WASHINGTON — Bankers weren't the only industry irked when credit union leaders "Hiked the Hill' during CUNA's GAC conference this year.
The Retail Industry Leaders Association took a swipe at CUNA and the CU community on Wednesday releasing a statement charging that credit union lobbyists have suddenly "changed their story."
Jim Nussle, CUNA's president and CEO, wasted no time in firing back with a statement of his own, charging retailers with "playing shell games over merchant data breaches" and saying RILA is attempting to seize on a "nuance" to distract from the "real problem."
A day of snippy words began with a press release by the retailers' trade group noting that America's credit unions are "out with their new talking points" at GAC this year, which included what RILA described as a "major shift in strategy."
CUNA is "now claiming that [CUs] are reimbursed too slowly by retailers following data breaches, while in the past they claimed not to be reimbursed at all," RILA wrote. "This is not the first instance of credit unions expressing concern over cash flow. CUNA is the same organization, after all, that issued a report last year in which they noted their fear of continued job growth because it meant lower loan delinquency rates ( i.e. less money for them to collect)."
The RILA statement went on to bring up EMV cards, noting, "Inexplicably, nowhere does CUNA express a willingness to advocate for what data shows their customers really want: more secure "chip-and-PIN" payment cards."
The retailers' association used a statement former CUNA CEO Bill Cheney made in January 2104, juxtaposed with a quote from last week by Ryan Donovan (CUNA's chief advocacy officer) to assert CUNA is making two different "claims." The Cheney statement referenced the Target breach and the fact CUs have not been reimbursed for their expenses. The Donovan statement said the reimbursement process is too slow.
RILA's position: Visa and MasterCard control reimbursements via contractual agreements.
Nussle issued a terse statement that afternoon noting CUs still have not seen a dime from either the Target or Home Depot data breaches.
"We're 15 months from the Target breach yet credit unions have received nothing in terms of reimbursement. The same goes for the Home Depot breach. The merchants responsible for the largest breaches over the last two years have paid absolutely nothing while credit unions have had to pony up at least $90 million to cover the costs for merchant data breaches.
Now, the same day that retailers are playing shell games over merchant data breaches, a Verizon report found that a staggering 80% of merchants aren't even following the industry card security standards, meaning this is a problem sure to repeat itself.
The retailers are using a nuance in talking points to distract from the real problem: retailers are not protecting consumers' data, face no legal requirement to do so and get to watch as others fix the problems they create. The American public loses when the folks left holding the bag for merchant data breaches are the card-issuing credit unions and banks.
Consumers will benefit if the retailers would start following the industry security standards and support a strong federal data protection law that codifies a requirement that those who accept cards for payment follow the same standard as those who issue cards for payment."