NAFCU: 1 year after target data breach, consumers still at risk
WASHINGTON (November 25, 2014) – As the holiday shopping season kicks off with Black Friday and Cyber Monday sales, and approximately one year after the Target data breach, National Association of Federal Credit Unions (NAFCU) President and CEO Dan Berger reiterated the need for national standards on data security and breach notification for retailers.
“As Americans enter the busiest shopping season of the year, consumers’ sensitive personal and financial information, both online and in the stores, is as vulnerable as ever to cybercriminals,” said Berger. “To protect consumers’ data, help prevent identity theft and reduce breach costs overall, NAFCU urges Congress to establish national data breach and notification standards for retailers.
“The absence of national data security and breach notification safeguards for retailers has left consumers’ data vulnerable to cybercriminals who often target the weakest links in data protection – that is, retailers. Unfortunately, consumers and their financial institutions – including not-for-profit, member-owned credit unions – are paying the price.”
One year after the Target data breach, the figures are astounding:
- According to SafeNet, Inc.’s Breach Level Index, the retail industry has accounted for 33.05 percent of data breach records in 2014, more than any other industry.
- The Target data breach will cause financial institutions to lose nearly $500 million in card replacement costs and other expenses, according to NAFCU estimates.
- The Identity Theft Resource Center lists more than 679 data breaches in 2014, a 25 percent increase from last year.
- According to an October 2014 Javelin study, online card fraud will rapidly increase despite the U.S. transition to EMV. Card-not-present (CNP) fraud in the U.S. is expected to be nearly four times greater than point-of-sale (POS) card fraud in 2018.
- Since Target’s data breach, there has been a major data breach discovered almost every month, with breaches reported at Home Depot, Michaels stores, Sally Beauty Supply, Neiman Marcus, AOL, eBay, P.F. Chang’s Chinese Bistro, Supervalu, Kmart and Staples.
NAFCU was the first financial trade organization to call for national data security standards for retailers, and it continues to push for legislative action on Capitol Hill. Credit unions and banks are already subject to such standards under the Gramm-Leach-Bliley Act, but retailers are not. The association has also written Congress urging it to create a bipartisan-bicameral working group to develop legislative responses to retailer data security breaches.
NAFCU is a member of the Payments Security Task Force. The task force is a diverse group of participants in the payments industry focused on EMV chip implementation, including ways to help reduce testing and implementation time, as well as driving a discussion on payments system security. NAFCU is also a member of the Financial Services Sector Coordinating Council and the Financial Services Information Sharing and Analysis Center, which work on infrastructure cybersecurity.
The National Association of Federal Credit Unions is the only national trade association that exclusively represents the interests of federally chartered credit unions before the federal government and the public.