BreachExchange mailing list archives
Bankers seek data breach accountability
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 9 Feb 2015 18:36:58 -0700
http://www.bizjournals.com/phoenix/news/2015/02/09/bankers-seek-data-breach-accountability.html Some consumers received as many as three new credit or debit cards issued from financial institutions and credit card providers in 2014. Those expensive efforts were driven not by security problems with the banks, but data breaches at major retailers. In Arizona, Bashas', Maricopa Community Colleges, Jimmy John's, Target (TGT) and Home Depot (HD) are the most notable. Once news of a breach hits bank security departments, a full-court press goes into effect to protect customers' funds and privacy. The American Banking Association was in front of Congress last week asking for a law to assign accountability for data breaches to the source of the breach. The ABA wants retailers to notify banks and consumers more quickly and be able to detect criminal hacks more quickly. "(Consumers) have a right to trust that, wherever they transact business electronically, the business is doing everything it can to prevent that breach from occurring in the first place,"Doug Johnson, ABA's senior vice president of payments and cyber security policy said. ABA is also seeking a uniform data security standard. "I don't think it's a coincidence that there is less money being put into security today and more data breaches," said Arizona Banking Association President and CEO Paul Hickman. "Retailers should bear the cost. The capped fees not only cut into what a bank can spend on security, it cut into the money available for security system research and development to protect consumers." Funding for the banks' steps come from fees charged to merchants when customers use plastic. The interchange fee, which pays for transaction processing, also is used to fund improved security protection. Former Illinois Sen. Dick Durbin clipped an amendment to the Wall Street Reform and Consumer Protection Act – commonly referred to as the Dodd-Frank Act after its authorsRep. Barney Frank (D.-Mass.) and Sen. Christopher Dodd (D.-Conn.) – that imposed a limit on the interchange fee. "Banks are held to very high standards for security," said Hickman. "Retailers need to be held to the same standard of security. We need laws to protect financial institutions from having to absorb these costs or pass them to our customers." "Data breaches are one of the two most important issues we want to bring to Congress' attention," Credit Union National Association President and CEO Jim Nussle said. "We have to pay first and then wait to see how we're going to get reimbursed. This needs to change for small organizations like credit unions and for community banks, too."
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Bankers seek data breach accountability Audrey McNeil (Feb 13)