February 05, 2014

NAFCU, others set record straight on data security

In joint letters sent to both the House and Senate yesterday, NAFCU and five other financial trades refuted "misleading and counterproductive" statements being made by retailers about data security breaches in hearings this week.

The letters recognized and appreciated the acceptance of responsibility taken on behalf of Target and Neiman Marcus, whose executives have testified before Congress this week on their data breaches. The executives, in their testimony, accepted responsibility and agreed to work with lawmakers and the financial industry to better protect consumers.

However, the industry trades also pointed out that many in the retail industry do not appear to share the views expressed by Target and Neiman Marcus and attempt to divert attention and duck responsibility. In an effort to set the record straight, NAFCU and the other financial trades noted the following:

  • In 2013, 77 percent of data breaches occurred at healthcare facilities and other retailers and only 4 percent at financial institutions.
  • Chip-and-pin technology is not a cure-all, as these recent breaches involved intrusions into computer networks of companies. The companies' internal firewalls were breached, and new card technology could not have prevented that.
  • Currently, it is up to financial institutions to make breach-affected consumers' whole. They are the ones replacing cards and reimbursing consumers for fraudulent charges and often are not reimbursed themselves.