Newsroom

Feb. 11, 2014 – NAFCU's Economic & CU Monitor survey found that among survey respondents, an average of 10,300 debit and credit card accounts – representing about 13.9 percent of their total card accounts – were affected by merchant data breaches in 2013.

"The survey findings are staggering," NAFCU Chief Economist David Carrier said. "Credit unions are being hit by a double whammy in terms of numbers of possible data breaches and costs while they continue to pick up the tab for retailers who are not subject to the same high level of data security standards.

"It is ironic that despite the ample rules in place to ensure data protection standards at financial institutions like credit unions, merchants and retailers are not held accountable for data breaches," he continued. "Cybercriminals will continue to capitalize on this double standard and wreak havoc with consumers and our economy. "

The Monitor, which was released on Monday, also showed that among survey participants, the average cost for a credit union of dealing with the Target breach was $45,000, while the total cost for the industry is estimated to be as much as $30 million. Survey respondents also said they were alerted to possible data breaches, on average, 263 times in 2013, and that the average amount they spent on security measures was $158,600.

Almost half of respondents (42 percent) believe their reputations were adversely affected due to a merchant data breach.

NAFCU is urging Congress to pass S. 1927, the "Data Security Act of 2014," by Sens. Tom Carper, D-Del., and Roy Blunt, R-Mo. The bill would leave the existing federal standards for financial institutions intact, and extend the protection further, by setting national standards for all merchants and retailers to follow in protecting data, providing timely breach notification and paying their share of the clean-up when breaches occur. NAFCU was the first financial services trade association to respond to the Target breach by calling for national data security standards for merchants.