A bill to standardized the data security and breach notification process for financial institutions has been approved by the House Financial Services Committee, despite pleas not to undermine the power of state regulators.
On September 13, 2018, the committee voted 32-20 to approve the amended Gramm-Leach-Bliley Act (GLBA), now the Consumer Information Notification Requirement Act (H.R. 6743). The existing breach notification standards have been systematically amended to require that all financial institutions notify consumers of a data breach, according to Big Law Business.
The vote to approve comes on the heels of members of the committee receiving a letter from the American Bankers Association, Consumer Bankers Association, Credit Union National Association, Independent Community Bankers of America and the National Association of Federally-Insured Credit Unions.
Writing on behalf of their members, the collective group advocated for Congress to move forward with enacting data breach notification legislation, specifically supporting “a flexible, scalable data protection standard equivalent to what is already in place for financial institutions under the GLBA.”
“Our existing payments system serves hundreds of millions of consumers, retailers, financial institutions and the economy well. Protecting this system is a shared responsibility of all parties involved and we must work together and invest the necessary resources to combat never-ending threats to the payments system,” the letter said.
Yet state regulators oppose the bill. “This bill would preempt state data breach notification laws and undermine state authority, limiting states’ ability to protect its residents and oversee state-chartered and state-licensed financial services providers,” wrote the Conference of State Bank Supervisors (CSBS).
While organizations may disagree over who should have the authority to legislate data breach notifications, the financial sector continues to be the target of cyber-attacks. According to a recent report from ThreatMetrix, 81 million cybercrime attacks occurred across financial institutions during the first half of 2018. The Digital Identity Network study found that of those attacks, 27 million were targeting the mobile channel in light of mobile banking adoption.
According to a September 12 press release from ThreatMetrix, “Financial services mobile transactions are growing globally, with China, South East Asia and India showing the strongest regional growth. Overall, the biggest threat in financial services comes from device spoofing, as fraudsters attempt to trick banks into thinking multiple fraudulent log-in attempts are coming from new customer devices, perhaps by repeatedly wiping cookies or using virtual machines.”