Last year's card security breaches at Target and other retailers have forced community banks to reissue more than four million debit and credit cards at a cost of $40 million, according to the Independent Community Bankers of America.
The association claimed that banks' quick decision to close and reissue debit and credit cards significantly cut their fraud losses as fewer than 1% of community bank depositors reported losses from fraud on their accounts so far.
“Community banks absorb the costs of data breaches upfront because their primary concern is to protect their customers,” Bill Loving, ICBA chairman and president and CEO of Pendleton Community Bank, Franklin, W.Va., said. “However, in the long-term the lion's share of costs associated with data breaches should ultimately be borne by the party that experiences the breach. This is critical to aligning incentives to maximize data security by all parties that store consumer data—making the payments system stronger over time, which is a win for everyone, especially consumers.”
The association took a somewhat defensive tone when it acknowledged that it had joined a “cybersecurity partnership” last week with major retail associations and other banking associations.
“[T]he association has not wavered in its commitment to represent the best interests of its member community banks and their customers in the wake of wide-scale data security breaches at major retailers,” the ICBA wrote when announcing the data breach damages.
CUNA and NAFCU declined to join the partnership, citing a desire not to dilute their message about retail responsibility for the costs.
The association also reiterated its positions about data security, including holding retailers responsible for the breaches of their systems and implementing a national law on breach disclosure and notification.