By TCH Research
The Clearing House (TCH) white paper, entitled Ensuring Consistent Consumer Protection for Data Security: Major Banks vs. Alternative Payment Providers, addresses the regulatory gaps relating to the data security practices of the Alternative Payment Provider (APP) industry. Banks are subject to extensive regulatory, supervisory, and enforcement scrutiny by their regulators with respect to privacy and data security, APPs, by contrast, are providing their products and services by continuing to rely on the backbone of existing bank payment systems while capitalizing on innovations in communications platforms, thus generally managing to avoid the reach of the traditional financial regulators. Additionally, APPs only face punishment for lax data security practices if they suffer an actual cybersecurity breach that is discovered by the government, because unlike banks, APPs are not subject to regular examinations and enforcement actions by regulators. The paper contains detailed recommendations to close the regulatory, enforcement and examination gaps that exist today, including using available examination authority and enforcing existing requirements as well as enacting legislation establishing additional data security requirements for APPs.