Bankers seek data breach accountability

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.bizjournals.com/phoenix/news/2015/02/09/bankers-seek-data-breach-accountability.html

Some consumers received as many as three new credit or debit cards issued
from financial institutions and credit card providers in 2014. Those
expensive efforts were driven not by security problems with the banks, but
data breaches at major retailers.

In Arizona, Bashas', Maricopa Community Colleges, Jimmy John's, Target
(TGT) and Home Depot (HD) are the most notable. Once news of a breach hits
bank security departments, a full-court press goes into effect to protect
customers' funds and privacy.

The American Banking Association was in front of Congress last week asking
for a law to assign accountability for data breaches to the source of the
breach. The ABA wants retailers to notify banks and consumers more quickly
and be able to detect criminal hacks more quickly.

"(Consumers) have a right to trust that, wherever they transact business
electronically, the business is doing everything it can to prevent that
breach from occurring in the first place,"Doug Johnson, ABA's senior vice
president of payments and cyber security policy said. ABA is also seeking a
uniform data security standard.

"I don't think it's a coincidence that there is less money being put into
security today and more data breaches," said Arizona Banking Association
President and CEO Paul Hickman. "Retailers should bear the cost. The capped
fees not only cut into what a bank can spend on security, it cut into the
money available for security system research and development to protect
consumers."

Funding for the banks' steps come from fees charged to merchants when
customers use plastic. The interchange fee, which pays for transaction
processing, also is used to fund improved security protection.

Former Illinois Sen. Dick Durbin clipped an amendment to the Wall Street
Reform and Consumer Protection Act – commonly referred to as the Dodd-Frank
Act after its authorsRep. Barney Frank (D.-Mass.) and Sen. Christopher Dodd
(D.-Conn.) – that imposed a limit on the interchange fee.

"Banks are held to very high standards for security," said Hickman.
"Retailers need to be held to the same standard of security. We need laws
to protect financial institutions from having to absorb these costs or pass
them to our customers."

"Data breaches are one of the two most important issues we want to bring to
Congress' attention," Credit Union National Association President and CEO
Jim Nussle said. "We have to pay first and then wait to see how we're going
to get reimbursed. This needs to change for small organizations like credit
unions and for community banks, too."

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!