Merchants Oppose Poison Pill That Undercuts Competition, Main Street and Consumers

“Without debit reform’s competition-enhancing standards, banks would be free to return to the days of unfettered price fixing.”


Yesterday, Chairman Jeb Hensarling of the House Financial Services Committee gave a speech about his commitment to helping Main Street and ending government bailouts. Unfortunately, the draft bill he released later in the day does the exact opposite.

Section 335 of chairman’s Hensarling’s discussion draft of the “CHOICE Act” favors the interests of fewer than two percent of the nation’s largest banks and the credit-card brands over the interests of small retailers, their employees and consumers in every Congressional district in the country.

This bill would turn back reforms that created a freer market and prevented Visa and MasterCard from price-fixing the fees their member banks charge merchants when customers swipe a debit card to buy something. Rep. Hensarling would turn the clock back six years to when financial institutions operated this “swipe fee” business as a rigged market without competition.

The reforms Rep. Hensarling proposes to repeal also brought competition into the debit- routing market, where previously there was none. Repealing these reforms removes requirements for networks to compete and paves the way for network monopolies, reducing our payment security while raising costs for all American consumers and retailers and harming our economy as a whole.

“Without debit reform’s competition-enhancing standards, banks would be free to return to the days of unfettered price fixing,” said Mallory Duncan, chairman of the Merchants Payments Coalition and senior vice president and general counsel at the National Retail Federation. “It’s important to remember that despite the smokescreen the big banks put up, debit reform is an incontrovertible success and should be protected.”

Join the millions of Main Street businesses in every Congressional district in calling for Chairman Hensarling to remove his poison-pill language that leaves the debit- card market without competition.

The Merchants Payments Coalition represents 2.7 million stores, including restaurants, supermarkets, drug stores, convenience stores, gas stations, on-line merchants and others, with 50 million employees, fighting unfair credit-card fees and working for a competitive and transparent system for merchants and consumers.

Merchants Payments Coalition
Michael Flagg, 202-253-4164

Data Breach Notification Act of 2011 and Accountability Act

There are multiple bills pending regarding data breach responsbilities and summaries are below. With PCI Compliance never achieving the goal of 100%, can we really expect any better with theses other issues. Government regulation is increasing due to the failure of businesses to self police and protect data they collect.


S. 1535: Personal Data Protection and Breach Accountability Act of 2011

Personal Data Privacy and Security Act of 2011 – Amends the federal criminal code to: (1) make fraud in connection with the unauthorized access of personally identifiable information (in electronic or digital form) a predicate for racketeering charges, and (2) prohibit concealment of security breaches involving sensitive personally identifiable information. Sets penalties for attempts and conspiracies to commit fraud and related activity in connection with computers. Requires a data broker to: (1) disclose to an individual, upon request, personal electronic records pertaining to such individual maintained or accessed for disclosure to third parties; (2) disclose adverse actions by third parties against an individual; and (3) maintain procedures for correcting inaccuracies and incompleteness in such records. Defines a “data broker” as a business entity that collects, transmits, or provides access to sensitive personally identifiable information on more than 5,000 individuals who are not the customers or employees of that business entity for purposes of providing such information to non-affiliated third parties on an interstate basis. Establishes standards for developing and implementing safeguards to protect the security of sensitive personally identifiable information. Imposes upon data brokers and business entities civil penalties for violations of such standards. Requires business entities to notify: (1) any individual whose information has been, or is reasonably believed to have been, accessed or acquired, (2) all nationwide consumer reporting agencies if an agency or entity is required to notify more than 5,000 such individuals, and (3) the United States Secret Service and the Federal Bureau of Investigation (FBI) if the number of individuals involved exceeds 10,000.
Authorizes the Attorney General and state attorneys general to bring civil actions against business entities for violations of this Act. Requires the Administrator of the General Services Administration (GSA), in considering contract awards totaling more than $500,000, to evaluate: (1) the data privacy and security program of a data broker, (2) program compliance, (3) the extent to which databases and systems have been compromised by security breaches, and (4) data broker responses to such breaches. Requires federal agency information security programs to include procedures for evaluating and auditing the information security practices of contractors or third party business entities supporting the agency information systems or operations involving personally identifiable information and for ensuring remedial action to address any significant deficiencies. Requires federal agencies to conduct a privacy impact assessment before purchasing personally identifiable information from a data broker.

Data Breach Notification Act of 2011 – Requires any federal agency or business entity engaged in interstate commerce that uses, accesses, or collects sensitive personally identifiable information, following the discovery of a security breach, to notify: (1) any U.S. resident whose information may have been accessed or acquired, and (2) the owner or licensee of any such information that the agency or business does not own or license. Exempts: (1) agencies and business entities from notification requirements for national security and law enforcement purposes and for security breaches that a risk assessment concludes do not have a significant risk of resulting in harm if specified certification or notice is provided, subject to review by the Secret Service; and (2) business entities which utilize a security program that blocks the use of sensitive personally identifiable information and provide notice of a breach to affected individuals. Requires notifications regarding security breaches under specified circumstances to the Secret Service, the Federal Bureau of Investigation (FBI), the Postal Inspection Service, and state attorneys general. Authorizes the Attorney General to bring a civil action in U.S. district court against any business entity that violates this Act. Sets civil penalties for violations. Amends the Fair Credit Reporting Act to require agencies to include a fraud alert in the file of a consumer that submits evidence of compromised financial information to a consumer reporting agency. Authorizes: (1) civil actions by state attorneys general to enforce this Act, and (2) appropriations for costs incurred by the Secret Service to investigate and conduct risk assessments of security breaches.


You can follow these bills here:  Data Breach Protection US Congress (official list of bills and links)