On February 26, 2023, Townhall published an op-ed by ATR Federal Affairs Manager Bryan Bashur. The op-ed explains how legislation like the Credit Card Competition Act (CCCA) will put consumer privacy at risk.
The piece begins by explaining how the CCCA threatens the privacy of payment transactions that are essential to protect sensitive personal information:
Legislation, such as the previously introduced Credit Card Competition Act (CCCA), would require that all networks expose their tokenization technology to competitors. Token domain restrictions are safeguards put in place to protect consumers from fraudulent activity. The provisions in this bill would put consumer privacy at risk.
The article discusses how the Federal Trade Commission’s (FTC) recent consent order is proof that the CCCA will require credit card companies to divulge their proprietary technology to competitors:
The order requires Mastercard to share consumers’ primary account numbers “so that merchants may route tokenized transactions using Mastercard-branded debit cards to the available network of their choosing.” The justification for this order is based on section 1075 of the Dodd-Frank Act, which authorized the Federal Reserve to produce regulations that would force networks to reveal their proprietary technology for debit card transactions. The FTC’s order is a gross intrusion into a company’s ability to safeguard consumer data, but if section 1075 had never been enacted, the grounds for the consent order would have never materialized.
The CCCA does not strengthen the security of the U.S. payments system. The bill includes a provision that would require payment card networks to expose their proprietary cybersecurity and tokenization technology for credit card transactions to their competitors. This will disincentivize investment in future technologies and fail to protect consumers’ card numbers from bad actors.
Next, the op-ed argues that, if enacted, the CCCA would not prevent foreign state-owned payment card networks from operating in the United States. The bill only requires the Federal Reserve to establish a public list of payment card networks that “pose a risk to the national security of the United States” or is “owned, operated, or sponsored by a foreign state entity.” Creating a list is a far cry from actually prohibiting state-owned networks. Moreover:
Legislation to prohibit state-owned networks from operating in the U.S. would be welcome news. However, coupling this prohibition with the provisions in the CCCA that deteriorate fraud protections would cut off one’s nose to spite one’s face.
The piece proceeds to show that the CCCA will also likely reduce cybersecurity by limiting the supply of available credit cards equipped with Europay, Mastercard, and Visa (EMV) chips. These chips have proven to be essential in mitigating counterfeit card fraud, and a limited supply could put the U.S. at a competitive disadvantage.
The article concludes that the bill fails to offer any benefits to consumers:
Congress should crack down on state-owned networks and explore ways to deregulate payment transactions to incentivize investment in fraud protection that could improve upon current tokenization technology. Unfortunately, the CCCA fails on both accounts and ends up weakening cybersecurity protections for consumers.
Click here to read the full op-ed.