Newsroom

May 24, 2011 – NAFCU President Fred Becker, in a letter published in Monday's Washington Post Capital Business, pressed anew for a delay of the Federal Reserve's debit interchange fee-cap rule as one way to mitigate losses to credit unions due to fraud costs arising from merchant data breaches.

In the letter, also circulated to the U.S. Senate, the NAFCU president urged that merchants, which so far have escaped any statutory obligation to guard against the theft of consumer data, finally be made accountable for the costs of data breaches resulting from their own negligence.

Becker wrote that not a week goes by without a major retailer or company reporting a breach of its customer database. He cited the recent breaches at Michaels Stores and Sony as key examples. Due to such breaches, "millions of consumers are put at risk, and financial institutions such as credit unions must shoulder the cost of reissuing cards" when it was the retailers that failed to protect their customers' data.

These costs are covered in part by the interchange income card issuers receive on the use of debit cards at merchant locations.

The Fed's proposed, 12-cent fee cap, Becker noted, is expected to cost Mid-Atlantic FCU, a Washington, D.C.-area institution, as much as $600,000 a year.

To support his case, Becker noted the following:

• A recent Javelin Strategy and Research study found that while identity theft declined over the past year, debit-card fraud accounted for 36 percent of crimes committed with cards already in circulation in 2010, up from 26 percent in 2009.
• A Symantec and Ponemon Institute survey showed that data breaches have grown more costly over each of the past five years. The average organizational cost of a data breach has risen to $7.2 million, or $214 on average per compromised record. That's up from $204 in 2009. Breaches caused by negligence rose to 41 percent last year and averaged $196 per record, the survey showed, up 27 percent from 2009.

Becker said merchants should be held to standards for protecting sensitive data that are similar to those imposed on credit unions and other financial institutions.

Meanwhile, NAFCU is urging credit unions to keep up their efforts to win added support and passage of S. 575, a bill that would delay the Fed's proposed debit rule and require a study of its impacts. To contact lawmakers, go to SaveYourDebitCard.com, or dial 202-224-3121.