Digital Transactions Authoritative, insightful and timely information for payments professionals
Critics blasted away at Wal-Mart Stores Inc.'s plan to open a Utah industrial loan corporation for most of three days in late April, and now the world's biggest retailer is firing back. Wal-Mart filed a 14-page letter earlier this month with the Federal Deposit Insurance Corp. addressing the major concerns of its opponents, who fear the giant retailer could use the proposed Wal-Mart Bank to compete for consumer banking business. In that rebuttal, Jane Thompson, president of Wal-Mart Financial Services, claims the bank will stand up to its parent company if it doesn't protect consumer financial data. Wal-Mart also addresses criticism that the bank might increase risk in the payment business. The bank's only stated function is to submit credit card, debit card, and other electronic transactions into payment networks. In the letter to FDIC acting chairman Martin J. Gruenberg and John F. Carter, regional director of the FDIC's San Francisco office, Thompson says, “the commentators who raised questions about the effects the bank would have on these systems reflected a misunderstanding of the practical operation of the payments systems and the scope and nature of the bank's proposed activities.” Thompson went on to say that, if anything, Wal-Mart Bank would reduce risk because of its narrow focus on only one merchant, Wal-Mart, whereas traditional merchant acquirers deal with many merchants of differing risk profiles. Then Thompson, in an apparent reference to recent electronic intrusions that have compromised cardholder data on hundreds of thousands of accounts, said one example of the bank's oversight functions regarding payment risk would be “the self-imposed requirement that Wal-Mart must comply with Visa and MasterCard payment card industry [PCI] standards for data security protection before the bank will sponsor Visa and MasterCard transactions. It is our understanding that few, if any retailers are 100% PCI compliant. The bank, on an ongoing basis, will monitor Wal-Mart's PCI compliance and will have the independence to refuse to sponsor transactions if Wal-Mart fails to meet the standards, or otherwise fails to comply with network and association rules.” The letter doesn't say if Wal-Mart currently meets PCI standards, though Visa USA reports that only 20% of large merchants are compliant. Sponsored by a number of major payment card networks, PCI requires processors, banks, and merchants to use data encryption, subscribe to anti-virus programs, use secure passwords, and employ a variety of other security measures to protect cardholder information. In claiming the bank will be independent, Thompson says the chief executive and chief financial officers were recruited from outside Wal-Mart; its offices will be in Utah (far from company headquarters in Bentonville, Ark.); the bank “does not intend” to employ anyone who jointly holds a Wal-Mart job; a majority of its directors will be independent; and the board's audit committee will be comprised entirely of independent directors. Most of the remainder of the letter tries to refute criticisms from community bankers and others that Wal-Mart, which has attempted to get into the banking business before, has broader designs on consumer deposits. A Utah industrial bank charter is contingent on the FDIC approving deposit insurance. The FDIC, which has received more than 3,000 comments on Wal-Mart's application, hasn't said when it will make a decision.
