Target breach shows payment system security needs less talk, more action
Finger-pointing between retailers and banks in wake of Target breach a symptom of the problem; Congress likely to step in
Computerworld - Retailers and banks must move quickly to figure out who should be responsible for better securing the payments system network or risk having Congress decide for them.
In the weeks since a massive data breach at retailer Target, banks and retail industry groups have been ferociously blaming each other for not doing enough to prevent such hack attacks. The latest debate continues a longstanding feud that has stalled progress on efforts to improve credit and debit card security.
Both sides need a change in attitude.
The American Bankers Association (ABA), Credit Union National Association (CUNA), the National Association of Federal Credit Unions (NAFCU) and others have renewed calls for regulations that would require retailers to implement stronger data security controls.
"When a retailer like Target speaks of its customers having 'zero liability' from fraudulent transactions, it is because our nation's banks are providing that relief, not the retailer that suffered the breach," ABA president Frank Keating said in a letter to Congress earlier this month.
In an opinion piece posted on AmericanBanker.com, last week, NAFCU CEO Dan Berger chided retailers for downplaying their role in safeguarding sensitive customer data.
The Gramm-Leach Bliley Act for years has required that banks and credit unions implement strong data security controls, he noted, and now it's time to implement similar rules for retailers. "If retailers want to reap the rewards of consumer sales, they should also take an active role in protecting their data," Berger said.
According to CUNA, credit unions to date have spent more than $30 million to recall and reissue credit and debit cards impacted in the Target breach. When fraud related costs are factored in, credit unions could end up paying a much higher price for Target's folly, according to the association.
"Contrary to what some may think, these expenses will not be reimbursed to credit unions and their members by Target or other retailers," CUNA President and CEO Bill Cheney said in a statement "Rather, credit unions must solely cover these costs of their card program administration, including in these circumstances of reacting to a merchant data breach."
Meanwhile, the influential National Retail Federation (NRF) deftly responded by placing the blame for breaches on card technology used by banks and credit unions around the U.S.
"For years, banks have continued to issue fraud-prone magnetic stripe cards to U.S. customers, putting sensitive financial information at risk while simultaneously touting the security benefits of next-generation PIN and Chip card technology for customers in Europe and dozens of other markets," NRF President and CEO Matthew Shay said in a letter to two lawmakers this week.
- Hackers steal user data from the European Central Bank website, demand money
- Arrests made after international cyber-ring targets StubHub
- SQL injection flaw opens door for Wall Street Journal database hack
- Goodwill Industries probes possible payment card breach
- Aloha point-of-sale terminal, sold on eBay, yields security surprises
- The biggest data breaches of 2014 (so far)
- Blue Shield discloses 18,000 doctors' Social Security numbers
- PF Chang's says breach was 'highly sophisticated criminal operation'
- Breaches exposed 1 in 7 US debit cards in 2013
- New malware program targets banking data
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Is SQL Server AlwaysOn really as powerful? Tips and Tricks from the field With the introduction of AlwaysOn, Windows Clustering Services is now more critical than ever. All Cybercrime and Hacking White Papers | Webcasts