All players needed to combat data breaches

The new Congress will have its work cut out for it this year as the House and Senate establish legislative priorities and adjust to changing dynamics on various priorities for the American people.  While significant legislative debates no doubt lie ahead, one especially timely issue presents a common problem that Democrats and Republicans should be able to work together to solve.   

Last year, Americans seemed to be hit with data breaches one after the other.  A December poll found that just under half of us have experienced some sort of breach.  The theft of personal information from more than 80 million J.P. Morgan Chase account holders’ last summer, and the highly publicized attack on Sony has brought this issue to light for many on Capitol Hill and in middle America.

{mosads}Because hackers have targeted both retail stores and financial institutions, it is important for both sectors to work together effectively to provide greater security for the entire electronic payment sphere.  When customers make electronic purchases in a store, they are doing so with a card issued by a bank or credit union.  Both the store and the card issuer have a responsibility to put their customers’ security first.

Last year, 19 different business groups came together to establish the Merchant-Financial Cyber Partnership.  Over the course of nearly 50 meetings, some 250 individual executives met to hear from outside experts and chart a way forward toward stronger data protection measures.  Their recommendations, recently submitted to the new Congress, include updating the federal criminal code to better reflect the changing nature of the online underworld responsible for devastating cyber-attacks, along with increasing government research and introducing “safe harbor” liability protections for threat information shared in good faith.

These are basic principles that not only the business community, but elected leaders on both sides of the aisle and in both houses of Congress should be able to embrace.  One group, however, has removed itself from the collaborative process: credit unions.

While a number of banking industry groups – including the American Bankers Association (ABA) and the Independent Community Bankers of America (ICBA) – are contributing members of the Merchant-Financial Cyber Partnership, credit unions have taken no part in the group’s activities.  Instead, they seem to prefer poisoning the process by lobbing inaccurate and misleading statements that are in no way constructive to the process of bolstering payment security.

Credit unions continue to spread the false claim that retailers make no contribution to the costs incurred by data breaches.  In a recent op-ed in The Hill, B. Dan Berger, CEO of the National Association of Federal Credit Unions, says this responsibility is thrust solely upon credit unions “often at great expense, without help or compensation from the breached entity.”  He need only look no further than the terms his card issuers have negotiated with major card companies for proof that this is not the case.  Merchants do indeed contribute to breach cleanup costs by contractual agreement.  A small financial institution that provides its customers with MasterCard cards will receive payment from merchants to help with replacing any compromised cards.

One step that could be taken almost immediately to usher in safer electronic payments is the widespread American introduction of “chip-and-PIN” payment cards, known the world over as a safer alternative to magnetic stripe cards.  But credit unions insist on standing in the way of this innovation.  They ignore facts surrounding the greater protections “chip-and-PIN” cards provide their own customers including the Federal Reserve stating PINs can make payments up to 700 percent safer.

A unique opportunity exists to work with President Obama along with the new Congress to make real advances on the path to greater protections for Americans.  And credit unions should either join in the collaborative effort or stop obstructing progress to serve their own agenda.  The first thing they can do is to stop the misleading attacks and embrace 21^st Century “chip-and-PIN” cards which will protect their own customers from the same cyber-attacks they denounce.

Kennedy is president of the Retail Industry Leaders Association and Shay is president of the National Retail Federation.