Credit union and banking trade organizations fired off a letterWednesday to members of the Senate that counter what they said werefalse claims from the retail industry on data security.

“They have made, and continue to make, several misleading andcounterproductive statements about the breaches and the position ofbanks and credit unions across the country,” said the letter fromCUNA, NAFCU, the American Bankers Association, the IndependentCommunity Bankers of America and others.

The groups specifically challenged three points:

1. Financial institutions suffer more data breaches thanretailers.

Mallory Duncan, general counsel for the National RetailFederation, testified before a Senate subcommittee on Monday,citing a Verizon analysis of more than 47,000 security incidentsand 621 confirmed data breaches that took place during the prioryear.

“Virtually every part of the economy was hit in some way: 37% ofbreaches happened at financial institutions; 24% happened atretail; 20% happened at manufacturing, transportation and utilitycompanies; and 20% happened at information and professionalservices firms,” he said in his written testimony.

Financial trades fired back.

“According to the much respected Identity Theft Resource Center,77% of breaches in 2013 occurred at healthcare facilities andbusinesses, including retailers. That's compared to just 4% atfinancial institutions. Unlike studies cited by retail groups,these are actual breaches in the United States and not merelyreports on 'incidents,'” their letter said.

2. Card issuers have fought chip-and-PINtechnology.

The National Retail Federation said it supports an “immediatetransition” from magnetic strip cards to chip-and-PIN technology to secure personal data, but it hasfaced opposition from card issuers.

“For years, banks have continued to issue fraud-prone magneticstrip cards to U.S. customers, putting sensitive financialinformation at risk while simultaneously touting the securitybenefits of next-generation PIN and chip card technology forcustomers in Europe and dozens of other markets,” Matthew Shay,president/CEO of the National Retail Federation,said in a Jan. 21 letter to congressional leaders.

“The retail industry is eager to work with banks and cardcompanies to fight cyber attacks and reduce fraud. These effortsinclude installation of sophisticated new PIN-enabledpoint-of-sale-systems and readiness to adopt cards with more securemicrochip technology, but the fact remains that retailers cannot dothis alone,” Shay added.

Read more: Target Exec Says EMV Carries $100M PriceTag

NAFCU, CUNA and the bankers countered that recent breaches atTarget and Neiman Marcus involved intrusions into their computernetworks.

“These compromises have nothing to do with card technology(e.g., “Chip and PIN”) and everything to do with holes in internalfirewalls at these companies that criminals are exploiting,” theletter said.

3. Retailers are shut out of payment systemsprogress.

Duncan said in his testimony that “while the banks areintimately connected to Visa and MasterCard, merchants andconsumers have virtually no role in designing the payment system.Rather they are bound to it by separate agreements issued byfinancial intermediaries.”

He also said “retailers are essentially at the mercy of thedominant credit card companies when it comes to protecting paymentcard data.”

Financial trades disagree.

“It is the nation's banks and credit unions that initially makeconsumers whole, often receiving minimal reimbursement for theirefforts. Certain retail groups cannot be allowed to divertattention and duck their responsibility for protecting thesensitive personal information of consumers by always claiming thatit's someone else's fault,” the groups said.

The groups also said that while Target and Neiman Marcusaccepted their share of the responsibility for the data breachesthat occurred, others in the retail industry have not taken thesame approach.