There are those who are serious about improving cybersecurity and protecting consumers, and there are those dedicated to using the threat to achieve their short-sighted and self-interested goals. California Credit Union League’s op-ed (“Retail data breaches need action from Legislature,” Viewpoints, Sept. 14) suggests it is firmly planted in the latter category.
Cybercriminals are persistent, their methods are increasingly sophisticated and, as we have seen, no industry is immune from attack, even banks. The rosy picture that the credit unions paint of financial institutions successfully deflecting cyberattacks is belied by the facts. According to the 2014 Verizon Data Breach Investigations Report, of the 1,367 incidents last year that resulted in the loss of data, 465 occurred at financial institutions.
Just last month, banking giant JPMorgan reported a breach months after cybercriminals first exploited a flaw in their website to gain entry into their systems. According to the same report, fewer than 150 such incidents affected retailers. These figures provide important context missing from the credit union’s arguments.
For those businesses that connect to the debit and credit card networks, the volume of attacks is particularly intense because we still use antiquated magnetic stripe technology. Issuing banks in every other G-20 nation have migrated away from this ’60s-era technology and to a substantially more secure technology, known as chip and PIN.
Retailers are on track to have completed an enormous investment in order to be able to accept chip and PIN cards next year. Yet, there is little promise that banks will issue such cards. Instead, banks intend to begin issuing chip cards without requiring PINs, a feature that is proven to reduce fraud. Some institutions won’t even clear that bar. According to the Credit Union Times, more than half of credit unions are expected to miss an October 2015 deadline to issue cards equipped with chips.
Ultimately, consumers and account holders deserve solutions, not just finger-pointing and misinformation. That is why the merchant community is working with the financial services industry to strengthen protections for consumers.
The Merchant Financial Services Cyber Security Partnership is a collaborative effort that has brought together more than 250 executives from all segments of the merchant community to work with their financial services peers to protect their shared customers. Unfortunately, while retailers, restaurants, convenience stores, hotels, national banks, card networks and community banks have joined the partnership, one financial services interest has refused to participate: credit unions. Perhaps because they believe their own spin.