Minnesota is Latest State to Push Through Card Data Security Law
ST. PAUL, Minn. -- Yet another state legislator is hard at work on a bill that would seek to correct the ongoing problem of card data security.
According to the Minnesota Credit Union Network, which is backing the effort, a bill wending its way through the Minnesota state legislature would put the card data security standards promulgated by Visa and MasterCard into state law.
The Minnesota Plastic Card Security Act would allow card issuers to recover expenses associated from card security breaches from the retailers where the breaches occur, the Network said.
The Card Security Act has cleared the House Labor and Consumer Protection Division and was quickly cleared through the House Commerce & Labor Committee. The bill now must go through another committee before the deadline for policy bills on Mar. 23.
Two credit union executives testified at a hearing before the Consumer Protection Division as well, the Network said. Both Bill Raker, president of the $691 million US Federal Credit Union, headquartered in Burnsville and Lynn Kothe, CEO of the $22 million North Memorial Federal Credit Union headquartered in Robbinsdale, shared their experience in the wake of the most recent widespread card security breach.
Both discussed the practice by merchants of storing private magnetic stripe data from consumers' credit cards, in violation of the payment card industry's standards that strictly prohibit merchants from retaining this information once a transaction authorization request has been completed.
US Federal, with nearly 79,000 members, had 4,500 cards compromised following the TJX security breach earlier this year, which cost the credit union $22,700 in card replacement fees and $47,000 in additional fraud losses. Raker talked about the inconvenience to members as well as "emotional distress of fear and anxiety."
Kothe's credit union had similar experiences. North Memorial FCU reissued more than 340 cards to its 4,800 members.
"While these breaches are a burden on financial institutions, the real problem is the real life issues they create for my members," Kothe said. "Most members do not have more than one checking account with a debit card attached. These breaches impact their day-to-day activities, especially as more and more merchants no longer accept checks."
In addition, another president/CEO, Patrick Pierce of the $310 million City and County Employees Credit Union, told the House Labor and Commerce Committee about what the card security breaches have meant for the CU and its members.
"Since credit unions are not usually notified of which retailer is responsible [for a security breach] and we aren't allowed to divulge the name of the company, members think that the problem lies with the credit union and our ability to keep their information secure," Pierce said. "Each instance damages our reputation in the eyes of our members, which is unfair and inexcusable."
A representative from the retail industry testified against the bill, citing the cost retailers endure when offering the option for consumers to pay by credit card, the Network reported.
In addition to preventing the misuse of consumers' card information, the Plastic Card Security Act will moderate the impact and cost to financial institutions by allowing them to recover expenses associated with reissuing cards when merchants mishandle sensitive account information. Currently, the cost of reissuing cards is not generally paid for by the retailer, and expenses related to potential fraud usually fall on the financial institution regardless of where the breach occurred. --firstname.lastname@example.org