On the same day Apple unveiled a new mobile payment system, regulators warned Capitol Hill about the hazards of non-bank companies having access to financial data.
"Ironically," regulators said Tuesday, Home Depot also confirmed the theft of banking data from millions of customers.
Apple says their payment system is designed to be more secure than the one Home Depot uses, but it is also one more company with access to your financial data that’s not subject to government oversight.
In order to stop thieves from hacking into bank accounts there are several government agencies checking to make sure banking technology is up to date and accounts are secure.
Companies like Target, Home Depot, and Apple don’t have those same watchdogs.
“We’ve all got one hand tied behind our back," Daniel Tarullo, a governor of the Federal Reserve System, told a Senate Hearing Tuesday.
Tarullo told lawmakers he and other federal regulators are concerned that retail companies do not face the same scrutiny that banks do, even though they manage the same data.
"Among the many things we need to do in this area is to get a set of expectations as to what non-financial companies are expected to do for protecting the very same information," Tarullo said.
Not only is there no one overseeing retailers' ability to protect consumer data, retailers also don’t bare the costs associated when breaches do occur.
After a security breach, banks have to reissue credit and debit cards while monitoring for illicit transactions. Small banks and credit unions shoulder a disproportionate share of that cost.
“It’s really an issue of leveling the playing field in terms of the requirement between banks and non-banks, in this case, retailers,” Tarullo said.
For last year's Target breach, credit unions in New York and Connecticut paid almost $1.5 million. Credit unions say that cost was passed along directly to the consumer and didn't affect Target's bottom line at all.
Both community banks and credit unions are pushing to make non-bank companies subject to the same rigors banks are.
“We are talking about shifting that responsibility and encouraging them to take action that will prevent the breaches from happening in the future,” said Jill Nowacki, President of the Credit Union League of Connecticut.
So far federal legislation has not been drafted.
Banks and credit unions have sued Target in federal court claiming negligence. On Monday, Target said the case should be dismissed because they are not liable. Target argued merchant banks, like Visa and Mastercard, are the ones who process transactions.
