ADVERTISEMENT

ADVERTISEMENT

Industry view: Credit unions push for data security

Faster than a Jimmy John's delivery, we have another data breach. Earlier this year, the Credit Union National Association, the national trade association that represents more than 400 credit union locations in Minnesota, warned that Target would...

Faster than a Jimmy John’s delivery, we have another data breach.
Earlier this year, the Credit Union National Association, the national trade association that represents more than 400 credit union locations in Minnesota, warned that Target would not be the last merchant with a data breach. That, unfortunately, proved to be true. Financial institutions discovered consumer data available for sale on the black market. That data was traced to a breach at Home Depot, a breach that now has surpassed the scope of Target’s breach, affecting 56 million cards.
This latest breach demonstrates, yet again, the need for data-security requirements for merchants.
Merchant data breaches have become a chronic issue because data-security standards are inconsistent across the board. Simply put, merchants are not subject to the same stringent federal data-protection standards that credit unions and other financial institutions are under the Gramm-Leach-Bliley Act. There is no merchant accountability under today’s federal law - and that has to change.
When a data breach occurs, credit unions immediately take steps to protect their members. We know what to do because we’ve had to do it all too often. To name just a few of these steps, we notify our members, make a determination about reissuing debit and credit cards, increase call center staff and set up account monitoring. These actions are not without cost, and the impact of a single merchant data breach, let alone several over the course of just months or even weeks, means these costs add up quickly. For not-for-profit credit unions operating on already thin margins, these costs make a significant difference in the bottom line and adversely affect our ability to serve more than 1.6 million Minnesota credit union members.
Unless and until merchants are held accountable for the damages data breaches cause financial institutions and consumers, credit unions have little confidence that merchants will be sufficiently motivated to properly secure their systems. Ultimately, that means consumers will continue to absorb the costs of merchants’ chronic data breaches.
Payment-system innovations such as EMV, tokenization and other technologies are a step in the right direction; however, Congress needs to address the issue of data breaches by making sure merchants and financial institutions alike play by the same set of data-security rules and that merchants who hold consumer data and allow that data to be breached are held responsible for the costs incurred by others.
All participants in the payment process have a shared responsibility to protect consumer data, but current laws and today’s incentive structure allow merchants to abdicate that responsibility, making consumers vulnerable. Congress must act to protect consumers by taking steps to enhance data-
security standards for merchants.

Mark D. Cummins is president and CEO of the Minnesota Credit Union Network (mncun.org), which is based in St. Paul.

Related Topics: TECHNOLOGY
What To Read Next