ARLINGTON, Va.--In advance of the House Small Business Committee hearing today on cybersecurity, NAFCU sent a letter to the Committee sharing its concerns over retailer data security standards.
NAFCU Vice President of Legislative Affairs Brad Thaler sent the letter to Committee Chairman Steve Chabot (R-OH) and Ranking Member Nydia Velazquez (D-NY), emphasizing that a primary concern of credit unions “and their 103 million members continues to be ensuring that our nation’s retailers have the data and cybersecurity standards to protect consumers’ information."
Thaler noted that NAFCU supports many of the efforts to strengthen existing cyber mechanisms, such as the work of the Financial Services Sector Coordinating Council and the Financial Services Information Sharing and Analysis Center, both of which NAFCU is a member. However, he added more needs to be done on the data security front.
"Data security is an important part of the cyber security discussion and every time a consumer uses a plastic card for payment at a register or makes online payments from their accounts, they unwittingly put themselves at risk," wrote Thaler.
Thaler stated that credit unions and other financial institutions are already held to strict data security standards under the Gramm-Leach-Bliley Act (GLBA) but that retailers and the many other entities that handle consumers’ personal information are not.
Thaler also noted a February 2015 survey of NAFCU members that found the estimated costs associated with merchant data breaches in 2014 were $226,000 on average.
He urged support for HR 2205/S.961, the Data Security Act of 2015. This legislation would create a national standard of data security for all industries that handle sensitive information based on the standards in GLBA.