Posted October 21st, 2014 No Comments
Credit Unions Out Front In Calling For More Data Security

Earlier this year, our national trade association, the Credit Union National Association warned that

Target would not be the last merchant data breach and that has unfortunately proven true. Recent

reports indicate that financial institutions discovered consumer data available for sale on the black

market, and the data was traced to a breach at Home Depot. The reports also suggest the Home Depot

breach may be larger in scope than the Target breach. This latest data security breach demonstrates yet

again the need for data security requirements for merchants.

Merchant data breaches have become a chronic issue. Why? Because data security standards are

inconsistent across the board. Simply put, credit unions and other financial institutions are subject to

high data protection standards under the Gramm-Leach-Bliley Act and merchants are not subject to

federal data protection standards. Under today’s federal law, there is no merchant accountability. That

has to change.

Further, until and unless merchants are held accountable for the damages that breaches to their

systems cause financial institutions and consumers, credit unions have little confidence that they will

be incentivized to properly secure their systems. EMV, tokenization and other technologies are critical

to the innovation of the payments system; however, Congress has a role to play in addressing the issue

of merchant data breaches by making sure all of the participants are playing by the same set of data

security rules, and that merchants who hold consumer data and allow that data to be breached, are

responsible for the costs incurred by others.

When a data breach occurs, credit unions immediately take steps to protect their members. We know

what to do because we’ve have had to do it all too often: we notify our members, make a determination

of whether to reissue debit and credit cards, increase call center staff, set up account monitoring, and

other activity. These steps are not without cost, however; and the impact of merchant data breach

related costs is far reaching.

For not-for-profit credit unions operating on already thin margins, these costs make a significant

difference in the bottom line and therefore in our ability to offer services to members.

All participants in the payment process have a shared responsibility to protect consumer data, but

the law and the incentive structure today allows merchants to abdicate that responsibility, making

consumers vulnerable.

Congress must act to protect consumers by taking steps to enhance data security standards for


Leave a Comment


Events Calendar
October Edition


The mission of the Nebraska Credit Union League & Affiliates is to protect, promote and perpetuate the credit union movement in Nebraska.
What's Inside