WASHINGTON (6/1/15)--Five merchant data security best practices outlined in a 2013 report will become requirements starting July 1. The standards are part of version 3.0 of the PCI Data Security Standard, and address point-of-sale (POS) vulnerabilities.
While the practices do indicate a focus on merchant responsibilities to keep consumer data safe, which CUNA supports, they are not as far-reaching as the strict merchant standards CUNA has advocated for.
The best practices that will become requirements July 1 are:
“While any additional effort to increase protection of consumer data is a positive step, these new requirements are just a fraction of what’s needed to protect consumers, credit unions and other financial institutions from the costs of data breaches they didn’t cause,” said Elizabeth Eurgubian, CUNA’s deputy chief advocacy officer. “We will continue to push for data breach legislation that would put a strong standard in place where there currently is not one.”
CUNA has outlined to members of Congress the guiding principles that should be present in any data breach legislation--most importantly the use of Gramm-Leach-Bliley Act-like standards for any entity that handles consumer information.
Several lawmakers and witnesses expressed their support of those standards being applied universally in a recent House Financial Services Committee hearing.