Newsroom

NAFCU Vice President of Legislative Affairs Brad Thaler urged the leaders of the House and Senate to review a report that showed four out of every five global retailers – 80 percent – fail to meet widely accepted Payment Card Industry (PCI) data security standards.

The Verizon 2015 Payment Card Industry Compliance Report also found that out of every data breach it studied during the past ten years, every company in question also failed to meet PCI standards when the breach occurred.

"This should cause serious pause among lawmakers as failing to meet these standards, exacerbated by the lack of a strong federal data safekeeping standard, leaves merchants, and therefore consumers, more vulnerable to breaches," Thaler wrote.

Thaler also noted the report's finding that EMV cards in other countries have not served as a "silver bullet" in presenting fraud; rather, they lead fraudsters to find other means. "The report shows that once EMV use increases, criminals shift their focus to card not present transactions, such as online shopping," Thaler wrote. "NAFCU has long argued that any technology standards must be accompanied by strong data safekeeping standards for merchants akin to what credit unions comply with under the Gramm-Leach-Bliley Act (GLBA)."

NAFCU continues to press Congress for action on national data security and breach notification standards for merchants.