The time for credit card security reform is now – National Consumers League

During the busiest shopping time of the year – the period between Thanksgiving and Christmas – Target, one of America’s largest retailers, suffered the second biggest data breach in U.S. history as 40 million credit and debit cards were compromised. 

Americans assume that when they shop their personal financial information will be kept private and away from identity thieves. Unfortunately, that is not always the case evidenced by the more than 4,000 data breaches that have been reported since 2005, an average of more than one a day over the last nine years.

Consumer advocates hope that the scale of the Target data breach will serve as the impetus for much needed credit card security reform. The time for change is now. Although consumer’s financial information will never be 100% secure, there are things that can be done. Retailers can use advanced encryption technology and more secure firewalls. Credit card companies can encourage the use of “Chip and PIN” technology in their credit cards. Our politicians can pass legislation establishing a national data breach notification standard and urge the Obama Administration to explore incentives and penalties to encourage private sector businesses to better protect consumer data. These changes will not happen without pressure from consumers.

This week, a group of Democratic Senators requested that the Senate banking Committee hold hearings to examine cybersecurity practices. The letter, written by Senators Robert Menendez (D-NJ), Mark Warner (D-VA), and Charles Schumer (D-NY) stated, “We believe it would be valuable for the Committee to examine whether market participants are taking all appropriate actions to safeguard consumer data and protect against fraud, identity theft, and other harmful consequences, and whether we need stronger industry-wide cybersecurity standards.”

Changing and improving security standards will inevitably cost time and money. No one wants to foot the bill for needed innovations. Our lawmakers must capitalize on the current consumer awareness of the need for better cybersecurity and hold a congressional hearing to determine how businesses can better protect consumer data.

Consumer group applauds trio of Senators for requesting Congressional hearing to examine data security standards – National Consumers League

January 3, 2014

Contact: Ben Klein, NCL Communications, (202) 835-3323,

Washington, DC – The National Consumers League (NCL), the nation’s pioneering consumer advocacy organization, is applauding a trio of Senators who are asking for a hearing on the nation’s data security standards. In the aftermath of the recent Target data security breach affecting 40 million credit and debit cards, Senators Robert Menendez (D-NJ), Mark Warner (D-VA), and Charles Schumer (D-NY) have signed a letter requesting that the Senate Banking Committee hold a hearing “as soon as reasonably possible.”

“It is time that Congress examine our data security standards and determine how business can better protect consumers’ financial information,” said Sally Greenberg, NCL Executive Director. “When our personal information is compromised, not only does it have the potential to cost the consumer significant time and money, but it also threatens our confidence in the security practices of the companies with whom we share our information. There is more that businesses can and should be doing to ensure our sensitive information is protected. Congress can be very helpful in pressing for a far stronger set of policies to protect private consumer financial data.”

The Senators were prompted to pen the letter to Sen. Tim Johnson (D-SD), Chairman of the Senate Committee on Banking, Housing, and Urban Affairs, by the Target data breach, which took place at the height of the busiest shopping time of 2013, between Thanksgiving and Christmas.

In early December, just a few days before news about the Target data breach emerged, NCL released a white paper discussing the impact of data breaches on consumer vulnerability to fraud and the resulting loss of trust in the online economy. The NCL white paper included a number of policy recommendations to better protect consumers’ data including calling for a national data breach notification standard and urging the Obama Administration to explore incentives and penalties to encourage private sector businesses to better protect consumer data.

NCL’s letter to Sen. Johnson urges Congress to take a closer look at the problem and corresponding solutions at a hearing. Federal agencies like the Federal Trade Commission, cyber security experts and advocacy groups of NCL can offer concrete proposals to better protect consumer data.

To read the letter, click here.

To read the white paper, click here.


About the National Consumers League

The National Consumers League, founded in 1899, is America’s pioneer consumer organization. Our mission is to protect and promote social and economic justice for consumers and workers in the United States and abroad. For more information, visit

Shoppers deserve trust and security from our biggest retailers – National Consumers League

By John Breyault, Vice President of Public Policy, Telecommunications and Fraud Imagine that you’re the CEO of Target today. As one of the 25 most admired companies in the world, consumers’ trust in your brand is paramount to your success. Over the past week you’ve learned that your company is the victim of one of the largest retail data breaches in U.S. history. Cyber thieves compromised 40 million consumers’ credit and debit cards. To add insult to injury, the breach happened during the height of the holiday shopping season – the most important month in your company’s calendar.

With every media story about the incident, each outraged consumer Facebook comment and critical tweet, that trust is eroded. It’s clear that Target is facing a public relations nightmare. How they react to this will determine how much faith consumers will continue to place in the brand. Unfortunately, the advice consumers are getting from the company so far is depressingly familiar: monitor your credit and debit card statements, keep an eye on your credit report and report irregularities promptly. This is the advice consumers hear after virtually every data breach. Are the increasing number of data breaches just something that consumers need to get used to?

In a recent article about the Target breach Mark Rasch, a former U.S. prosecutor of cybercrime said, “Most of these attacks are just a cost of doing business,” As advocates for consumers, we categorically reject the notion that the status quo is an acceptable outcome. We must not accept a marketplace where consumers are asked to make ever more data available to more entities but are stuck with the consequences when those entities fail to protect our data. We think that the government and private sector can and should do more to protect the vast amounts of sensitive data that they are collecting from consumers. This is not a new issue.

For decades, data security experts have discussed ideas about how to improve the situation. At its core, consumer and business data is the focus of a never-ending arms race between those that want to protect consumer data and those that want to steal it for fraudulent uses. Just as no bank can ever be 100% secure from a robbery, no data can ever be 100% secure from a breach. However, consumers should be able to rely on a certain basic level of data security. Unfortunately, that is exactly what we lack today. Shockingly, there is no one law in the U.S. that mandates the steps businesses should take to protect their customers’ data. Instead, consumers are reliant on precedents set by Federal Trade Commission enforcement actions.

Since 2000, the FTC – under it’s “unfair and deceptive acts or practices” authority — has brought nearly fifty data security cases against companies whose data security practices (or lack thereof) have put consumers at risk. However, that authority could be taken away if the FTC loses in two closely watched court cases. Should the FTC lose, consumers will be left without one of the most important watchdogs in this fight. Consumers should not be left to fend for themselves against the legions of sophisticated and organized data thieves. The Target breach, and the daily smaller breaches that go unreported should serve as a wake-up call for legislators and regulators that data security reform is urgently needed.

FTC Chairwoman Edith Ramirez speaks at National Consumers League event on identity theft – National Consumers League

December 16, 2013

Contact: Ben Klein, NCL Communications, (202) 835-3323,

Washington, DC – Speaking at a National Consumers League event on identity theft, FTC Chairwoman Edith Ramirez said Thursday that more can be done by the private sector and government to protect consumers and businesses from identity theft.

“It’s clear to me that we need to do more,” said Ramirez, who called for the government to make sure “small and medium sized companies know what they need to do and really understand the importance of data security.”

Chairwoman Ramirez was joined by former FTC Chairwoman Deborah Platt Majoras in giving keynote remarks at the event yesterday. Majoras served as founding co-chair of President George W. Bush’s Identity Theft Task Force from 2006-2008, leading a major campaign by the federal government to address the growing threat of ID theft.

The two officials joined experts in consumer protection and data security to discuss the growing problem of identity theft, which affected 12.6 million Americans in 2012. Fraud and identity theft have topped the list of FTC consumer complaints for 13 straight years. Although policymakers have taken strides to cut the incidence of these online crimes, the threat remains: every three seconds, a new American becomes a victim of identity theft.

“This event helped to focus attention on the continuing challenge of protecting consumers from identity theft,” said Sally Greenberg, executive director of the National Consumers League. “Government at all levels, along with law enforcement, have taken steps to help protect consumers from identity theft, but more must be done. We thank Chairwoman Ramirez and former Chairwoman Majoras for joining us to discuss the task of protect consumers from identity thieves and online fraud.”

The event coincided with the release of a new National Consumers League policy paper entitled “The State of Identity Theft in 2013.” The policy paper, authored by John Breyault, NCL’s Vice President of Public Policy, Telecommunications and Fraud, discusses the measures that have been put in place to protect consumers, and puts forward specific policy recommendations to improve identity theft protections for the future.

“We have taken important steps over the past 15 years to help protect consumers from identity theft,” said Breyault. “But policymakers, advocates and the general public must work to stay ahead of identity thieves and reduce the risk of identity theft. We hope this week’s discussions will be an impetus for further action against online identity thieves.”

Watch a video of the event on the National Consumer League’s YouTube channel.


About the National Consumers League

The National Consumers League, founded in 1899, is America’s pioneer consumer organization. Our mission is to protect and promote social and economic justice for consumers and workers in the United States and abroad. For more information, visit

Did you know another American falls victim to ID theft #every3seconds? – National Consumers League

By John Breyault, Vice President of Public Policy, Telecommunications and Fraud

NCL’s “State of ID Theft” Conference To Put National Spotlight on Continuing Problem

For thirteen years, the crime of identity theft has generated more complaints to the Federal Trade Commission than another other fraud. In 2012, more than 12 million Americans were affected by identity theft, costing the U.S. economy $20.9 billion. Every three seconds, a consumer’s identity is comprised by this pernicious crime.


Seven years ago, President George W. Bush, recognizing the seriousness of the threat of ID theft, created the federal Identity Theft Task Force. Made up of eighteen federal agencies, the task force was charged with implementing a range of recommendations to address the threat of ID theft. The task force made thirty-one recommendations, from reducing the use of Social Security Numbers by federal agencies, to improving coordination by law enforcement, to passing a national data breach notification standard, to name a few. The implementation of these recommendations by the federal government, as well as improved anti-fraud procedures in the private sector, have done much to make life harder on ID thieves.

Despite these advances, ID theft is still a major threat to consumers, business and the government. According to one conservative estimate, more than 1.1 billion records have been comprised by identity theft. Data breaches, which put information on millions of consumers in the hands of fraudsters, are still occurring at a rate of at least one per day.

Just as troubling, it appears that we may be on the cusp of a new wave of ID theft. With ever larger amounts of data being collected about consumers by government and the private sector, data breaches become more likely. Identity thieves are shifting towards scams that are harder to detect, such as tax-related ID theft and medical ID theft. And the criminal themselves — often located overseas — are becoming more professional and organized.

How will these new factors affect consumers’ vulnerability to identity theft? What can we learn from the last seven years of fighting this problem? What should consumers expect from regulators, law enforcement and the private sector as this crime evolves?

To examine these and other questions, the National Consumers League will be hosting our first State of ID Theft conference on December 12 in Washington, DC. The event will bring together some of the brightest minds in the country for panel discussion examining the continuing threat of ID theft and what can be done to better protect consumers. Headlining the conference will be a lunchtime conversation between FTC Chairwoman Edith Ramirez and Former Chairwoman Deborah Platt Majoras, who co-chaired the federal Identity Theft Task Force from 2006-08.

Registration is free but space is limited. Please RSVP here. For more information please contact John Breyault at