small for retailers to take on more responsibility. They want to keep information technology budgets down, and they don't have to pay, even if they are at fault. Financial institutions pick up the bill, Shahani said.
The Credit Union National Association, NPR noted, "is asking lawmakers to intervene, so that retailers are held to stricter security and disclosure rules."
CUNA worked with NPR, providing statistics on the costs of the data breaches--costs that credit unions and banks pick up. The text version of the segment links readers to CUNA's Stop the Data Breaches fact sheet.
Chris Leggett, president/CEO of $989 million-asset LGE Community CU, Marietta, Ga., told NPR that the issuers are bearing the brunt of the expenses. "It sure would be nice if the merchants would be willing to share in the cost of cleaning it up due to their lax security," he said.