Protecting Consumers is Our First Priority

By law, regulation and the rules of the payments networks consumers have “zero liability” for unauthorized transactions – whether credit or debit card. Banks must swiftly reimburse customers, go beyond legal requirements to meet consumer needs, and are examined by regulatory agencies for compliance with legal requirements.

Fairer and More Effective Allocation of Breach Costs is Essential

Banks pay for most of the fraud caused by data breaches. In addition to losses from unauthorized transactions, banks incur costs to replace cards ($5 to $15 to per card), monitor accounts, and handle customer inquiries and claims. Banks get pennies on the dollar from the breached entities. A fairer and more effective way of allocating these costs must be found.

The Industry is Moving Toward Better Technology 

Extensive efforts are under way to improve card security. Adoption of EMV (chip-based technology) is scheduled by October 2015 for merchant point-of-sale and issuer chip cards. EMV technology improves current security by helping to prevent potential fraud at the cash register and it should be adopted. Although some in the retail industry have advocated mandatory adoption of Chip plus PIN technology, this is not a silver bullet – for example, it would not address on-line security (where the bulk of fraud has migrated).

This means that security measures must continue to evolve and policymakers should not mandate or embrace any one solution or technology as the answer to all concerns. Other solutions are in the works, such as “tokenization,” which adds additional security by generating a separate number for each card transaction rather than using numbers from the credit card. As the threat evolves, so too must our efforts to combat fraud and data theft that harm consumers.

Protecting the Payments Systems is a Shared Responsibility

The payment system is made up of a wide variety of players, financial institutions, card networks, retailers, processors, and new entrants. Protecting this system is a shared responsibility of all parties involved and all must invest the necessary resources to combat increasingly sophisticated breach threats.

A National Data Protection and Notification Standard is Essential

Banks already must comply with federal requirements to protect data and notify customers of breaches. Merchants are not subject to comparable federal requirements. A national standard for data security and breach notification is critical, and we strongly support legislation in the House and Senate similar to S. 1927, the Data Security Act of 2014.