Breaches: Retailers Aren't Doing EnoughBanks Need Congressional Support for Stronger Data Security
Identity theft is a harrowing experience for consumers. Some felon across town or around the world starts spending your money, using your accounts, your cards and your identity. Fortunately for consumers, their bank safeguards their accounts and protects them from loss.
For banks and their customers, Home Depot's security failures are painful episodes of dÃ©jÃ vu. We've been here too many times.
The bank that issued their card covers fraud losses in nearly all cases. Regardless of where the breach occurred, regardless if retail store security systems failed or card users were not properly identified, the consumer's bank covers the cost not only for the fraud loss, but also for the costs to alert the customer, freeze a compromised account and re-issue cards.
For banks and their customers, Home Depot's security failures are painful episodes of dÃ©jÃ vu. We've been here too many times. Identities and accounts were stolen from retailers, but banks made customers whole.
This must change. Every player in the payment processing system must be responsible for safeguarding customer identities and accounts. Otherwise, consumers will not be secure. The retail industry that uses and benefits from the payments system must also share responsibility for safeguarding their customers and be responsible for their own failures.
Banks routinely insist on proof of identification and invest in the highest standards for data and identity security. Banks take very seriously the sensitivity of personal and financial data. The banking industry supports an enormous system of regulators and examiners that aggressively enforce privacy and account security laws. The industry invests hundreds of millions of dollars annually in the best security systems and rigorous employee training for fraud prevention and required immediate reporting.
When accounts are stolen from a retailer, the consumer is held harmless financially - rightfully so; he or she is the victim of very complex crime. Their bank stands with their customers.
Dennis Koons of the Michigan Bankers Association on why retailers must be held to a higher cybersecurity standard.
With so many orchestrated and continuing instances of massive data breaches, it's past time for Washington to act. Until all players in the payments system own responsibility for their handling of customer accounts, the consumer is at risk. Every party involved, including retailers at the point of sale, must step up to the challenge, meet industry standards for security systems, train their staffs to spot fraud and be accountable for failing their customers. Our payments system is only as strong as its weakest link.
Several laws currently under consideration in the U.S. Senate would help. One example is S. 1976, better known as the Data Security and Breach Notification Act of 2014, introduced by Sen. Jay Rockefeller, D-W.V. The bill authorizes the Federal Trade Commission to write new rules requiring retailers and other companies to protect consumers' personal data and notify individuals promptly in the event of a breach. Violators would face civil penalties.
Washington must do its part to make sure that our credit processing system is strong and secure. Our consumers deserve it.
Dennis Koons is president and CEO of the Michigan Bankers Association.