Data Breaches are a Big Problem

Merchants are not subject to the same federal data protection standards as financial institutions, such as credit unions and banks. This means that some merchants fail to invest sufficiently in data security measures. As a result, it can be easier for hackers to gain access to a person’s credit card number, debit pin number, or other sensitive data through a merchant. Hackers can then sell this information to bad actors, or use it themselves to fraudulently buy things with the stolen data.

For the past several years, merchant data breaches have been increasing.

A number of merchants have a bad track record and shift their mistakes to others

Although most consumers have probably only heard about a few breaches, over 500 data security breaches have occurred in 2014 which have exposed over 75 million data records.

Source: The Identity Theft Resource Center

When a data breach occurs, the merchants are not required to pay the costs to send individuals their new cards and generally pay none of the fraudulent charges an individual may have on their cards or accounts. In fact, when merchants are responsible for the breach, they are rarely required to pay ANY costs incurred by others. Who is stuck paying these costs for data breaches? Your Credit Union or Bank—and ultimately, consumers like you.

If merchants can shift most of the costs of their data breaches to others, what incentive is there to increase their data security?

The answer is simple, none.

For More Information, Read the Op-Ed Pieces Below

Credit Unions Have Been There to Protect Their Members and Customers

Consumers will be protected from fraudulent charges on their cards due to a breach, and the cost is generally picked up by the credit union, not by the merchant where the breach occurred.

Financial institutions are limited by law in disclosing many of the circumstances of a data breach. Often they are not able to disclose the merchant responsible.

Financial institutions clean up the mess when a merchant data breach occurs by informing members and customers and reissuing new credit and debit cards if required. In addition, financial institutions pursue criminals through available legal channels on behalf of their members, saving them time and legal expenses.

Credit unions and banks are working hard to adopt chip, but that will not reduce all the card-not-present fraud. And if a financial institution has not issued chip cards by the deadline, that institution is not be eligible for any eventual reimbursement of any breach costs.

Ensuring members’ data safety is a top priority of your credit union.

Credit Union Members and Bank Customers Get Stuck With The Bill

Time To Take Action

Let Congress know it is time to take action and hold merchants accountable for data breaches. Stop the Data Breaches!

Tell Congress merchants should be required to reimburse credit unions for the costs they incur as a result of merchant breaches.

Let Congress know that credit unions should be able to tell their members the name of a merchant causing the data breach.

Click here to Take Action NOW



Stop the Data BreachesHome