EPC hits out at retailer 'inaction' on data protection

Source: Electronic Payments Coalition

A statement from Molly Wilkinson, executive director of the Electronic Payments Coalition (EPC) in support of the Data Security Act of 2015, H.R. 2205

"Despite recent claims from representatives of the retail industry, security measures to protect sensitive customer information are needed across industries that handle consumers’ personal and financial information. Retailers are not currently held to any Federal security standards, yet a recent Morning Consult poll found 90 percent of consumers agree stores and retailers should be held to similar standards as banks and financial institutions to keep data secure and private.

Banks and financial institutions go above and beyond the requirements of the Gramm-Leach-Bliley Act (GLBA) to safeguard their customers’ information and the same effort should be required of others that handle sensitive customer data, such as credit and debit cards. There are numerous safeguards implemented by financial institutions that retailers currently do not abide by, such as: sensitive information protections, privacy protection and notification, security plans and safeguard measures, and pretexting protections.

Given the numerous recent big-box retailer data breaches, the Data Security Act of 2015 (H.R. 2205) provides common sense standards that protect consumer information when in the hands of retailers now more than ever. Unfortunately, retailers aren’t in favor of these standards and have resorted to making claims about the bill that are simply untrue. If retailers were accountable for implementing these measures, it’s likely many of the recent high-profile data breaches could have been prevented.

It is in the best interest of consumers to implement the Data Security Act of 2015, which enjoys widespread bipartisan support with 23 Republican and 16 Democratic cosponsors. Additionally, the House Financial Services Committee overwhelmingly approved of the bill with a bipartisan vote of 46 to 9. Importantly, the legislation will establish similar standards that are scalable and flexible to the size and risk profile of the covered entity.

Retail groups calling for continued inaction on security measures are standing in the way of their customers’ best interests. Financial institutions, payment networks and processors, and retailers must all do their part and work together to ensure sensitive payment information is protected for consumers."

Comments: (0)