Credit Unions, Retail Groups Finger-Pointing On Payment Security

A volley of accusatory news releases and letters to Congress between groups representing major retailers and credit unions has erupted, with each side accusing the other not doing enough to defend against cyber attacks and other payment card data threats.

It started with a letter sent to the chairman of the House Homeland Security Committee by two groups representing credit unions—the Credit Union National Association (CUNA) and the National Association of Federal Credit Unions (NAFCU)—where the credit unions said retailers are immune from many federal rules data breach disclosure rules that control credit unions and that retailers need to be held to the same requirements, according to an ARS Technica story.

Retail groups—the Retail Industry Leaders Association, National Association of Convenience Stores, National Retail Federation, National Grocers Association, Food Marketing Institute, and the Merchant Advisory Group—shot back that it is credit unions who are security lax, given their lack of support for EMV and for not having joined a group called the Merchant-Financial Services Security Partnership.

NAFCU CEO and President Dan Berger shot back: “We will join their partnership when retailers and merchants begin properly protecting consumers’ data and investing in the technology necessary to do so.”