Credit Union-Backed Proposal on Personal Data Security Advances

PEWAUKEE, Wis., Feb 26, 2008 (www.allCUnews.com) -- Wisconsin credit unions are applauding state lawmakers for advancing through the State Legislature two companion bills, AB 745 and SB 439, which aim to keep safer the personal data stored on credit and debit cards.

This legislation, introduced by State Rep. Brett Davis (R-Oregon) and State Sen. Bob Wirch (D-Pleasant Prairie), captured 43 co-sponsors with strong bi-partisan support during its initial circulation period at the capitol. AB 745 passed last week through the Assembly Committee on Financial Institutions by a vote of 9-1 and is expected to pass through committee in the State Senate on Wednesday.

"This legislation is just common sense. It has no effect on the state budget, but enormous impact on every consumer in Wisconsin who uses plastic cards for purchases," says Brett Thompson, President & CEO of The Wisconsin Credit Union League, the trade association for 260 not-for-profit, member-owned financial institutions.

He explains that sensitive authentication data from credit and debit cards is often retained without cardholders' knowledge and lost by companies who, by the credit industry's existing standards, shouldn't have collected and kept it in the first place. Hundreds of millions of records of consumer information have been lost over the last few years, costing consumers and businesses billions of dollars and countless hours to sort out. The proposals advancing through the state legislature, however, would put the force of law behind industry standards dictating what information may be taken, transmitted and stored from a consumer's credit or debit card. Current law is silent on those matters.

For example, under the proposed law, merchants would be prohibited from retaining PINs or security codes after processing a credit or debit card transaction. If a merchant were to ignore the law and collect and keep that information and if the information were lost, the party responsible for that loss would be required to pay the costs to close consumers' accounts and re-issue cards. The party responsible for the loss would also be required to pay for steps that intend to prevent any ensuing fraudulent use of a consumer's personal information and cover certain costs enabling continued financial services to the card holder, such as notifying affected customers or crediting accounts for fraudulent transactions.

"Current law has allowed misbehavior related to payment card processing to go unchecked, and the result has been a tacit declaration of open season on consumers' private information," Thompson says.

He adds that nearly 75 percent of Wisconsin consumers support measures that would prevent merchants who accept plastic cards from keeping personal information after processing a transaction and which would require the breaching party to bear any restorative costs. Also supporting the proposals are the Community Bankers of Wisconsin, Wisconsin Bankers Association, the Wisconsin Insurance Alliance, CUNA Mutual Group and the Wisconsin Federation of Co-ops.

Credit unions - member-owned cooperatives - have a more difficult time offering attractive rates on savings and loans to members when they must bear the costs of a data breach. Data breach costs to credit unions totaled $77 million in 2007.

SOURCE Wisconsin Credit Union League

http://www.wcul.org