The Credit Union National Association is pushing for change – and although there will be pushback from the merchant sector, a lot of what CUNA is pushing for is consistent with what privacy advocates want:
Data security is a critical issue and the U.S. Congress should consider legislative changes to protect consumers, such as requiring merchants to meet the same high standards for data protection to which credit unions and other financial institutions are subject, the Credit Union National Association (CUNA) said in a letter sent to a key lawmaker Thursday.
Additionally, Congress should permit financial institutions to disclose the source of data breaches affecting their members or customers, and merchants should be required to reimburse consumers and financial institutions for costs associated with data breaches, CUNA President/CEO Bill Cheney wrote in a letter to the chairman of the House Small Business subcommittee on health and technology, Rep. Renee Ellmers (R-N.C.). The subcommittee conducted a hearing yesterday entitled hearing “Cyber Security: Protecting Your Small Business.”
Cheney wrote that until merchants are held to high standards for data security as financial institutions, such as credit unions, are, the consumer will “remain vulnerable to a system that does not protect their information.”
Without federal requirements forcing merchant to notify their customers of a data breach, the burden of notification to the consumer lies with the financial institution that issued the payment card.
“However, financial institutions cannot specify which merchant was responsible for the breach and also bears the costs of issuing new payment cards, and making any loss to the consumer’s account whole. The merchant bears no financial responsibility in the case of a data breach,” Cheney underscored in his letter to Ellmers.
The complete text of CUNA’s letter is available on CUNA.