Newsroom

January 22, 2014

National data security standards should apply to retailers, Berger reiterates

NAFCU President and CEO Dan Berger reiterated a call for national data security standards for all parties in a letter last night to House and Senate leaders.

In his letter, sent following a National Retail Federation letter that included support for federal standards, Berger reiterated a call for action.

"NAFCU once again reiterates its call on Congress to make the issue of data security a priority in 2014 by convening hearings on the data protection standards of merchants and what can be done to strengthen them and how retailers can better assist financial institutions when breaches occur," Berger said in letters to Senate Majority Leader Harry Reid, D-Nev., Minority Leader Mitch McConnell, R-Ky., and House Speaker John Boehner, R-Ohio, and Minority Leader Nancy Pelosi, D-Calif.

Some are urging financial institutions to switch to a chip-and-PIN card, but Berger said that is "no panacea for data security and preventing merchant data breaches." He added that many retailers only accept magnetic stripe technology at the point of sale and that chip-and-PIN cards can still be compromised in online purchases.

Berger said there is a real need for greater national data security standards. He said:

  • merchants should be held accountable for breaches occurring on their end, including fraud costs and payment card replacement;
  • any entity storing consumer data meet should standards similar the Gramm-Leach-Bliley Act's requirements for financial institutions; and
  • a requirement that merchants post their data security policies at point of sale if they take sensitive financial data.

NAFCU was the first financial trade association to call on this Congress to hold retailers accountable for their data security, including it as a key plank in the association's five-point plan for regulatory relief last February.