Newsroom

December 10, 2014

Crapo, in hearing, notes data breach burden to CUs

During his opening remarks for a Senate Banking hearing on cybersecurity Wednesday, committee Ranking Member Mike Crapo, R-Idaho, mentioned the steep losses credit unions and other financial institutions have faced in the wake of recent data breaches.

Wednesday's hearing, "Cybersecurity: Enhancing Coordination to Protect the Financial Sector," featured testimony from representatives from the Treasury Department, the Homeland Security Department, the Office of the Comptroller of the Currency, the U.S. Secret Service and the FBI.

Valerie Abend, the senior critical infrastructure officer of the OCC, noted the regulator's support to require that merchants "help make affected consumers whole" after a breach. "[F]inancial institutions compensate customers for fraudulent charges and replace credit and debit cards, and monitor account activity for fraud at significant cost," she said in her opening statement. "We would support efforts to even the playing field between banks and merchants."

Ahead of Wednesday's hearing, NAFCU Senior Vice President of Government Affairs and General Counsel Carrie Hunt wrote leaders of the committee urging them to support a national data security standard for retailers. Hunt also noted NCUA Chairman Debbie Matz's call for retailer accountability for data security breaches on their end and the resulting costs so credit unions and other financial institutions are not left to foot the bill.

NAFCU was the first financial trade group to ramp up the call for national data security standards for retailers in the wake of last year's Target breach. It is a member of the Payments Security Task Force, a diverse group of participants in the payments industry focused on EMV chip implementation, including ways to help reduce testing and implementation time, as well as driving a discussion on payments system security. It is also a member of the Financial Services Sector Coordinating Council and the Financial Services Information Sharing and Analysis Center, which work on infrastructure cybersecurity.