Nussle in The Hill: Lax merchant standards obstruct cybersecurity innovation

October 5, 2015

WASHINGTON (10/5/15)--The interdependency of the payments system leaves financial institutions that dedicate numerous resources to security at the mercy of merchants who often don’t make those efforts, CUNA President/CEO Jim Nussle wrote in The Hill last week. Nussle’s op-ed was written in response to a retailer op-ed on the state of the payments industry.

“The truth is, the electronic payments system is interdependent, and while the financial services industry has spent billions of dollars developing new technologies, they can only be so effective if merchants refuse to adopt, or even acknowledge, those technologies,” Nussle wrote.

Nussle went on to note how Europay/MasterCard/Visa (EMV)card technology, which was the subject of a liability shift starting Oct. 1, brings one-time authentication and other features into play to keep consumer information safe.

“However (and this will be a recurring theme) this only works if merchants activate the chip readers at the point of sale. Merchants’ own surveys show that almost 50% of merchants are choosing to not adopt the new technology,” Nussle wrote. “We applaud the merchants that do turn on their chip readers as they will not only protect consumers, they will also have minimalized their liability exposure if someone uses a lost, stolen or counterfeit card at their store.”

Nussle noted three other security methods that can help keep consumer data secure, if properly used by all parties:

  • Tokenization, which masks sensitive data with “tokens” that have no resemblance to the data they carry;
  • Point-to-point encryption, which encrypts account data from point-of-sale to a secure point of decryption; and
  • Basic security, such as the standards set in the Gramm-Leach-Bliley Act for financial institutions.

“In the end, innovation is happening and it is enhancing the payment system millions of Americans use to complete purchases every day. The financial services industry is committed to driving this innovation forward, constantly looking for ways to keep customers’ information safe and secure,” Nussle wrote.

“But, we can’t go it alone. We need merchant trade associations to stop trying to halt progress and instead work with us to help everyone--merchants, banks and networks--to implement a new and better solution that will protect consumers and reduce data breaches.” 

Other Resources

Identity Theft: Who Has Your Number electronic member seminar kit

ID Theft: How to Prevent It and How to Get Over It statement stuffer (customized)