The Washington Credit Union League (WCUL) in Federal Way, Washington is seeking to revive legislation that would mandate specific data protection controls on all merchants and third parties, such as Heartland. The bill (HB 1149) received its first hearing last Thursday in the Washington State House Committee on Financial Institutions and Insurance, according to a statement released by the WCUL.
But in reading between the lines, or actually reading the yellow highlighted one's below, it looks like the beginnings of a class-action lawsuit against Heartland in order to recoup "$20 per issued card," the "30 minutes of staff time" it takes to get it done, and monetary damages to reimburse the "reputational damages" incurred by the Financial Institution. They also state that "if someone's careless actions result in financial loss, they should have to pay for it" and that some institutions are reporting that "more than 50% of their card base has been affected" by the Heartland breach. All bad news for Heartland's ticker...and like they say, this may just be the tip of the iceberg...
But in reading between the lines, or actually reading the yellow highlighted one's below, it looks like the beginnings of a class-action lawsuit against Heartland in order to recoup "$20 per issued card," the "30 minutes of staff time" it takes to get it done, and monetary damages to reimburse the "reputational damages" incurred by the Financial Institution. They also state that "if someone's careless actions result in financial loss, they should have to pay for it" and that some institutions are reporting that "more than 50% of their card base has been affected" by the Heartland breach. All bad news for Heartland's ticker...and like they say, this may just be the tip of the iceberg...
FOR IMMEDIATE RELEASE
Contact: David Bennett - Washington Credit Union League
Office: 206.340.4828 Mobile : 425.221.1237
Latest Data Breach Causing Significant Harm to Washington ’s Consumers, some Financial Institutions
A credit union-written bill now before the state legislature encourages all financial institutionsto take extraordinary measures to protect consumers from identity theft and fraud.
FEDERAL WAY, WASH—The state’s credit unions have been prepared for tough times on behalf of their members for more than 75 years, but the latest whammy leveled on them may cause as much harm to some as the current national financial meltdown.
Last Tuesday’s revelation by third-party credit and debit card processing company and Princeton N.J.based Heartland Payment Systems, a company that completes about 100 million transactions per month on behalf of more than 250,000 merchants, disclosed that it had begun to receive fraudulent activity alerts last year from MasterCard and VISA. According to reports, all of the unauthorized transactions were applied to cards that rely on Heartland to process payments.
Heartland still does not know how long the breach occurred prior to its discovery and refuses to release the names of the merchants that contract with them, which deprives consumers who patronize those merchants the ability to be more vigilant in monitoring their credit and debit card accounts.
Some of the Washington’s financial institutions have reported that more than half of their card base has been affected by the breach.
Most credit union leaders believe that the effect during the initial days is just the “tip of the iceberg,” and have already begun to notify members, block accounts, reissue cards and numbers and provide ongoing fraud monitoring.
According to some industry insiders, fraudulent activity alerts began to arrive in mid-November, however because of liability reasons the alerts did not mention where the breach occurred. At least one has confirmed that counterfeit cards have been created from the stolen information and so far used in Florida and Mexico.
“The state’s credit union community is appalled, but unfortunately not very shocked by the immense size of the Heartland data breach,” said Washington Credit Union League President/CEO John Annaloro.
“In far too many cases, negligent data breachers do business as if they were immunized from liability when they fail to protect their customers’ personal information. In our view, if someone’s careless actions result in a financial loss to others, they should have to pay for it.”
In the past, it has been standard operating procedure following a data breach for credit unions to block accounts, reissue cards and numbers and provide ongoing fraud monitoring.
However, taking those aggressive steps to protect members from financial fraud and identity theft is becoming cost prohibitive because the frequency and size of data breaches is skyrocketing and costs the financial institution around $20 per card, depending on the extent of the action taken.
This number does not include costs associated with staff time, which can be as much as 30 minutes per card, or the negative reputational impact on the financial institution.
“While there are processes that are "supposed to provide" some reimbursement for fraud losses, the truth is that these processes only recoup pennies on the dollar,” (translation: we want more money) said Stacy Augustine, the Washington Credit Union League Senior Vice President in charge of government relations. “More importantly, the costs that are recouped don’t pay anything toward costs associated with a financial institution’s proactive steps to protect consumers from fraud and identity theft.”
Because of this, Washington’s credit unions have once again introduced legislation aimed at encouraging financial institutions to take extraordinary proactive steps to protect the state’s consumers from identity theft and financial fraud following a data breach. Like last year’s proposed bill, HB 1149 encourages financial institutions to take proactive measures to protect consumers by allowing them to sue negligent data breachers for the cost of aggressively protecting Washingtonians’ personal and private information.