Banks Use Misdirection When It Comes to Data Breaches

NACS counsel authors opinion piece highlighting how banking industry hides responsibility for breaches.

December 11, 2014

WASHINGTON – In yesterday’s issue of Roll Call, NACS counsel Doug Kantor published an opinion piece on banks’ use of misdirection when it comes to responsibility for data breaches. Kantor writes that the banking industry has taken a magician-like strategy of calling for data breach regulations on merchants, while making their own responsibility for card data disappear.

Although there are approximately 1,000 times as many retailers as banks in the U.S., banks experienced nearly three times as many breaches involving data losses last year, cited Kantor. Yet the banks still are not prioritizing security. As an example, Kantor cites the fact that credit card numbers are still embossed in huge characters on the front of cards and actual account numbers are still used, even though technology to encrypt them or substitute other data has existed for some time.

“In short, the banks and card companies have made merchants the target of data thieves by imposing a fraud-prone card system, then worked to convince everyone that breaches result from merchants’ failure to protect data, hoping no one will notice the real source of the problem,” Kantor says in the op-ed.

He goes on to write that the banks’ misdirection doesn’t end there: “Pointing to the Gramm Leach Bliley Act (GBLA), they sing the praises of their own data standards while neglecting to mention they suffer more breaches than merchants — and that GLBA regulations do not require them to notify consumers when the banks have a breach.” The regulations just say banks should investigate and, if they think consumers face risks, the banks should notify them. Yet, many consumers never know of a breach until it becomes public through the media — and they likely never will.

Advertisement
Advertisement
Advertisement