WASHINGTON (12/16/14)--With more than 500 data breaches exposing more than 75 million data records occurring in 2014 alone, the leaders of trade groups representing credit unions and smaller banks--the Credit Union National Association and the Independent Community Bankers of America (ICBA)--teamed up this week to call for increased merchant data security standards.
CUNA President/CEO Jim Nussle joined with ICBA President/CEO Camden R. Fine for an op-ed that appeared in The Hill Monday, calling for retailers to come to the table to protect American consumers.
"What is particularly frustrating to us, as the leaders of national trade groups representing credit unions and community banks, is that little attention is given to strengthening the weakest points where these violations occur--U.S. retailers--and thereby reducing these costly breaches and their effect on consumers," the piece reads.
"As long as the security standards on the merchant side of the system are weaker than those for financial institutions, the vulnerability for consumers and financial institutions is at the point of purchase."
Financial institutions are bound under the Gramm-Leach-Bliley Act to protect consumer data. While this keeps financial institutions' data secure, it makes it easier for hackers to target merchants to get consumer information.
"It is unacceptable that retailers are not covered by any federal laws or regulations requiring them to protect data and notify consumers when they are breached," Nussle and Fine wrote. "While merchants and financial institutions are both targets of these attacks, financial firms have developed and maintain robust internal protections to combat criminal attacks and are required to protect this information and notify consumers when a breach puts them at risk."
CUNA's surveys in the wake of the two highest profile data breaches, those at Home Depot and Target, have shown credit unions have lost $90 million this year responding to the breaches. The ICBA estimates community banks have lost more than $40 million due to the Target and Neiman Marcus breaches.
"We all want consumer data kept out of the hands of criminals--but today there is no end in sight to stopping data breaches," Nussle and Fine conclude. "The incoming Congress should take the common-sense action of passing legislation to protect consumers by taking steps to enhance data-security standards for merchants. Doing so will help stop cyber-criminals from hitting the repeat button on retail data breaches and better safeguard consumer information."