Retailers Fishing for Distractions Amid Data Security Push

Congress is an intentionally deliberative body. It was structured by our founders to ensure collective participation in shaping government policy, and sometimes that allows certain factions to disrupt the legislative process purely for their own self-interest. Such is the case with the retail industry sidelining the debate over data security by resuscitating tired and largely settled complaints over the transition to EMV chip technology.

As ICBA recently testified before the House Small Business Committee, community banks are in a good position to help small businesses make the switch to EMV technology. The transition itself has been underway since 2011. And the Oct. 1 liability shift has come and gone with banks and merchants diligently moving toward implementing EMV.

But rather than entering into a substantive dialogue about the limitations of chip technology and collaborating on further improving consumer security in an era of data breaches and cyber-threats, retail industry lobbyists have instead fixated on EMV quibbles and attempted to re-litigate the failed Durbin Amendment debit interchange price controls. To avoid the public spotlight on their own costly security lapses, retailers are serving red herring.

Don’t bite. Here are the facts: EMV is a positive step for consumers, but it is simply not a panacea for payment card fraud. While counterfeit card fraud will be successfully mitigated when a critical mass of card issuers and merchants migrate to EMV, fraudsters will shift to other fraud, such as online card fraud. The financial industry is, however, pioneering multiple layers of security technologies, such as end-to-end encryption and tokenization, to protect cardholder information in transit and online transactions. Meanwhile, Congress can take action now—I mean right now—to address the scourge of massive retailer data breaches affecting consumers and the broader economy.

The Data Security Act (H.R. 2205), introduced by Reps. Randy Neugebauer (R-Texas) and John Carney (D-Del.), would implement uniform national data-security standards in place of the current patchwork of state laws. This national standard for all entities that handle sensitive financial data—including merchants—would require robust data-security processes while at the same time being scalable and flexible to the size and risk profile of covered entities. In other words, the corner mom-and-pop deli won’t have the same level of scrutiny as multichannel retailers with massive databases of consumer information, like Wal-Mart, Target or Home Depot. But consumers themselves will be better protected than ever before.

Lawmaking is a justly deliberative process, but it should not be diverted by misleading and disingenuous arguments. If merchants do not want to meet the same kinds of security standards that have worked well for financial institutions, they should explain why they should not have to. But let’s not stall Congress with red herring distractions when, faced with rampant cyber-crime and data breaches, we have much bigger fish to fry.

Strike Zones, 60 Votes and the Interchange Amendment

When I was young I was a baseball player—a southpaw pitcher. I learned early on that each umpire had a slightly different variation on the strike zone. As a player and pitcher, there was nothing I could do about that. You could not complain, you could not whine, you either adjusted to it or you lost. It’s that simple. The only thing I hoped was that regardless of where each umpire set his strike zone, he would be consistent.

No one can say that the Senate is not consistent when it comes to the 60-vote rule. Once used only on the highest-profile votes, a 60-vote threshold for winning legislative measures has been the norm for more than a decade now. We all know that—we all know where the “strike zone” is. In the case of the interchange issue, we were not able to get the 60 votes we needed to win.

So now is not the time to whine or complain that the strike zone changed. It was consistent with the Senate’s modern idea of a majority. We just were not able to get the “strike out.” We came close, but in baseball and politics, close does not get it done.

So rather than complain about strike zones and supermajorities, ICBA will move forward—not back. We will find other ways to win this issue for our community banks—and ultimately we will prevail. Just like a good pitcher, you learn from your setbacks and you keep your eyes focused on the next batter. Because the object is to win the game.

Big-Box Stores Selling Smoke and Mirrors on Interchange

A recent Washington Post op-ed suggests that small businesses should be wary of the promises of big-box retailers. A study conducted by David Merriman and Joseph J. Persky found that a new Wal-Mart in a Chicago neighborhood contributed to the closure of up to 82 nearby independent businesses.

So it certainly seems odd that big-box retailers such as Wal-Mart are teaming up with small businesses to impose government price fixing on debit card interchange. While large retailers claim that government interference will help small businesses compete, their internal communications show other motivations. For example, a recent e-mail from a top official at Sears Holdings lamented efforts to delay debit interchange price fixing because it would mean $1 billion a month in lost revenue for merchants.

As the Merriman/Persky study demonstrates, this additional cash for mega-retailers won’t do small businesses a whole lot of good. What’s good for “big box” isn’t good for “mom and pop.”

Community banks, which are small businesses themselves, aren’t fooled by the claims on behalf of government interference in the debit card marketplace. The plan is simply bad news for community banks, small businesses and consumers, whether they are in Chicago or Main Street communities across the nation.

Merchants Having it Both Ways on Interchange and Fraud

A recent security breach helps demonstrate that when it comes to fraud and interchange price fixing, merchants apparently are looking to have it both ways.

The data breach at Michaels Stores affected stores in at least 20 states after fraudsters replaced PIN pads with fraudulent “skimming” devices. Of course, as I noted in an American Banker op-ed, while Michaels is responsible for the security failure, community banks and other financial institutions have to take the actual financial hit.

Thankfully, debit interchange revenue helps community banks quickly reissue debit and credit cards to customers to protect them against these types of fraud. Unfortunately, once the Federal Reserve’s proposed rule cuts debit interchange revenue to below the cost of providing the service, future fraud costs will be borne by consumers and the community banks that serve them—not interchange revenue or the retailers who fail to protect customer card data.

While merchants clamor for government price fixing of debit card interchange to boost their bottom line, they also count on financial institutions to provide fraud protection that is funded by interchange revenue when their stores are compromised.

Do you get my drift? This is yet another reason why ICBA is fighting for legislation to delay the Fed rule and study the interchange issue, so policymakers can catch on as well.