While credit unions continue to warn members, NAFCU has calledon Congress to address data security in light of the Targetsecurity breach affecting an estimated 40 million debit and creditcard accounts.

|

“Financial institutions, including credit unions, have beensubject to standards on data security since the passage ofGramm-Leach-Bliley. However, retailers and many other entities thathandle sensitive personal financial data are not subject to thesesame standards, and they become victims of data breaches and datatheft all too often,” NAFCU President/CEO Dan Berger said Thursdayin a letter to House Speaker John Boehner (R-Ohio) and HouseMinority Leader Nancy Pelosi (D-Calif.).

|

“While these entities still get paid, financial institutionsbear a significant burden as the issuers of payment cards used bymillions of consumers. Credit unions suffer steep losses inre-establishing member safety after a data breach occurs.”

|

Also Read:
What the Target Breach Means for Credit Unions
MinnesotaCUs Field Thousands of Inquiries

|

NAFCU urged Congress to hold hearings on the data protectionstandards of merchants and how to strengthen them.

|

“Furthermore, we recommend Congress take action to enactprovisions to protect consumers from breaches that compromise theirfinancial and personally identifiable information. Data security isa common-sense bipartisan issue that must be addressed,” the lettersaid.

|

NAFCU also made a serious of policy recommendations in theletter, including a requirement for a merchant or retailer whoincurred a security breach to prove lack of fault.

|

“These parties should have the duty to demonstrate that theytook all necessary precautions to guard consumers' personalinformation but sustained a violation nonetheless. The law iscurrently vague on this issue, and NAFCU asks that this burden ofproof be clarified in statute,” the letter said.

|

CUNA said on Friday that it has already reached out to majorcredit card companies about the personal data leak.

|

“We have already been in touch with Visa and other major cardpayments processors to ascertain the impact on credit unions, ifany,” said CUNA President/CEO Bill Cheney.

|

“This latest breach – while at this point reportedly smallerthan the March 2007 TJX Companies Inc., breach – once more raisesthe issue of the retailers' responsibility in securing informationfor card transactions at their stores. Credit unions and otherfinancials typically foot the bills for the breaches, in forms ofissuing new cards and other security responses – as well as thereputational costs to member and customer trust in financialtransactions using cards,” he added.

|

CUNA said it would continue to monitor the situation.

|

Some credit unions are already taking action.

|

The $5.4 billion Bethpage Federal Credit Union in Bethpage, N.Y.and the $4.9 billion Teachers Federal Credit Union in Long Island,N.Y. are in the process of contacting some of their members.

|

“Bethpage is currently identifying any member accounts that mayhave been impacted. If it is suspected that an account has beenimpacted, members will be contacted directly and a new card will beissued. In the meantime, existing cards can continue to be used,”said Bethpage's official website.

|

“We are actively analyzing cardholder transactions to ascertainif any of our members are affected. Any cardholders identifiedduring this analysis will be contacted,” said Teachers'website.

|

John Buzzard from FICO's Card Alert Service said Target was mostlikely attacked from an external source.

|

“A compromise involving all 1,800 U.S. stores would point tomore of a virtual intrusion,” he said. ”I don't think there werecriminal minions on the ground physically visiting all 1,800stores. I think many issuers are also wondering if they willeventually have PIN exposure around this compromise.”

|

Avivah Litan, analyst at Gartner Research said “it's time forthe U.S. card industry to move to chip/smart cards and stopexpecting retailers to patch an insecure payment card system.”

|

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

  • Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
  • Exclusive discounts on ALM and CU Times events.
  • Access to other award-winning ALM websites including Law.com and GlobeSt.com.
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.