The National Association of Federal Credit Unions called on Congress on Monday to move forward on merchant data security standards, urging the National Credit Union Administration to work with other regulators to ensure the protection of consumer data.
NAFCU President and CEO Dan Berger said in letters to House and Senate leaders that any entity that stores personal or financial information should be subject to basic data protection standards.
The letters were sent in the wake of a security breach at Target that affected 110 million customers and a confirmed security breach at Neiman Marcus, though the retailer has not yet said how many customers may be affected.
“These incidents must be addressed by lawmakers,” Berger said in a letter to the Senate. “Every time consumers choose to use plastic cards for payments at a register or make online payments from their accounts, they unwittingly put themselves at risk… Consumers trust that entities collecting [personal and financial] information will, at the very least, make a minimal effort to protect them from such risks. Unfortunately, this is not always true.”
Berger said that while financial institutions are subject to data security standards under the Gramm-Leach-Bliley Act, retailers and other firms that collect sensitive financial and personal data are not held to the same standards.
“While these entities still get paid, financial institutions bear a significant burden as the issuers of payment cards…” Berger said. “They are often forced to charge off fraud-related losses, many of which stem from a negligent entity’s failure to protect sensitive financial and personal information or the illegal maintenance of such information in their systems.”
Berger called on Congress to hold entities responsible for the costs of data breaches that occur in their systems, “especially when their own negligence is to blame,” and to pass legislation requiring entities that store consumer data to meet standards similar to those under Gramm-Leach-Bliley.
Additionally, Berger urged the NCUA to work with the Federal Trade Commission and other regulators on data security efforts.
“As lawmakers continue to monitor the situation and make legislative fixes as necessary, it is imperative that regulators work together to ensure the safety of our data security systems,” Berger said.