January 18, 2014

Berger in CUInsight: Retailers must take responsibility

Jan. 21, 2014 - NAFCU President and CEO Dan Berger kept the heat on Congress in a CUInsighteditorial saying retailers must take responsibility for the consequences of data security breaches on their end.

In the wake of the Target Corporation that affected as many as 110 million consumers, Berger said the lack of regulation governing retailers' cybersecurity measures is dangerous.

"These breaches are not on the way out any time soon.They happen, and they will continue to happen," Berger wrote. "Neiman Marcus has already admitted to a data security breach on their end in recent weeks as well. Credit unions shouldn't be the ones left holding the bag. Right now, retailers do not have enough incentive to spring for better data security because they won't be ultimately responsible when the security fails. Meanwhile, credit unions must pay for the mistakes of others. Until this situation changes, consumers will remain at risk."

Berger also referenced NAFCU's five-point plan for regulatory relief - which was sent to Congress in February - and its emphasis on data security. NAFCU was the first financial trade association to call on Congress for increased retailer responsibility, after the Target breach. Berger urged lawmakers to pass legislation with measures that would protect consumers, including:

  • a requirement that merchants be accountable for costs of breaches on their end;
  • a requirement that any business entity responsible for the storage of consumer data meet standards similar to those imposed on financial institutions under the Gramm-Leach-Bliley Act;
  • a requirement that merchants post their data security policies at the point of sale if they take sensitive financial data.