Historically, credit unions have relied on debit card interchange fees to help make up for the cost of a merchant’s data breach. But legislation enacted by Congress last year would drastically lower these transaction fees and reduce credit unions’ ability to offer these cards. That’s because interchange fees would no longer cover the full cost that credit unions incur when administering card programs, including fraud protection, data breach and support costs.
That is why we are urging support for Senate Bill 575, a bipartisan measure introduced by Sens. Jon Tester (D-Mont.) and Bob Corker (R-Tenn.) to stop and study the impact of this legislation. The Debit Interchange Fee Study Act would delay the new limits on debit card fees by two years and require further study of the issue.
In the Washington area, many credit unions and their members will be impacted by the draconian cut in interchange fees. For example, Rick Wieczorek, president and chief executive of Mid-Atlantic Federal Credit Union, which serves Montgomery County, cites a potential loss of $600,000 annually based on these drastic limits.
Data security and fraud protection are critical and costly aspects of debit card transactions. In fact, a recent Javelin Strategy & Research study found that while identity theft fraud declined in the last year, debit card fraud grew significantly. Debit card fraud accounted for 36 percent of crimes committed with cards already in circulation in 2010, up from 26 percent in 2009.
According to a recent Symantec and Ponemon Institute survey, data breaches have grown more costly over each of the last five years. The average organizational cost of a data breach increased to $7.2 million and cost companies an average of $214 per compromised record, up from $204 in 2009. The study also found that breaches caused by negligence rose to 41 percent in 2010 and averaged $196 per record, up 27 percent from 2009.
To address these security challenges, NAFCU is recommending the following to Congress:
•Merchants should be accountable for costs of data breaches that result from their own negligence.
•Credit unions and other financial institutions are required to meet certain criteria for safekeeping consumers’ personal information. Retailers, merchants and others who collect and hold sensitive information should be held to a similar standard.
•Merchants should be required to post their data security policies at the point of sale if they take sensitive financial data.
•Consumers should be informed which business entities have been breached.
•The burden of proving a lack of fault should rest with the merchant or retailer who incurred the breach.
Unfortunately, if the legislation capping interchange fees goes into effect as mandated by July 21, credit unions and other small financial institutions will find it even more difficult to defend against data breaches, and retailers will remain “off the hook” for compromised customer data they have been careless in safeguarding.
Consumers must be protected.
Fred R. Becker Jr. is president and chief executive of the National Association of Federal Credit Unions.