Merchants request EMV delay; CUNA renews push for data security

April 3, 2015

WASHINGTON (4/6/15)--A retailer trade association request to delay new credit and debit card security features that would protect consumer data has led CUNA to increase its push for strict data breach legislation that would protect consumers and financial institutions.

"Credit unions are working tirelessly on all fronts on the data security issue, yet merchants want to delay even this technology that would take a step in the right direction to protect consumers," said CUNA President/CEO Jim Nussle. "Congress really must act--soon--to require more from merchants for the sake of the American people."

Starting Oct. 1, payments system participants that use chip-and-PIN technology for card transactions will be protected from financial liability for card-present counterfeit fraud losses. The Payments Security Task Force estimated in October that less than half of merchants will be enabled with chip technology by the end of 2015.

The Food Marketing Institute sent a letter to leading credit card companies recently asking for that date to be pushed back until 2016, after this year's holiday shopping season.

"There seems to be no limit to the merchants' attempts to avoid responsibilities related to the serious and growing problem of breaches of their customers' personal financial data," Nussle said. "I almost thought it was a bad April Fool's joke when I learned they are pivoting and now asking for delays in implementation of new EMV security features--for both credit and debit purchases--until after the holiday season."

In March, retailers claimed that increased usage of personal identification numbers (PINs) would help stem the tide of data breaches. This led CUNA and other financial services trade organizations to question why merchants are fighting to maintain a status quo that has already led to many high-profile breaches.

In addition, CUNA and the trades provided research that 75% of merchants do not have the capability to accept chip-and-PIN transactions, and PIN-debit fraud rates have increased since 2004.