Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Retailers accuse credit unions of talking smack about card breaches

From: InfoSec News <alerts () infosecnews org>
Date: Fri, 31 Oct 2014 10:40:02 +0000 (UTC)
http://arstechnica.com/security/2014/10/retailers-accuse-credit-unions-of-talking-smack-about-card-breaches/

By Sean Gallagher
Ars Technica
Oct 30, 2014
Reeling from the bad press associated with an ongoing parade of data breaches caused by criminal infiltration of their payment systems, representatives of six retail industry associations signed a joint open letter that pushes back against a vocal critic of retailers' cyber-security practices—credit union associations.
In the letter addressed to the presidents of the Credit Union National Association (CUNA) and the National Association of Federal Credit Unions (NAFCU), retail industry representatives accused the associations of spreading “a number of misleading and factually inaccurate points… in the media and before Congress in regards to the cyber security in our country.” The industry group executives insisted that retailers already share the burden of dealing with the cost of lost data—at least to the degree that they are contractually obliged by credit card organizations. But given how much they actually do pay, the retailers may protest too much. 


Unsafe at any register
The letter is a direct response to comments made in a letter to House Homeland Security Committee chairman Rep. Michael McCaul (R-TX) by Carrie Hunt, the NAFCU’s senior vice president of government affairs, posted on October 28. In her letter, Hunt called out the retail industry for not carrying enough of the burden associated with the loss of customers' financial data.
While credit unions and other financial institutions are subject to strict standards and regulations on handling sensitive customer financial data, Hunt wrote, “retailers and many other entities…are not subject to these same standards, and they become victims of data breaches and data theft all too often. While these entities still get paid, financial institutions bear a significant burden as the issuers of payment cards used by millions of consumers.” 

[...]


--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
Previous By Date Next
Previous By Thread Next

Current thread: