by Kenneth W. Dam, Robert A. Eisenbeis, George G. Kaufman
American Enterprise Institute
March 11, 2014
The recent large data breaches at Target and other retail merchants have been viewed in the media as principally a consumer protection concern. The Shadow Financial Regulatory Committee believes that the issues go far beyond the consumer and threatens the entire payments system. There is the potential that Congress will rush to judgment and pass legislation to only expand consumer protections. But this is insufficient because such breaches could wreak havoc with retail payments and also move through the payments processing chain. Vulnerable institutions include not just financial institutions but also retail firms and non-financial businesses that are electronically intertwined and potentially exploitable via the internet. Because of the potential for systemic risk, policy makers need to identify the potential risks, recommend improvements in security measures, propose loss-sharing rules, review and make recommendations to modernize federal rules concerning debt and credit protocols, and consider what efforts should be undertaken internationally.