Pub. 9 2014-2015 Issue 6

www.nebankers.org 8 Extraordinary Service for Extraordinary Members. I F 2014 WAS THE YEAR OF THE DATA breach, then 2015 may well be the year that Congress puts a national standard in place for data security and breach notification. That is our goal and our plan, but it will take bankers to make it happen. Data breaches have become a major security challenge for all—bankers, re- tailers, health care companies, and the government included. As Troels Oert- ing, head of the European Cybercrime Centre put it: “A burglar can only burgle one house at a time, but a cyber-criminal can rob 100million computers while he is sleeping from a distance.” Massive breaches of sensitive data at Target, Home Depot, and other retail- ers may not have been executed in the middle of the night, but the results were the same. They put millions of consum- ers at risk and cost banks hundreds of millions of dollars to reissue cards and make consumers whole after the attacks. In fact, an American Bankers Asso- ciation (ABA) survey last year found that more than 8 percent of debit cards and nearly 4 percent of credit cards were im- plicated in the Target breach, and banks reissued nearly every card implicated. That represents tens of millions of cards reissued in response to a single breach. Our survey also found that communi- ty banks experienced disproportionately higher costs in reissuing cards. Banks with less than $1 billion in assets spent just over $11 per debit card and $12.75 per credit card, including mailing, card production, and staff time, while the largest banks—those with more than $50 billion in assets—spent less than $3 per card. These costs, which will be repeated with each breach, are deeply troubling for all banks, but especially for community banks. We are using these survey results to help us make the case for change. Washington Update Email Frank Keating at keating@aba.com. © 2015 American Bankers Association. All rights reserved. Reprinted with permission. Targeting Data Breaches Frank Keating , President & CEO, American Bankers Association Doug Johnson, ABA’s top expert on cyber and data security, laid out argu- ments when he testified for banks at a Senate subcommittee hearing in Febru- ary. The day he testified, Anthem Inc., the second-largest health insurer in the nation, announced it had just been the victim of a major data breach. Hackers gained access to personal information on 80 million customers—including names, addresses, and Social Security numbers. With the Anthem breach as a back- drop, Johnson told senators that a national standard for protecting data and notifying customers of breaches was urgently needed to replace the cur- rent patchwork of competing state laws and regulations. He urged lawmakers to build on the framework already in place in the financial services industry to see that all parties with access to the payments system maintain the same high data security standards that banks do. He also noted that all those who participate in the payments systemneed to share equally in the cost of protecting consumers—with financial responsibili- ty resting on those who incur the breach. Retailers are resisting this kind of change, unsurprisingly. Instead of legislation that would hold them more accountable, they are trying to sell Con- gress on a chip-and-pinmandate. Never mind that security experts—including those who participated in a recentWhite House Summit on Cybersecurity—now agree that tokenization is the direction all must head. Our task as an industry is to persuade Congress of the right approach. High- profile data breaches have captured law- makers’ attention and interest. Now, as they approach legislating the issue, we must ensure they cast informed votes. You can help do this by sharing your story with your lawmakers. 