|[February 10, 2014]
NAFCU: Credit Unions Pay High Price for Data Breaches
WASHINGTON --(Business Wire)--
The National Association of Federal Credit Unions' (NAFCU) February Economic
& CU Monitor survey found that credit unions, and by extension
their 96 million members, are paying a high price for retailers' data
breaches. NAFCU estimates that the recent Target (News - Alert) data breach could end
up costing the credit union community nearly $30 million. Among those
surveyed, the average cost for the Target data breach was $45,000.
"The survey findings are staggering. Credit unions are being hit by a
double whammy in terms of numbers of possible data breaches and costs
while they continue to pick up the tab for retailers who are not subject
to the same high level of data security standards," said NAFCU Chief
Economist and Director of Research David Carrier. "It is ironic that
despite the ample rules in place to ensure data protection standards at
financial institutions like credit unions, merchants and retailers are
not held accountable for data breaches. Cybercriminals will continue to
capitalize on this double standard and wreak havoc with consumers and
NAFCU's Economic & CU Monitor on data security reported:
Respondents were alerted to a possible breach 263 times on average in
2013, and the average amount spent on data security measures was
Respondents reported an average of $152,000 for data breaches in 2013.
The median cost was $59,000.
The bulk of these costs were related to fraud losses and
investigations (46.7 percent), followed by reissue costs (34.4
percent) and monitoring costs (19 percent). Reissuing cards takes 7
days, on average, and costs $5 per card.
Almost half (42 percent) of respondents confirmed that their
reputation had been harmed due to a merchant data breach.
Survey respondents indicated that an average of 10,300 cards were
affected by merchant data breaches in 2013.
NAFCU was the first financial services trade association to weigh
in on this issue on Capitol Hill and urged Congress to take action
and set national data security standards for retailers and
merchants. Financial institutions, including credit unions, have been
subject to standards on data security since 1999 under the
Gramm-Leach-Bliley Act. However, retailers and other entities that
handle sensitive personal financial data are not. So, when a data breach
occurs, financial institutions bear a significant burden as the issuers
of payment cards used by millions of consumers.
NAFCU is urging Congress to pass S. 1927, the "Data Security Act of
2014," by Sens. Tom Carper, D-Del., and Roy Blunt, R-Mo. This bill
leaves intact the federal standards already imposed on financial
institutions and seeks to extend the protection further, by setting
national standards for all merchants and retailers to follow in
protecting data, providing timely breach notification and paying their
share of the clean-up when breaches occur.
NAFCU's Economic and CU Monitor is a member-only monthly
e-newsletter of the latest macroeconomic and financial trends affecting
today's credit unions, including trend data among NAFCU member federal
The National Association of Federal Credit Unions is the only national
organization that focuses exclusively on federal issues affecting credit
unions, representing its members before the federal government and the
[ Back To TMCnet.com's Homepage ]