Eugene Foley, president/CEO of Harvard University Employees Credit Union, was recently invited to testify before the House Financial Services Committee as an expert witness on credit card data security. A series of conversations on this topic between the Massachusetts Credit Union League Inc. and Congressman Barney Frank, the ranking Democrat on the House Financial Services Committee, led to this invitation. Foley’s testimony was specifically aimed at explaining how credit unions and their members are impacted by breaches in data security. The hearing, “Assessing Data Security: Preventing Breaches and Protecting Sensitive Information,” was carried in its entirety on C-Span 2.
Credit unions recently have been impacted after security breaches at several retailers. Last month, CUNA Mutual Group filed a lawsuit against wholesale retailer BJ’s Wholesale Club for losses incurred by credit unions after a March 2004 security breach of customers’ credit and debit card information. This security breach by unknown hackers affected more than 40,000 credit and debit card numbers and related information, which the lawsuit contends were being stored by BJ’s Wholesale Club in direct violation to card association rules and regulations.
In his testimony, Foley stated, “While card issuers fastidiously comply with protecting sensitive account data, the resources they expend in this effort are squandered if merchants are not held to the same standard.” He proposed that the companies and associations that manage credit card networks should be required to notify cardissuing institutions immediately when a breach has occurred and that the institution should be obligated to pass that information on to the consumer. That information should include the time of the breach, the name of the merchant, and the location where the breach occurred.