Retailers and banks continue to trade barbs and throw blame at each other over recent security breaches -- this time in the nation's capital -- as news leaks that hotels are the latest to be targeted for cyberattacks.
The largest lobbying group for retailers told a Senate Banking Subcommittee on Monday that banks and retailers need to work together to prevent future data breaches, but that the retailers cannot do it alone.
"We have every reason to want to see fraud reduced, but we have only a portion of the ability to make that happen," testified Mallory Duncan, senior vice president and general counsel for the National Retailer Federation. "We did not design the (payments) system, we do not configure the cards and we do not issue the cards."
The industry group representing credit unions shot back with a letter to Congress saying that retailers need to bear the cost burden of these breaches since they often occur on their system. The National Association of Federal Credit Unions supports a national standard for protecting consumer information much like the Gramm-Leach-Bliley legislation requires of financial institutions. It also believes that retailers should be required to disclose when a breach happens on their watch.
NAFCU said that credit unions on average were notified more than 100 times of possibly breaches last year. Eight times out of 10, the credit union had to reissue a card, which costs the institution $5 to $15 per card. It estimates the Target breach -- which exposed 40 million credit and debit card holders' information and personal data of up to 70 million individuals -- could cost credit unions $30 million.
"None of this is going to stop. You're going to hear of more retailers having breaches in the next few months," says Dan Berger, president and CEO of NAFCU, in a Bankrate interview. "There's no incentive for (retailers) to change."
The Senate Judiciary panel is set to hear Target's CFO on Tuesday. On Wednesday, Target and Neiman Marcus representatives will testify before a House Energy and Commerce committee.
The hearings come after news of another breach has surfaced. This time, White Lodging Services Corp., which manages Marriott, Hilton, Sheraton and Westin hotels, reportedly suffered a card breach that started in March of last year. The Krebs on Security blog, which broke the Target and Neiman Marcus breaches, first reported the White Lodging hack on Friday.
White Lodging has not responded to requests to confirm or deny the breach.
As these breaches spread, have you been a victim of one or more? Tell me your story.
Follow me on Twitter: @JannaHerron.