NACS responds to data security push by credit unions
NACS fights back against credit union group’s call for new data security laws for retailers.
WASHINGTON, DC (June 18, 2014) — Following reports of a data breach at restaurant chain P.F. Chang’s, National Association of Federal Credit Unions (NAFCU) President and CEO Dan Berger wrote to members of Congress last week, calling for national data security and breach notification standards for retailers.
“It has been almost six months since Target’s data breach, and we still have no new data security standards for retailers,” said Berger. “Since Target, there has been a major data breach discovered almost every month. The continued lack of national data security standards is an open invitation to cybercriminals.”
According to The Hill, NAFCU wrote that retailers “and many other entities that handle sensitive personal financial data are not subject to these same standards” as credit unions, adding that retailers “become victims of data breaches and data theft all too often. …While these entities still get paid, financial institutions bear a significant burden as the issuers of payment cards used by millions of consumers.”
In response to the credit union group’s call for new data security regulations on retailers, NACS sent a letter yesterday to members of Congress that explains the flaws in NAFCU’s position, which was also picked up by The Hill.
NACS Senior Vice President of Government Relations Lyle Beckwith wrote that, according to a recent Verizon data breach report, financial institutions are the victims of nearly 150% of the breaches that retailers are. Retailers also suffer more of the losses from payment card fraud than financial institutions do and retailers spend more than $6.5 billion protecting against payment card fraud each year. The letter pointed out that credit and debit cards are inherently subject to fraud and that retailers are taking the blame for not adequately protecting a fraud-prone product.
Beckwith also cited the card industry’s reluctance to require the use of PINs on consumer credit cards, particularly as chip technology evolves into the U.S. marketplace. (Read more on data security in the May NACS Magazine cover story, “Half Covered.”)
“The financial industry’s resistance to the use of PINs — and, in fact, the practice of many credit unions of discouraging the use of PIN by charging their customers for using PINs — directly contradicts our shared interest in improving data security…it demonstrates in a concrete way that financial institutions are more focused on the higher fees they make from non-PIN transactions than they are in protecting consumers.”
In closing, Beckwith commented that it is unfortunate NAFCU “would rather try to assign blame than constructively find ways to address the problems of data breach and fraud.”
Founded in 1961 as the National Association of Convenience Stores, NACS (nacsonline.com) is the international association for convenience and fuel retailing. The U.S. convenience store industry, with more than 151,000 stores across the country, posted $696 billion in total sales in 2013, of which $491 billion were motor fuels sales. NACS has 2,100 retail and 1,600 supplier member companies, which do business in nearly 50 countries.