October 07, 2015

Roche pushes national data security standard

The best way to protect the financial system against payments fraud is through a national data security standard, NAFCU witness Jan Roche, president and CEO of State Department Federal Credit Union, told lawmakers Wednesday during a House Small Business Committee hearing on the EMV transition.

A national data security standard, Roche said, "gets us all focused and makes sure we stay ahead of the fraud." Roche was responding to a question from Rep. Donald Payne Jr., D-N.J., on whether the U.S. will see an uptick in online fraud as EMV cards become more prevalent.

She continued, reiterating that EMV and chip technology only helps with one kind of fraud being committed and would not have prevented data breaches like Target's breach in 2013. She said legislation such as H.R. 2205, the "Data Security Act of 2015," would better prepare all those involved in the payments industry to fight against all kinds of fraud.

The NAFCU-backed H.R. 2205, introduced by Reps. Randy Neugebauer, R-Texas, and John Carney, D-Del., would create a national data security standard that is flexible and scalable, does not mandate static technology solutions and recognizes those who already have a working standard under the Gramm-Leach-Bliley Act.

The House Small Business Committee hearing yesterday largely discussed the EMV transition and its impact on small businesses. Roche testified alongside representatives from Visa and the Electronic Transactions Association.

Regarding the liability shift in place since Oct. 1, U.S. Vice President for Risk Products at Visa Stephanie Ericksen said it will take another four to five years to have a 90 percent participation rate for both merchants and financial institutions regarding the new EMV technology. She said as of July, 60 percent of consumers had at least one chip card in their wallets.