WASHINGTON (1/31/14)--Protecting consumers following a data breach is a "shared responsibility," and "everyone, merchants included, must do their part," Credit Union National Association President/CEO Bill Cheney said in a PaymentsSource editorial published Thursday.
"Electronic payments in the United States are part of a sophisticated system that handles millions of transactions worth billions of dollars every day. When a data breach occurs, the system protects the consumers. But for the system to continue functioning when these breaches occur, all the participants of the system have to meet their responsibilities, take care of American consumers and save the finger pointing for another day," Cheney added.
The CUNA CEO responded to a Douglas Kantor blog post on PaymentsSource. In his post, Kantor, who serves as counsel to the Merchants Payments Coalition, asserted that lax card security standards were to blame for the Target data breach.
Cheney noted that for the moment, "no one knows the precise cause of the breach at Target...how the intrusion occurred is still a mystery.
"What is known, however, is that the breach has left tens of millions of customers with their personal information exposed," Cheney said.
Credit unions immediately moved to protect their members, reissuing cards and increasing account monitoring, he said. "We didn't wait to assess how the breach occurred or whom we could blame; we acted swiftly to protect our members. While these efforts brought significant expenses to credit unions, they are also the reasons our members remain confident in their credit unions and payment system," Cheney said.
And, while Kantor and retailers tout chip-and-PIN cards and payment card industry (PCI) standards as solutions to data breach issues, Cheney said those tools would not have prevented the theft of consumer marketing data during the Target breach. "Chip and PIN, to be truly effective, requires that retailers encrypt all data along the point of sale chain, decrypting it only outside of the merchant environment," he wrote.
CUNA has repeatedly encouraged Congress to consider legislation that holds merchants to the same standards as financial institutions when they handle financial transactions, and that permits financial institutions to disclose the source of the data breach and seek reimbursement from the merchant for the cost of the breach. CUNA supports chip-and-PIN cards as one way of addressing data security issues, but adds that other steps also need to be taken.
For the full PaymentsSource editorial, use the resource link.