NRF urges Congress for support against retail credit card fraud
Retail Editor 4 -- Home Textiles Today, February 4, 2014
Washington - On the heels of Target Corp.'s widespread data breech, the National Retail Federation on Monday urged Congress to take a "comprehensive approach" as it contemplates a national response to criminal cyber attacks in which millions of consumers' credit and debit card numbers were stolen.
NRF said retailers are willing to do their part to improve security, but that banks and card companies must also take major steps to shore up the current fraud-prone payments system.
"When a criminal breach occurs in the payments system, all of the businesses that participate in that system and their shared customers are victimized," said Mallory Duncan, NRF senior vp and general counsel. "Rather than resort to blame and shame, the parties should work together to ensure that the data breach is remedied and steps are taken to prevent and mitigate future breaches. Retailers take the increasing incidence of payment card fraud very seriously. We have every reason to want to see fraud reduced, but we have only a portion of the ability to make that happen. We did not design the [payments] system, we do not configure the cards and we do not issue the cards. We will work to effectively upgrade the system, but we cannot do it alone."
Duncan was scheduled to testify Monday afternoon before a hearing on data security held by a subcommittee of the Senate Banking, Housing and Urban Affairs Committee. In testimony prepared for delivery at the hearing, Duncan said the United States is under constant criminal attack from sophisticated cybercriminals - largely located overseas - who target financial institutions, manufacturers, public utilities, and other businesses, not just retailers.
In the short term, Duncan said the banking industry needs to replace current cards that store consumer data on 1960s-era magnetic strips, and have users sign their name with modern cards that encrypt data on an embedded microchip and require use of a secret personal identification number, or PIN. Instead, banks and card companies have pushed so-called EMV - Europay, MasterCard and Visa - proprietary cards that use a chip but remain open to fraud by allowing the use of a signature. Duncan said replacement of easily forged signatures with a PIN and Chip card is essential to security.
In his testimony, Duncan urged the United States to look beyond the Payment Card Industry's (PCI) security standards and proposed EMV cards, and embrace a more secure and technologically-advanced payments system that is as innovative as it is competitive. In the longer term, Duncan said further improvements, such as point-to-point encryption of data, "tokenization" of transactions and mobile payments offer potential solutions to better protect consumers.
Duncan also urged Congress to pass the Cyber Intelligence Sharing and Protection Act, which would make it easier for the commercial sector to share information about cyber threats and ensure that cybercrimes are thoroughly investigated and prosecuted. He said NRF also wants Congress to replace the varying data breach notification laws currently on the books in 46 states and the District of Columbia with a single, uniform nationwide standard and bolster law enforcement agencies' abilities to combat cyber attacks
Celebrity Branding at NY Home Fashions Market