Target breach shows payment system security needs less talk, more action
Finger-pointing between retailers and banks in wake of Target breach a symptom of the problem; Congress likely to step in
Computerworld - Retailers and banks must move quickly to figure out who should be responsible for better securing the payments system network or risk having Congress decide for them.
In the weeks since a massive data breach at retailer Target, banks and retail industry groups have been ferociously blaming each other for not doing enough to prevent such hack attacks. The latest debate continues a longstanding feud that has stalled progress on efforts to improve credit and debit card security.
Both sides need a change in attitude.
The American Bankers Association (ABA), Credit Union National Association (CUNA), the National Association of Federal Credit Unions (NAFCU) and others have renewed calls for regulations that would require retailers to implement stronger data security controls.
"When a retailer like Target speaks of its customers having 'zero liability' from fraudulent transactions, it is because our nation's banks are providing that relief, not the retailer that suffered the breach," ABA president Frank Keating said in a letter to Congress earlier this month.
In an opinion piece posted on AmericanBanker.com, last week, NAFCU CEO Dan Berger chided retailers for downplaying their role in safeguarding sensitive customer data.
The Gramm-Leach Bliley Act for years has required that banks and credit unions implement strong data security controls, he noted, and now it's time to implement similar rules for retailers. "If retailers want to reap the rewards of consumer sales, they should also take an active role in protecting their data," Berger said.
According to CUNA, credit unions to date have spent more than $30 million to recall and reissue credit and debit cards impacted in the Target breach. When fraud related costs are factored in, credit unions could end up paying a much higher price for Target's folly, according to the association.
"Contrary to what some may think, these expenses will not be reimbursed to credit unions and their members by Target or other retailers," CUNA President and CEO Bill Cheney said in a statement "Rather, credit unions must solely cover these costs of their card program administration, including in these circumstances of reacting to a merchant data breach."
Meanwhile, the influential National Retail Federation (NRF) deftly responded by placing the blame for breaches on card technology used by banks and credit unions around the U.S.
"For years, banks have continued to issue fraud-prone magnetic stripe cards to U.S. customers, putting sensitive financial information at risk while simultaneously touting the security benefits of next-generation PIN and Chip card technology for customers in Europe and dozens of other markets," NRF President and CEO Matthew Shay said in a letter to two lawmakers this week.
- Web apps and point-of-sale were leading hacker targets in 2013, says Verizon
- Michaels breach exposes nearly 3M payment cards
- Teen nabbed in Heartbleed attack against Canadian tax site
- Heartbleed bug can expose private server encryption keys
- FTC can sue companies hit with data breaches, court says
- 5-year-old hacks Xbox, now he's a Microsoft 'security researcher'
- State AGs probe Experian subsidiary's data breach
- NSA sniffing prompts Yahoo to encrypt traffic between its data centers
- Banks withdraw data breach claim against Target
- Bank abandons place in class-action suit against Target, Trustwave
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Logicalis eBook: SAP HANA: The Need for Speed Without timely business insights, organizations today can suffer logistical, manufacturing, and even financial disaster in a matter of minutes
- Neustar 2014 DDoS Attacks and Impact Report For the third consecutive year, Neustar surveyed hundreds of companies on distributed denial of service (DDoS) attacks. The survey reveals evidence that the...
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Building Tomorrow's Infrastructure Listen to this podcast to discover how Crider Foods worked with PC Connection to update their IT infrastructure, while maintaining compliance and control. All Cybercrime and Hacking White Papers | Webcasts