The head of the National Association of Federal Credit Unions (NAFCU) is calling for better transaction security standards as the transition to EMV chip cards unfolds in the US. In a statement, Dan Berger called the transition to EMV cards “an important step in the process of data security,” but added, “it is not a silver bullet.”
Berger’s main contention is that merchants aren’t subject to the same regulatory standards regarding data security that financial institutions must adhere to. “Consumers will only be protected when every sector of industry, including merchants, issuers and networks, are subject to robust federal data safekeeping standards,” he said, adding that “NAFCU continues to urge Congress to modernize data security and cybersecurity laws to reflect the complexity of the current environment and insist that retailers and merchants adhere to a strong federal standard.” To that end, NAFCU is publicly endorsing a couple of new bills aimed at improving data security standards, called the Data Security Act of 2015, and the Cybersecurity Information Sharing Act.
NAFCU isn’t the only prominent group to weigh in on the EMV transition in this way; the FBI also recently issued a public service announcement outlining the limitations of EMV security. That statement was welcomed by the Electronic Payments Coalition, which also used the opportunity to decry merchants’ resistance to stronger regulatory standards in the realm of data security. Meanwhile, NAFCU notes that other security technologies are also coming into play to complement EMV chip security, such as tokenization, encryption, and biometric technology such as the fingerprint-based authentication used in major mPayment platforms.