Joint Industry Trade Letter to House and Senate: Counter Retail Coaltion Arguments on Data Security
February 5, 2014
To: Members of the U.S. House of Representatives
From: American Bankers Association
Consumer Bankers Association
Credit Union National Association
The Financial Services Roundtable
Independent Community Bankers of America
National Association of Federal Credit Unions
Re: Data Security
You may have received letters or other communications from certain retailer groups about the recent breaches of personal information at several merchants and hotels that have put literally millions of consumers at risk for fraud and identity theft and that have cost banks and credit unions of all sizes millions of dollars to protect their customers.
Target and Neiman Marcus have testified before the House and Senate about their breaches and, to their credit, have accepted their share of the responsibility and have pledged to work with law enforcement, the financial industry, and Congress to find ways to better protect consumers.
Unfortunately, others in the retail industry have not taken this approach. They have made, and continue to make, several misleading and counterproductive statements about the breaches and the position of banks and credit unions across the country. The above bank and credit union organizations would like to set the record straight.
- According to the much respected Identity Theft Resource Center, 77 percent of breaches in 2013 occurred at healthcare facilities and businesses, including retailers. That’s compared to just 4 percent at financial institutions. Unlike studies cited by retail groups, these are actual breaches in the United States and not merely reports on “incidents.”
- The recent breaches all involve intrusions into the computer networks of various companies. These compromises have nothing to do with card technology (e.g., “Chip and PIN”) and everything to do with holes in internal firewalls at these companies that criminals are exploiting.
- It is the nation’s banks and credit unions that initially make consumers whole, often receiving minimal reimbursement for their efforts.
Certain retail groups cannot be allowed to divert attention and duck their responsibility for protecting the sensitive personal information of consumers by always claiming that “it’s someone else’s fault.”
In fact, it is all of our responsibility to fight an elusive criminal element. Target, Neiman Marcus, and others recognize that, as do we in the financial services industry.
It’s time to stop the blame game and be part of the solution.