WASHINGTON—Calling Cyber Monday sales invitations for fraudsters to steal payment card data, NAFCU again emphasized the need for Congress to pass national data security standards for merchants and retailers.
“Data breaches have exceeded last year’s record, and millions of consumers have already had their information compromised, yet retailers continue to resist critically needed national data security standards,” said NAFCU President and CEO Dan Berger. “With this void in protection, every retailer’s sale sign is a welcome sign for cybercriminals and a hazard for consumers who may unwittingly fall victim to a retail data breach.”
It has been more than a year since the move to EMV and the implementation of corresponding payment terminals, but this alone is not a silver bullet, NAFCU said.
“Data breaches resulting from malware or fraudulent transactions via e-commerce (card-not-present transactions) have proved to be quite vulnerable. According to Adobe reports, more than $5 billion has already been spent online this past holiday weekend,” stated NAFCU. “On Black Friday alone, a new record was set with more than $3 billion in sales, exceeding last year’s record by 21%. With Cyber Monday sales yet to be tallied, the possibility for online fraud is daunting.”
To date, there have been 901 data breaches in 2016, compared with 781 in 2015, according to Identity Theft Resource Center. Of those breaches, the business sector, which includes retailers, was responsible for 397 incidents, 44.1% of the breaches and 5.5 million exposed records, NAFCU reported.
As CUToday.info reported, last week Madison Square Garden Co. acknowledged it was hit by a data breach affecting payment cards used at its locations between Nov. 9, 2015, and Oct. 24 of this year.
NAFCU said it has steadfastly championed the need for Congress to pass national data security standards for merchants and retailers.
“The “Data Security Act” (HR 2205/S. 961) would establish a strong national data security standard for retailers similar to what credit unions already follow under the Gramm-Leach-Bliley Act,” NAFCU said. “Introduced in the House by Rep. Randy Neugebauer (R-TX) with Rep. John Carney (D-DE), as an original cosponsor, and in the Senate by Sens. Tom Carper (D-DE) and Roy Blunt (R-MO), the bill would also establish strict disclosure rules – requiring that retailers tell consumers when their information has been compromised – and protect consumers’ and financial institutions’ ability to sue retailers for financial and punitive damages.”