Comptroller Curry backs stricter retailer breach standards
WASHINGTON (11/14/14)--A U.S. bank regulator this week said that recent retail breach incidents not only highlight the need for improved financial data security standards, they also call attention to a need for equal security standards between financial institutions and merchants (BankInfoSecurity.com Nov. 13).
Comptroller of the Currency Thomas Curry said it seems "only fair" that when breaches occur in merchant systems that the merchant be responsible for some of the expenses that result.
Curry made his remarks during a speech delivered to a community bankers' conference in Chicago recently, one with a primary focus on the need for global coordination of bank regulations.
He noted that banks and credit unions are usually "on the hook" for reimbursing cardholders for losses suffered from the fraudulent use of breached credit and debit card information. Financial institutions also must cover costs associated with replacing cards that have been compromised and for monitoring members' or customers' breached accounts to identify potential fraud--all costs that mount quickly, he said.
The same expectations for security of customer information and customer notification when breaches occur should apply to all institutions, Curry added.
The Credit Union National Association strongly advocates for stricter data security standards for merchants.
In its most recent effort, CUNA joined with six other financial trade groups to send a letter to House and Senate leadership urging Congress to act to make retailers take responsibility for their data breaches and adopt the same data standards as financial institutions. (Use the resource link to read the News Now story.)