NAFCU: data breaches have reached epic proportions, Congress must act to create national data security standards for retailers
WASHINGTON (October 21, 2014) — National Association of Federal Credit Unions (NAFCU) Senior Vice President of Government Affairs and General Counsel Carrie Hunt today renewed the association’s push for national standards on data security and breach notification for retailers following news of the possible nationwide data breach at Staples.
“Data breaches have reached epic levels, and the continued absence of national data security standards for retailers has given cybercriminals free rein to access consumer data,” Hunt said. “National data security and breach notification standards, for all segments of the payments system, are critical to keep consumers’ personal and financial data as safe as possible.”
Last week, noting the variety of state laws on data security, President Obama called for “one clear national standard that brings certainty to business and keeps consumers safe.”
Financial institutions, including not-for-profit, member-owned credit unions, are already subject to such standards under the Gramm-Leach-Bliley Act and continue to pick up the tab for data breaches. However, retailers are not subject to the same standards.
The Target data breach alone will cause financial institutions to lose $480 million in card replacement costs and other expenses, according to estimates by NAFCU. Unfortunately, credit unions will likely never recoup much of this cost since there is no statutory requirement making retailers accountable for costs associated with breaches that result on their end.
NAFCU was the first financial trade association to push for legislators to pass national data security standards for retailers in the wake of the massive Target breach last year. The association has also written Congress urging them to create a bipartisan-bicameral working group to develop legislative responses to retailer data security breaches. NAFCU is also a member of the Payments Security Task Force. The task force is a diverse group of participants in the payments industry focused on EMV chip implementation, including ways to help reduce testing and implementation time, as well as driving a discussion on payments system security.
The National Association of Federal Credit Unions is the only national trade association that exclusively represents the interests of federally chartered credit unions before the federal government and the public.