Products & Releases

Merchants Set Record Straight on Cybersecurity and Payments

RILA, NACS, NRF, NGA, FMI and MAG send letter to Credit Unions

Arlington, VA – Today, the Retail Industry Leaders Association (RILA) and a group of merchant associations sent a letter setting the record straight on the state of cybersecurity in our country and how the payments system works in a letter to the Credit Union National Association (CUNA) and the National Association of Federal Credit Unions (NAFCU). The letter dispels many misconceptions the credit unions have been driving regarding recent cyber-attacks and the response by retailers and financial institutions. The letter was sent by the CEOs of RILA, the National Association of Convenience Stores (NACS), the National Retail Federation (NRF), the National Grocers Association (NGA), the Food Marketing Institute (FMI) and the Merchant Advisory Group (MAG).

The full letter:

Excerpts from the letter:

Bank Breaches Common

When the 2014 Verizon Data Breach Investigations Report analyzed 1,367 data-loss incidents last year, they found that 465 (roughly 34 percent) took place at financial institutions, while fewer than 150 (less than 11 percent) affected retailers. Furthermore, the recent breach at J.P. Morgan Chase & Co. – one of the largest financial institutions in the world – is reported to have compromised the information of some 76 million households and 7 million businesses. And, as the USA Today reported on its front page October 20, ‘Federal officials warned companies Monday that hackers have stolen more than 500 million financial records over the past 12 months, essentially breaking into banks without ever entering a building.’”

Credit Unions Lag Behind:

“According to the Credit Union Times, more than half of all credit unions are expected to miss an October 2015 date to issue cards equipped with chips. In discussing the migration to payment cards with chips, Barney Moore, manager of card consulting services for Card Services for Credit Unions (CSCU), an association of credit unions affiliated with payment processor FIS, recently told the Credit Union Times, ‘it seems unlikely that they [credit unions] will have gotten it done by next October.’”

Credit Unions on the Sidelines:

“The Merchant-Financial Services Cyber Security Partnership is a collaborative effort that has brought together more than 250 executives from all segments of the merchant and financial services communities to work with their peers to protect their shared customers.

Unfortunately, while retailers, restaurants, convenience stores, hotels, national banks, card networks and community banks have joined the Partnership, one constituency has still not seen fit to participate: credit unions. It is past time we started working together for the greater good of America’s consumers.

Woefully outdated Card Technology:

“The volume of cyber-attacks has become particularly intense because the antiquated and woefully inadequate magnetic stripe technology still in place today. As issuing banks in nearly every other G-20 nation have migrated away from this 1960s-era technology to a substantially more secure technology, known as Chip-and-PIN, cybercrime and fraud have migrated to the United States.”

Merchants Pay for Fraud:

“A 2013 study by the Federal Reserve looked at fraud instances associated with use of debit cards and found that retailers do share the costs incurred as a result of card fraud. In fact, costs were shown to be borne almost equally among retailers and card-issuing institutions.”