Newsroom

The Payment Security Task Force, of which NAFCU is a member, released a "U.S. Payments Security Evolution and Strategic Road Map" that echoes NAFCU's long-held view that no single measure, such as chip technology, is enough to ensure data security.

"We commend the Payments Security Task Force's efforts in spearheading this thoughtful review to identify ways to better protect consumers' sensitive information," said NAFCU President and CEO Dan Berger. "We agree that chip-and-PIN card technology is not a panacea for data security and preventing merchant data breaches but that a multi-tiered approach is needed. National data security and breach notification standards, for all segments of the payments system, are essential for any program to succeed in keeping consumers' personal and financial data as safe as possible."

In addition to detailing "best practices," the report recommends devaluing or eliminating sensitive data as it moves within and between systems. The report notes that no single measure is enough to fight card fraud. It recommends a multi-tiered approach that includes compliance with payment card industry standards, including chip technology, tokenization and encryption.

NAFCU is also a member of the Financial Services Sector Coordinating Council and the Financial Services Information Sharing and Analysis Center, which work on infrastructure cybersecurity.

NAFCU was the first financial trade organization to call for national data security standards for retailers in the wake of the massive Target data breach last year, and continues to push for legislative action. Credit unions are already subject to standards under the Gramm-Leach-Bliley Act. NAFCU has also pushed for a bipartisan-bicameral working group in Congress to develop a legislative response to the continuing series of retailer data security breaches.