DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Credit unions want merchants held to same data security standards

Posted on December 3, 2011 by Dissent

The Credit Union National Association is pushing for change – and although there will be pushback from the merchant sector, a lot of what CUNA is pushing for is consistent with what privacy advocates want:

Data security is a critical issue and the U.S. Congress should consider legislative changes to protect consumers, such as requiring merchants to meet the same high standards for data protection to which credit unions and other financial institutions are subject, the Credit Union National Association (CUNA) said in a letter sent to a key lawmaker Thursday.

Additionally, Congress should permit financial institutions to disclose the source of data breaches affecting their members or customers, and merchants should be required to reimburse consumers and financial institutions for costs associated with data breaches, CUNA President/CEO Bill Cheney wrote in a letter to the chairman of the House Small Business subcommittee on health and technology, Rep. Renee Ellmers (R-N.C.). The subcommittee conducted a hearing yesterday entitled hearing “Cyber Security: Protecting Your Small Business.”

Cheney wrote that until merchants are held to high standards for data security as financial institutions, such as credit unions, are, the consumer will “remain vulnerable to a system that does not protect their information.”

Without federal requirements forcing merchant to notify their customers of a data breach, the burden of notification to the consumer lies with the financial institution that issued the payment card.

“However, financial institutions cannot specify which merchant was responsible for the breach and also bears the costs of issuing new payment cards, and making any loss to the consumer’s account whole. The merchant bears no financial responsibility in the case of a data breach,” Cheney underscored in his letter to Ellmers.

The complete text of CUNA’s letter is available on CUNA.

h/t, insurancenews.net

Category: Breach LawsCommentaries and AnalysesFederalLegislation

Post navigation

← Tennessee mailing error results in employees canceling insurance and scrambling to monitor their credit
College fails to properly dispose of documents – Privacy breach at Red River →

2 thoughts on “Credit unions want merchants held to same data security standards”

  1. garykva says:
    December 7, 2011 at 6:58 am

    The Credit Unionss have a valid point, but, the Credit Unions aren’t using the high tech gadgets to prevent fraud. What about those ATM and CC with RSA style PINS? Biometrics ? There are a ton of possibilities. They issue the same card the same way each time. Thats simply throwing more money into a procedure that is dated and broke. As I have stated before, if a card gets compromised in this era, its impossible to know where the actual breach occurred. Pinpointing a merchants action when the merrchant has a break in or theft of an item with PII is a bit easier. But I don’t know many small ( I mean small, eg; mom and pop shops) that can afford the securities that banks have. Sure, if you allow me the comforts and protections that a bank/cu gets I am all for security. Simply blurting out a statement like this means the CU’s better ante up loans (NOT) which are directly related to security improvements. Legalities in rental of properties mean modifications may or not be allowed in many strip style malls. If a crook wants in, thru a glass window, a sledge thru a wall or other means, they will get in to the location. Unless all items are locked up each night in a safe that would take 10 people to lift, then, its a challenge. In the world of small business, the majority of people get lax on security over time. It’s nature of the beast. They get a taste of that false sense of security, and one time is all it takes.

    If most people could afford the property, building and stock out of pocket, they’d probably be retired, instead of putting up with the chaotic economy. With a store in the mall, the protections are pretty much there,and may have a better chance of protecting PII from theft.

    Heck if the government would step in and offer free awareness training and proper handling of PII, some of this may be thwarted. I am sure some person who thinks ripping off PII is worth it until they see a person in a prison suit, explaining what they did – and eventually lost because of it, may keep them from even thinking about it further. Heck offer an one time grant or other monetary incentive to participants – one per area (county/region/state). Have the large corporations offer a laptop with encryption and a lojack style device for cost. That drums up business and awareness at the same time.

    In the world of electronics, it comes down to security – or ease of use; the latter usually wins, and the crooks walk off with the laptop or thumb drive or other hand held device. Pick your poison when it comes to staff policies and procedures. I agree they are chaotic at best, but if thats what the goverment wishes to accept as is, then they eventually will have a heck of a mess to clean up. Again its easy to say “hold them responsible as a CU” well, if they can pay hush hush money and do things that do not make the press, its more of a “Do as I say, not as I do” muttering.

  2. Freddyfrgg says:
    December 8, 2011 at 11:48 am

    Hi there my first occasion on this website, but I must say that you raise quite a few useful points, making for a truly interesting topic.
    Thanks a lot.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
  • CISA Alert: Updated Guidance on Play Ransomware

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.