News

Credit Unions Bank on State Data-Security Laws

Groups push bills to protect payment card info, get retailer reimbursements

By Jaikumar Vijayan

June 4, 2007 12:00 PM ET

Computerworld - As an increasing number of states consider bills seeking to codify pieces of the Payment Card Industry (PCI) Data Security Standard into law, a common thread is emerging: the involvement of credit unions in pushing the legislation.

California legislators last week held a hearing on a bill that would set new data security and breach-notification requirements for all organizations processing credit and debit card transactions in the state. Businesses hit by breaches would also have to reimburse affected banks and credit unions for the costs of alerting customers and reissuing cards.

The chief proponent of the bill, which was introduced in the state assembly in February, is the California Credit Union League. The CCULs sponsorship of the proposal mirrors recent efforts by credit union associations to pass similar measures in Minnesota and Texas successfully in the former state and unsuccessfully in the latter. Burden of Breaches

The need for such legislation is being driven by the burgeoning costs that many credit unions are having to bear as a result of security breaches at merchants, said Keri Bailey, a lobbyist for the CCUL.

This is an issue of fundamental fairness, Bailey said. Right now, the burden is entirely on the financial institution. The federal Gramm-Leach-Bliley Act requires banks and credit unions that issue cards to do a whole lot to protect peoples data, she said. But the folks accepting this data [for transactions] have no skin in the game.

Individually, large and midsize credit unions can easily end up shelling out between $500,000 and $750,000 annually in breach-notification and card replacement costs, Bailey said. And those figures dont include any fraud-related charges, she noted.

Most credit unions are not-for-profit institutions, Bailey said. As a result, its harder for them to absorb the costs of responding to retail security breaches than it is for banks, she added.

The bill in California has goals similar to those of the Plastic Card Security Act that was signed into law in Minnesota two weeks ago. The requirements included in the Minnesota law and the California bill incorporate elements of the PCI standard, which was developed by the five major credit card companies.

Another PCI-derived bill was unanimously approved by the Texas House of Representatives in early May but didnt make it through that states Senate before the latest biennial legislative session ended last week.

Such measures are needed to prod retailers to become more serious about their data security practices, said Steve Rowen, an analyst at Retail Systems Alert Group, a consulting firm in Newton, Mass.

Comments ()

Additional Resources

WHITE PAPER

Forrester Consulting - Optimizing Users and Applications in a Mobile World

Solving application issues over the WAN requires careful consideration. Based on their independent research, Forrester Consulting offers recommendations on how to tackle application performance issues, insufficient bandwidth and the inability to quickly restore users in a disaster.

Read now.

WHITE PAPER

Enter the Security KnowledgeVault

Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

WHITE PAPER

Cut Communications Costs Once and for All

New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

Top Stories

Free Insider Guide

Excel 2010 Cheat Sheet: Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.

Security White Papers

Overcome Top 7 Admin Challenges of Active Directory: As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable,...
Insiders Can Ruin Your Company. Take Action.: Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in...
Top Solutions and Tools to Prevent Devastating Malware: Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring...
X-Ray of the PCI Process-4 Proactive Steps: This white paper from Forrester Research Inc., helps break PCI into understandable components. Security and risk professionals will gain knowledge and insight into...
Identity Governance: The Business Imperatives: This white paper describes the business challenges and opportunities that are driving interest in Identity Governance while discussing considerations your organization should make...

Security Webcasts

Live Webcast Playing Defense: Staying on Top of Your Disaster Recovery Game: When it comes to disaster recovery, rapidly growing data volumes, distributed computing models, and new technologies all combine to present an ever-changing playing...
Introduction to VMware vCenter Site Recovery Manager 5: Traditional disaster recovery solutions are often too expensive, complex and unreliable to meet business requirements. As a result, IT departments are hesitant to...
The Top Ten Secrets to Avoiding SAN Performance Problems: Maintaining peak performance while simultaneously addressing the root cause of SAN errors is challenging. Learn the most common SAN problems and explore new...
Deduplication Without Compromise: Go inside Quantum's scalable, high-performance, multi-protocol new DXi deduplication appliances, designed to make backup much more effective. Discover how the new future-proof DXi6700...
Director of Disk Products Discusses DXi6700: Discover how the new DXi 6700 series of deduplication appliances provide investment protection and a future-proof feature set, all while delivering fast, scalable,...
Playing Defense: Staying on Top of Your Disaster Recovery Game: When it comes to disaster recovery, rapidly growing data volumes, distributed computing models, and new technologies all combine to present an ever-changing playing...