ICYMI - CBA: Congress must act against cyber crime

 

By Richard Hunt, Frank Keating, Jim Nussle, Tim Pawlenty, Camden R. Fine, B. Dan Berger and Jim Aramanda

When consumer expectations don’t match reality, things can go terribly wrong.   

Americans expect companies with which they do business to protect their sensitive personal and financial data.  Yet, the reality is American consumers are under constant threat of identity theft and fraud due to lax security practices that leave the door open to cyber criminals.   

Based on recent press reports, literally hundreds of millions of debit and credit card accounts have been compromised at major retail locations.  It is important to remember that behind each of these compromised accounts are everyday Americans who now have to deal with the raw and frightening consequences of having their virtual identity stolen.  In 2014 alone, criminals stole $16 billion from more than 12.7 million fraud victims and, not surprisingly, two-thirds of those victims can be traced to data breaches.  The stakes are high.  And consumers are paying the price. 

In some sectors, where the nature and sensitivity of consumer data has always been obvious, such as banking and health care, Congress long ago aligned consumer expectations with federal requirements to keep customer information safe.  The reality of today’s interconnected, data-driven world means other less-obvious sectors like retail handle and store much of the same sensitive data. 

As is often the case, technology and innovation have far outpaced the existing body of laws and regulations designed to keep consumers safe.  Expectations that sensitive personal and financial data is being kept safe are not being met, and Congress needs to act. 

Despite the alarming rise in the number and sophistication of cyber threats and merchant data breaches, no federal standard for protecting consumer data at retailers and other firms that handle sensitive financial information exists.  Sens. Roy Blunt (R-Mo.) and Tom Carper (D-Del.) and Reps. Randy Neugebauer (R-Texas) and John Carney (D-Del.) have stepped in to help.   

With approximately 200 million electronic payment transactions daily – 2,300 transactions per second – Blunt, Carper, Neugebauer and Carney want to ensure a customer’s sensitive personal and financial information are secure at every point in the payment process.  That is why they have introduced S. 961/H.R. 2205, the Data Security Act of 2015 – bills that provide a reasonable, flexible and scalable solution to better protect consumers and their hard-earned money.   

These bills recognize today’s savvy cyber criminals are seeking out the weakest link in the payment system.  Businesses of any shape and size are susceptible to breaches that can result in drained accounts, racked up credit card bills, and stolen identities.  That’s why these measures are modeled after existing law that provides a successful framework used by the financial sector, a diverse industry in which one-size-fits-all regulations rarely work.  Rather, the standards can be tailored to avoid unnecessary burdens on small businesses and take into consideration the size, scope, and type of financial information businesses hold. 

When it comes to ensuring consumer expectations of data security are met, “bank-like” should be the baseline standard by which other industries are measured.  Securing consumer information should be a priority for every industry.  Blunt, Carper, Neugebauer and Carney have adeptly crafted bills that would ensure all parties in the custody of sensitive consumer information take reasonable precautions to protect this information before a breach occurs.  It’s time to do what’s best for consumers.  We urge everyone involved in the payment system and entrusted with consumers’ financial information to rally behind effective legislation to better protect consumers and strongly support the Data Security Act of 2015.  

Keating was the Republican governor of Oklahoma from 1995 to 2003 and is currently president and CEO of the  American Bankers Association; Hunt is president and CEO of the Consumer Bankers Association; Nussle was Republican congressman from Iowa from 1991 to 2007 and is currently president and CEO of the Credit Union National Association; Pawlenty was Republican governor of Minnesota from 2003 to 2011 and is currently president and CEO of the Financial Services Roundtable; Fine is president and CEO of the Independent Community Bankers of America; Berger is president and CEO of the National Association of Federal Credit Unions; and Aramanda is president and CEO of The Clearing House. Their organizations are members of the Financial Services Data Security Coalition.

###