WASHINGTON (12/5/14)--The Credit Union National Association has stepped up its already strong advocacy efforts to protect consumers and financial institutions through the holiday season and into the first days of the 114th Congress.
CUNA President/CEO Jim Nussle said that in the year since the Target data breach, credit unions are still at the mercy of lax merchant security standards.
"The ill effects of merchant data breaches touch Americans everywhere because merchants are not held to the same data security standards as financial institutions," Nussle said. "Congress must act to protect consumers by taking steps to enhance data security standards for merchants in the 114th Congress. Without equal standards, retailers have zero incentives to protect the important financial information of the American people who shop in their stores."
CUNA has created a video to provide a brief overview of retailer data breaches, and has compiled a list of risk management practices in partnership with CUNA Mutual Group. CUNA's Stop the Data Breaches website contains the list, as well as other resources for stakeholders to reach out to lawmakers urging a change in merchant security standards.
"Nothing is being done to quell these breaches on the retailers end, nor are retailers like Target reimbursing credit unions for the losses credit unions suffered due to insufficient merchant data security standards," Nussle said. "One year later, credit unions still haven't received anything in reimbursements from the store chain--and that really stings."
Other advocacy efforts from CUNA include: sending letters to six merchant trade groups on cybersecurity and payments, sending a letter to President Barack Obama requesting that the administration establish a Cybersecurity Council, providing quantitative analysis of the costs of the Target and Home Depot data breaches on credit unions, canvassing Capitol Hill to urge lawmakers to force merchants to meet strict data security standards, and calling on merchant groups to work with financial institutions to implement solutions.
A federal judge denied a motion from Target this week to dismiss a suit brought by financial institutions, including at least one credit union. The institutions claim that Target's negligent data security practices has led to massive costs.
"We're heartened that the court understands the basic reality that merchants owe a duty of care to financial institutions," Nussle said.
According to results of CUNA data breach surveys, data breaches such as the ones at Target and Home Depot, have cost credit unions close to $90 million, and found no credit unions have received reimbursements from Target.