* * Search the Gazette
 
Harvard shieldHarvard University Gazette Harvard University Gazette
* Harvard News Office | Photo reprints | Previous issues | Contact us | Circulation
Current Issue:
May 26, 2005

News
News, events, features
Science/Research
Latest scientific findings
Profiles
The people behind the university
Community
Harvard and neighbor communities
Sports
Scores, highlights, upcoming games
On Campus
Newsmakers, notes, students, police log
Arts
Museums, concerts, theater
Calendar
Two-week listing of upcoming events
Subscribe  xml button
Gazette headlines delivered to your desktop

 

  


HARVARD GAZETTE ARCHIVES

Foley gives House testimony

Credit Union CEO is expert witness

Eugene Foley, president/CEO of Harvard University Employees Credit Union, was recently invited to testify before the House Financial Services Committee as an expert witness on credit card data security. A series of conversations on this topic between the Massachusetts Credit Union League Inc. and Congressman Barney Frank, the ranking Democrat on the House Financial Services Committee, led to this invitation. Foley's testimony was specifically aimed at explaining how credit unions and their members are impacted by breaches in data security. The hearing, "Assessing Data Security: Preventing Breaches and Protecting Sensitive Information," was carried in its entirety on C-Span 2.

Credit unions recently have been impacted after security breaches at several retailers. Last month, CUNA Mutual Group filed a lawsuit against wholesale retailer BJ's Wholesale Club for losses incurred by credit unions after a March 2004 security breach of customers' credit and debit card information. This security breach by unknown hackers affected more than 40,000 credit and debit card numbers and related information, which the lawsuit contends were being stored by BJ's Wholesale Club in direct violation to card association rules and regulations.

In his testimony, Foley stated, "While card issuers fastidiously comply with protecting sensitive account data, the resources they expend in this effort are squandered if merchants are not held to the same standard." He proposed that the companies and associations that manage credit card networks should be required to notify cardissuing institutions immediately when a breach has occurred and that the institution should be obligated to pass that information on to the consumer. That information should include the time of the breach, the name of the merchant, and the location where the breach occurred.







Copyright 2007 by the President and Fellows of Harvard College