Bank-style rules for small business are wrong approach to data security

House Financial Institutions and Consumer Credit Subcommittee Chairman Randy Neugebauer(R-Texas) and fellow Financial Services Committee member Rep. John Carney (D-Del.) have a plan. They want to mandate bank-like regulations on millions of small businesses around the country in the name of improving credit and debit card security.

Card security is an important issue, but the Neugebauer-Carney mandate would mean additional costs and complexities for businesses already struggling to cope with a crush of red tape from Washington.

Everything about the Neugebauer-Carney plan is wrong.

{mosads}Banks have tough rules because a criminal hack could drain customer accounts in an instant and threaten the safety and soundness of the entire financial system. That’s appropriate for banks. But the small businesses Neugebauer and Carney want to target and regulate simply don’t pose the same kind of risk.

Neugebauer and Carney say tough new rules are needed because business breaches have meant that community banks and credit unions have had to spend millions of dollars to reissue cards. But if they want to improve card security, they should start by asking the card industry cartel dominated by Visa and MasterCard why the United States is the last market in the world to replace the easily-copied magnetic stripes currently used to store data on cards with far-more-secure encrypted computer microchips? And why do the card giants want to continue having consumers scrawl an illegible, meaningless signature instead of punching in a secret, secure personal identification number like consumers in the rest of the world? Combined use of chips and PINs would make it harder for thieves to make use of stolen card numbers and take away much of the incentive to steal the data in the first place.

Congress has been down this path before. In 2007, Congress passed a law to combat identity theft that directed to the Federal Trade Commission to develop standards very similar to those Neugebauer and Carney want. It soon became apparent that virtually every business in America was going to need to create an elaborate plan to comply with the rules even if there was little real risk. Once the outrageous scope of the “Red Flags” proposal was understood, Congress voted unanimously to roll back the rules at the end of 2010.

Rather than wasting time with a new scheme to regulate Main Street businesses already too busy just trying to stay afloat, Congress should take concrete steps to make sure the credit card cartel finally does the right thing and makes its cards secure.

Replacing signatures with PINs would be a good first step.

French is senior vice president for Government Relations at the National Retail Federation in Washington, D.C.