Identity theft has been an increasingly serious problem for several years, something that’s unlikely to change soon. News stories about a data breach at some large retailer appear regularly, often affecting tens of thousands or even millions of customers. Last year there were almost 50% more data breaches than in 2013, a total of 1,500 separate attacks, more than four every day. The number of records lost or stolen grew by 78% from 2013 to 2014, to nearly one billion. On average, each data breach resulted in almost 700,000 records being compromised.
I have had my personal data ‘stolen’ twice, years apart from two different businesses and fortunately I didn’t have any negative impact other than minor inconvenience. Like most people, I assumed that merchants are responsible for the costs of fixing any problems caused by the data theft, but that’s not necessarily true. At my credit union, when they are notified of a third-party breach, they act “immediately to change account numbers and issue new credit and debit cards for members who were affected.”
However credit unions and other financial institutions often end up absorbing the costs of doing so because merchants are legally allowed to shift the costs of data breaches to others. Following the widely publicized data loss at Target two years ago, credit unions ended up paying over $30 million and issuing nearly five million new credit and debit cards to members. These costs are then passed along to the members, who had nothing to do with the problem (other than being a Target customer).
If this doesn’t seem fair, you can do something about it today. From my credit union:
“We’re calling on Congress to step up and protect credit union members by supporting The Data Security Act of 2015 (S. 961). This bill is a good start to addressing this critical issue by:
- Strengthening merchant standards to be comparable with those of credit unions.
- Mandating a federal notification requirement for merchants when breaches occur.
- Providing a floor for data security standards nationwide.
Overall, this bill represents the best attempt so far at legislation to stop merchant data breaches.”
Contact your U.S Representative and Senators and voice your for this important effort. The Credit Union National Association has also created an online tool to facilitate sending an e-mail to your federal elected officials.