To: Interested Parties
From: NACS, NGA, NRF, RILA
Date: December 11, 2014
Subject: MEMO: The Credit Union National Association Fears Improved Economy
Report Highlights Concerns about Overdraft Fees, No Mention of Data Breaches
For several months, financial institutions have been taking to Capitol Hill and the op-ed pages to decry the "adverse impacts" of data breaches on their customers – and their own bottom line. This month, a report from the Credit Union National Association (CUNA) belies those statements and instead identifies a curious threat to financial institutions' revenue; the improved financial well-being of their customers.
From the Report:
"Credit quality will improve in 2014 and 2015. The overall loan delinquency rate will fall below 0.70% in 2015, below the long-run average of 0.75%, as job growth continues. Fast loan growth also will put downward pressure on both delinquencies and losses."
Since when is credit quality improvement a bad thing? When banks and credit unions make less money from their customers' delinquencies. They appear to be especially concerned about losing out on overdraft fees: "The CFPB's expected focus on checking/ODP [Overdraft Privilege] in 2015 puts a big income stream at risk, and continuing issues with overdraft revenue could prove challenging."
It is disturbing to find financial institutions' own internal documents suggest they care more about making a few extra dollars than about their customers' overall economic health. For most hardworking Americans, overdrafts are something to be avoided. For financial institutions in improving times, they are apparently a threatened 'a big income stream.'
Not mentioned as a source of financial losses in the report? Data breaches.
The report doesn't focus on losses from data breaches, perhaps because the authors know that merchants pay most of those costs.
Here are the real facts on data breach fraud:
• Merchants And Financial Institutions Split The Cost Of Fraud. A 2013 study by the Federal Reserve looked at fraud instances associated with use of debit cards and found that retailers do share the costs incurred as a result of card fraud. In fact, costs were shown to be borne almost equally among retailers and card-issuing institutions.
• Merchants Cover Fraud Costs Under Agreements With Card Networks. Merchants are required to compensate card issuers for any fraud that occurs as a result of a breach based upon an agreed upon formula that the card issuer has negotiated with MasterCard and Visa. See 6.4.1 ADC Operational Reimbursement Factors, MasterCard Account Data Compromise User Guide, July 22, 2012.
• Merchants Pay For Replacement Of Compromised Cards. By contract, card issuers are reimbursed for fraud losses and card reissuance costs based upon a formula agreed to by the card issuer and card networks even if no fraudulent activity has actually occurred on the card. For example, according to the MasterCard Account Data Compromise User Guide, under a formula that card issuers and MasterCard have agreed to, a small financial institution is reimbursed by the merchant at a cost of $2.69 per magnetic stripe card.
• More Secure Payment Technologies Like Chip-And-PIN Reduce Fraud Dramatically. Unfortunately, credit unions and their brethren don't want PIN numbers with new chip cards even though that is the formula that has proved successful in other countries around the world.
• PINs Make Transactions 700 Percent More Secure. A study by the Federal Reserve found that using PINs in debit card transactions reduced fraud by 700 percent.
• Chip-And-PIN Could Reduce US Fraud Losses By 40 Percent. "If the use of [chip-and-PIN] payment cards in the United States leads to a fraud loss pattern similar to the patterns seen in France, the Netherlands, and the UK, then U.S. fraud losses could fall by as much as 40 percent." (Richard J. Sullivan, "The U.S. Adoption Of Computer-Chip Payment Cards: Implications For Payment Fraud," Federal Reserve Bank Of Kansas City, First Quarter 2013)
• Credit Unions Are Lagging Behind On The Chip-And-PIN Transition. "More than half of credit unions will miss a key October 2015 deadline that requires credit cards to be equipped with EMV chips, according to executives with major payment processing organizations." (David Morrison, "Most Credit Unions Will Miss EMV Deadline," Credit Union Times, 8/1/14)