The ongoing battle between card issuers and retailers grew a bitmore fervent last week after Verizon Enterprise Solutions releasedits most recent report on cybersecurity compliance among large retailfirms.
|The report found, among other things, that most firms fall outof compliance with the Payment Card Industry Data Security Standardwithin a year after having been verified as compliant. The reportalso found nearly half of all American consumers have had householdpayment information compromised in a data security breach.
|“We're 15 months from the Target breach, yet credit unions have received nothing in termsof reimbursement,” said CUNA President/CEO Jim Nussle on March 11,attacking the retailers on data breaches.
|“The same goes for the Home Depot breach. The merchantsresponsible for the largest breaches over the last two years havepaid absolutely nothing while credit unions have had to pony up atleast $90 million to cover the costs for merchant data breaches.Consumers will benefit if the retailers would start following theindustry security standards and support a strong federal dataprotection law that codifies a requirement that those who acceptcards for payment follow the same standard as those who issue cardsfor payment,” Nussle added.
|The Retail Industry Leaders Association, the trade associationrepresenting leading brick-and-mortar retailers fired back, notingthat some financial institutions had been among the corporationsVerizon found not to have been PCI DSS compliant.
|They also noted the Verizon report itself makes clear that anyfirm which takes payment cards needs to become compliant to thedata security rules. Retailers blamed the overall weakness in thepayment system on the financial institution industry'sunwillingness to adopt EMV compliant cards.
|“Because their refusal to invest in chip and PIN technology inthe United States has made all industries in the card paymentecosystem a tempting target for cyberattacks,” RILA said in a March12 statement. “Despite a willingness to protect cardholders inEurope and Canada with this technology, financial institutions havethus far refused to implement the same security measures in theUnited States that we all know would reduce frauddramatically.”
|Financial institutions declined to adopt EMV with chips due tothe cost, RILA charged, even as retailers are spending billions ofdollars to modify their point of sale terminal to accept paymentcards with embedded EMV computer chips.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
- Exclusive discounts on ALM and CU Times events.
- Access to other award-winning ALM websites including Law.com and GlobeSt.com.
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
