WASHINGTON -- Knowing of community bankers' concerns over the rising costs of the data security breaches of major retailers and the reputational risk when the source of such breaches is not disclosed, members of Congress offered their support for legislation.
During America's Community Bankers Government Affairs Conference last week, Senator Jack Reed (D-R.I.) said he is sensitive to the issue and noted that the Stop & Shop grocery stores in his home state were recently hit. He commented that the technology of the information thieves is staying one step ahead of the mechanisms being put in place to try to stop them.
Congressman Tom Feeney (R-Fla.) stated that some sort of "indemnity" should be provided for issuing financial institutions from the breached entities.
Visa USA Senior Vice President of Public Policy Mark McCarthy explained what his company is doing prior to any legislation being implemented. "We can't wait for legislation to solve this problem," he said. "We've got to get the word out now."
Last October, Visa began fining merchants in violation of its data collecting and retaining rules $10,000 a month and if they do not comply "quickly" that fine escalates. Then interchange discounts an organization may qualify for will be taken away for noncompliance. Finally, institutions can file for reimbursement with Visa and recover $1 per card potentially at risk.
McCarthy added that Visa is in support of passing good legislation that includes risk-based notifications to consumers, disclosure of where the breach occurred, and giving the Federal Trade Commission "explicit authority" to pursue entities lacking "reasonable security."
He explained that Visa is on the fence about whether cost recovery should be in federal statute or up to the states and how it could work with Visa's already established program. "We are looking at ways that operational expenses are covered. We are looking at ways fraud costs are recovered," McCarthy said.
The bankers in the room were not convinced. ACB Chairman Mark Macomber, president/CEO of Litchfield Bancorp in Litchfield, Conn., said he had 1,400 cards compromised in the TJX breach. "I don't see card providers paying attention to what's happening on the other side," he later told the press. The issuing financial institution is expected to take on all of the reputational risk, he said, when it has done nothing wrong. Other ACB officials agreed that card providers make the bulk of their money from the merchants.
A rare class action suit has been filed on behalf of banks against TJX, ACB President/CEO Diane Casey-Landry pointed out. "I think it sends a message to retailers that the banks are serious," she stated. --scooke@cutimes.com
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.