Several witnesses testified before the Senate Banking Committee last week, stressing the need for additional data protection standards and breach notification requirements.
Federal Reserve Governor Daniel K. Tarullo said the government should maintain a “big view” of the payments system and ensure the security of consumer data as it considers new standards.
Tarullo said regulators and policymakers need to keep in mind the consumers who use credit cards. He said cyercriminals seek to attack the weakest link in the security chain, adding that more general and far-reaching data security standards are necessary.
Other witnesses at the hearing, entitled “Oversight of Financial Stability and Data Security,” echoed those concerns. Comptroller of the Currency Thomas Curry also said it may be necessary to implement data security notification requirements to ensure consumers are aware when a breach has occurred.
FDIC Chairman Martin Gruenberg, also a witness at the hearing, said data security practices of non-banking entities need the most regulatory attention.
The statements align with changes advocated by the Credit Union National Association, which urged lawmakers last week to look at how consumer data is protected and to determine the necessary improvements required to prevent future breaches.
“Focusing on one payment method as the absolute answer to solving data security breaches is both shortsighted and distracts from the greater need of a federal data security framework for all entities,” CUNA President and CEO Bill Cheney said in a letter to Congress.