House of Cards
Financial Services Companies Lobby Congress Amid Public Anger Over Credit Card Privacy Breaches
On the heels of another security breach of sensitive consumer data, financial services lobbyists say measures to quell identity theft and electronic fraud are gaining in momentum.
Last week, industry giants MasterCard and Visa disclosed that the credit card data for as many as 40 million consumers may have fallen into the wrong hands. This report followed several other well-publicized breaches of electronically stored information, ranging from credit card data to Social Security numbers.
Reeling from all the negative publicity, lobbyists for the financial services sector have mobilized, taking their cues from lawmakers on a variety of Congressional committees, including Senate Banking, Senate Judiciary, Senate Commerce, House Financial Services and House Energy and Commerce.
Many lobbyists and Congressional aides said that even the most recent case of compromised credit card data is, by itself, unlikely to drive the agenda. But they added that the near-constant stream of bad news on consumer privacy has raised awareness among constituents — and lawmakers.
Lobbyist Terry Haines, a former chief counsel and staff director of the House Financial Services Committee said, “I think people were moving forward, but it really galvanizes interest when you have such a large consumer” glitch. Haines does not represent Visa or MasterCard.
MasterCard’s top in-house lobbyist, Joe Rubin, did not return calls or e-mails seeking comment. But Congressional aides said that Rubin and his team have been keeping active schedules on Capitol Hill on both the House and Senate sides.
Lobbyists for banks and other financial services companies say they have spent the early part of this week gathering intelligence and getting a better sense of what the Hill may be interested in.
Andrew Gray, a spokesman for the Senate Banking Committee, said that MasterCard representatives were scheduled to meet Tuesday with committee staff so that aides can “get a full understanding of what happened” during the recent breaches.
Gray said that prior to the developments last week, the committee had been examining what, if any, additional measures could be enacted to help protect consumer data. The banking committee also held hearings earlier this year into a data breach involving ChoicePoint Asset Company.
“These are complicated laws that we’re talking about, and we want to make sure if we do anything, we’ll do it the right way,” Gray said. He added that the Banking Committee plans to hold additional hearings after the July Fourth recess.
John McClelland, press secretary to Rep. Deborah Pryce (R-Ohio), said that his boss, who is on the Financial Services Committee, has long been active on data security matters.
“People expect us to do our part to change the situation,” he said. “People are becoming much more concerned about it.”
McClelland said that Pryce and her team, as well as other financial services members, are “in the drawing stages” of legislation that would address identity theft and data security.
Her legislation would set a national standard for what constitutes a “data security breach” and how and when financial institutions should notify their customers to a potential violation, McClelland said.
Another component of Pryce’s draft legislation, McClelland said, would place greater responsibility on third-party companies, such as DataSystems Solutions, the company that has acknowledged not following proper protocol and possessed the credit card data that was compromised by computer hackers.
The big credit card companies have big teams of lobbyists on retainer. MasterCard’s outside lobbyists include Jeffrey Peck of Johnson, Madigan, Peck, Boland, Dover and Stewart in addition to a team from the Smith-Free Group. Visa retains Thomas Quinn and his colleagues at Venable, as well as Timmons and Co. and Wexler and Walker Public Policy Associates, among others.
By contrast, companies such as CardSystems Solutions have cut a low to non-existent profile so far in Washington, D.C., and no one from the company returned calls seeking comment.
McClelland added that Pryce’s legislative effort would be focused more on consumers than on banks and financial services companies. For one, her bill would most likely call for an entity other than a consumer to monitor their credit in the event that data is compromised, he said.
“It should not be the consumer’s responsibility to clean up the mess,” he said.
Pryce’s bill is expected by August.
In the meantime, Kevin Schweers, spokesman for the House Energy and Commerce Committee, said Committee Chairman Rep. Joe Barton (R-Texas) is “in the final stages of crafting what he hopes will be a bipartisan plan to address many of the issues raised in the case of lost or stolen data.”
Barton, along with Rep. Ed Markey (D-Mass.), is a co-founder of the Congressional Privacy Caucus.
Susanna Montezemolo, an advocate with Consumers Union, said that as more Americans become potential victims of identify theft, Congress will be under greater pressure to act.
“We’re finding that consumers are absolutely outraged,” she said. “People are calling, people are writing, people are angry. Every time one of the new breaches happens, we get more calls, more hits on our Web site.”
Montezemolo added that Consumers Union is pushing for minimum security standards, such as the use of encrypted data, that would make it harder for hackers to obtain and use stolen sensitive information. The group also wants consumers to have control over their personal financial information so that people could put freezes on their credit file and credit score.
Her group also supports tighter regulations for third-party companies such as CardSystems Solutions.
“That third party has much less incentive to protect our privacy,” Montezemolo said. “That’s why we need legislation.”
Montezemolo said Consumers Union has worked closely with Sen. Dianne Feinstein (D-Calif.) on a bill she has introduced that concerns notifying customers who are potential fraud victims.
“Every week there’s a new breach, and this time it’s millions,” Montezemolo said. “That’s why this is a powerful issue. It cuts across party lines.”
Liz Treanor Oesterle, government relations counsel for the National Retail Federation, said the issue is also important to retailers, who sometimes end up eating the cost of goods purchased from stolen cards. “We hope that Congress will look at it from all those angles when they formulate any policy,” she said.
Andrew Barbour, a lobbyist at the Financial Services Roundtable, said that although identity protection and data security had already gained significant steam on Capitol Hill before last week’s announcement, “it certainly doesn’t calm the waters. The frequency is compelling Members toward action.”
But Barbour added that “there are no bills introduced right now that we think adequately address the issues.”
Barbour’s group, which represents 100 leading financial services companies, supports a uniform national standard for potential fraud notification, he said.
“When there is a breach and there is significant risk of harm to one of our customers, we want them to take steps to help mitigate fraud and ID theft,” he said. “Over notification and diminishing the impact of those notices is a real risk. It’s as big of a risk as having no notice.”