Retailers and banks take data breach fight to Congress

Retailers and banks take data breach fight to Congress

The war of words between retailers and banks over cyber-security failures has moved to the political stage, as lobby groups for both parties petition the political elite on Capitol Hill for legislative action to curb future data breaches.

The first salvo in the ongoing skirmishes between banks and retailers was fired last week by the Retail Industry Leaders Association, National Retail Federation, and National Association of Convenience Stores, which accused banking bodies of using misleading arguments on data security in the media and before Congress.

Arguing that retailers spend more than $6 billion per annum on cyber-security, the merchant lobby quoted stats from a Verizon report that appeared to show that over the past year, 465 (roughly 34%) of breaches took place at financial institutions, while fewer than 150 (less than 11%) affected retailers. They also noted that retailers share some of the costs of credit card fraud and pay for the issuance of new cards when a breach occurs.

In a joint letter to Congress dated Wednesday, seven banking trade groups have hit back at retailer claims, stating: "While merchants and financial institutions are both the targets of these attacks, a key difference is that financial institutions have developed and maintain robust internal protections to combat criminal attacks and are required by Federal law and regulation to protect this information and notify consumers when a breach occurs that will put them at risk. In contrast, retailers are not covered by any Federal laws or regulations that require them to protect the data and notify consumers when it is breached."

The banks countered that the Verizon report cited by retailers referred to international incidents of cyber-crime rather than US-centric accounts, and instead called on data from the Identity Theft Resource Center which showed that banks accounted for only 6.2% of breaches in the year to November 2014.

The banks are calling on political leaders to pass legislation that will force retailers to tighten up security following a spate of cyber-attacks that has seen hundreds of millions of consumer account compromised over the past year.

"National consumer notification alone - as advocated by the (retailers) November 6th letter - will not solve this problem," the bank lobby insists. "It is only when coupled with the development of strong internal data protection standards and robust oversight that the retail community will find itself in a better position to protect consumers and their confidential personal financial information from criminal abuse."

Comments: (3)

A Finextra member
A Finextra member 13 November, 2014, 15:181 like 1 like We are now starting to get to the meat of the problem. Who should be held accountable? Banks or retailers. This will not be a short clear answer because each situation will probably be different, each bank and retailer are not configured the same way and each business tries to protect themselves for PR purposes. Do you really expect a politician to understand all these variables? I doubt it. A politician has their own interest in this game and that is votes. Each party has normally tried to protect themselves and let the other party suffer the consequences(loss). This is a tough problem but everyone has to be honest and with lobbyist in the middle that will not happen.
A Finextra member
A Finextra member 03 December, 2014, 16:29Be the first to give this comment the thumbs up 0 likes

"The banks are calling on political leaders to pass legislation that will force retailers to tighten up security following a spate of cyber-attacks that has seen hundreds of millions of consumer account compromised over the past year"

Why should regulation be introduced that forces retailers to spend millions of dollars to tighten up a broken process? IMHO, regulation should be passed that forces the Card Schemes to deliver a secure payment product that works across every operating channel. Payment is simply a means to an end for most retailers, they're not financial institutions and few want to be.

A Finextra member
A Finextra member 04 December, 2014, 03:17Be the first to give this comment the thumbs up 0 likes Getting action from Congress is not s one thing I endorse in a conflict. However to get a settlement between the Banking Industry and the Retail Industry has very little chance of happening. This battle may go on for a few more years.
Visit info.nice.com

Trending Stories