NAFCU: Need for national data security standards for retailers reaches critical stage on Cyber Monday

WASHINGTON, DC (November 29, 2016) — National Association of Federal Credit Unions (NAFCU) President and CEO Dan Berger issued the following statement today as millions of Americans take advantage of Cyber Monday sales.

“Data breaches have exceeded last year’s record, and millions of consumers have already had their information compromised, yet retailers continue to resist critically needed national data security standards,” said Berger. “With this void in protection, every retailer’s sale sign is a welcome sign for cybercriminals and a hazard for consumers who may unwittingly fall victim to a retail data breach.”

It has been more than a year since the move to EMV and “chip-and-choice” and the implementation of corresponding payment terminals, but this alone is not a silver bullet. Data breaches resulting from malware or fraudulent transactions via e-commerce (card-not-present transactions) have proved to be quite vulnerable. According to Adobe reports, more than $5 billion has already been spent online this past holiday weekend. On Black Friday alone, a new record was set with more than $3 billion in sales, exceeding last year’s record by 21 percent. With Cyber Monday sales yet to be tallied, the possibility for online fraud is daunting.

To date, there have been 901 data breaches in 2016, compared with 781 in 2015, according to Identity Theft Resource Center (ITRC).  Of those breaches, the business sector, which includes retailers, was responsible for 397 incidents, 44.1 percent of the breaches and 5.5 million exposed records.

Just last week, Madison Square Garden Co., admitted that it was hit by a data breach affecting payment cards used at its locations between Nov. 9, 2015, and Oct. 24 of this year. Affected locations include Madison Square Garden, the Theater at Madison Square Garden, Radio City Music Hall, the Beacon Theatre in New York and the Chicago Theatre in Illinois.

NAFCU has steadfastly championed the need for Congress to pass national data security standards for merchants and retailers. The “Data Security Act” (H.R. 2205/S. 961) would establish a strong national data security standard for retailers similar to what credit unions already follow under the Gramm-Leach-Bliley Act. Introduced in the House by Rep. Randy Neugebauer, R-Texas, with Rep. John Carney, D-Del., as an original cosponsor, and in the Senate by Sens. Tom Carper, D-Del., and Roy Blunt, R-Mo., the bill would also establish strict disclosure rules – requiring that retailers tell consumers when their information has been compromised – and protect consumers’ and financial institutions’ ability to sue retailers for financial and punitive damages.


The National Association of Federally-Insured Credit Unions is the only national trade association focusing exclusively on federal issues affecting the nation’s federally-insured credit unions. NAFCU membership is direct and provides credit unions with the best in federal advocacy, education and compliance assistance. For more information on NAFCU, go to or @NAFCU on Twitter.


Molly Safreed, (NAFCU)

More News