Data breaches hurt everyone in system
A Feb. 21 letter from the Illinois Retail Merchants Assn. addressed the role of financial institutions regarding data breaches, as well as a possible "solution." The Illinois Credit Union League feels obligated to dispute these claims in the hopes that all parties in the electronic payments system can move past futile finger-pointing and work together to improve security and protect our customers.
It is important to note that merchants are not required to reimburse financial institutions for the cost of card re-issuance after a data breach, even in the circumstance where the merchant's acts or omissions caused the breach. Nothing in the Visa and MasterCard network rules provide for merchants to cover the costs of card re-issuance. This cost can be quite substantial, particularly for smaller cooperative financial institutions such as credit unions.
The Target breach alone has already cost credit unions nationwide more than $30 million, and those numbers are expected to rise as more report their costs and fraud losses. These expenses will not be reimbursed to credit unions by retailers. Because of credit unions' cooperative structure, these costs are ultimately borne entirely by credit union members, who are ordinary Americans, not rich shareholders or CEOs.
When data breaches occur, America's credit unions spend millions of dollars without skipping a beat to protect consumers by reissuing cards, monitoring accounts and reimbursing customers for fraud. Credit unions pay a steep price after data breaches that they did not cause, all in the name of protecting their members.
Data breaches are a threat to all parties in the payments system. Financial institutions and merchants must work together to implement the best solutions to secure the system and protect consumers from fraud and identity theft, even though these solutions may be costly. Now is the time to put our customers first.
Daniel D. Plauda
Illinois Credit Union League