Retail Groups Address Card Security Debate
WASHINGTON, D.C. — NACS, the Association for Convenience & Fuel Retailing, the Food Marketing Institute, Retail Industry Leaders Association, National Retail Federation, and the National Restaurant Association jointly sent a letter in late December clarifying what the groups called a misleading survey from the Independent Community Bankers of America (ICBA), which alleged that banks are shelling out millions of dollars because retailers can’t properly secure their networks.
ICBA CEO John Buhrmaster's comments came in the wake of the Home Depot data breach, which occurred from April to September. The ICBA survey, released Dec. 18, said community banks had to reissue nearly 7.5 million credit and debit cards at a cost of $90 million in the wake of the massive Home Depot data breach, which exposed 56 million customers’ payment card information.
Several other high-profile breaches have taken place in recent years, including at Target Corp., as well as MAPCO Express Inc. in the convenience store industry.
In their answering letter, the trade groups emphasized these following points: Retailers incur more of the costs of data breaches than banks; more sharing of information between law enforcement and the business community, in addition to between retailers and financial institutions, is needed; and disregarding PIN technology leaves all entities concerned more vulnerable.
“ICBA cannot simply dismiss data breaches as a retail problem and refuse to recognize the risk to financial institutions — to do so would be a disservice to your members,” the groups said in the letter, pointing out that retailers bear equal or greater costs after a data breach, according to a 2013 Federal Reserve study of debit card fraud.
On Oct. 1, a liability shift will take place as c-store retailers who do not upgrade their point-of-sale systems to an EMV (Europay, MasterCard and Visa)-compatible device can be held responsible for fraudulent in-store transactions.
At this time, EMV entails the use of chip-and-signature debit cards and credit cards.The retail groups in the letter criticized the ICBA for not committing to chip-and-PIN cards instead.
“The added security provided when each customer is given a unique personal identification number or PIN has already been shown to make debit card transactions 700 percent safer,” the groups wrote.
Similar EMV liability shift deadlines will take place in 2016 for ATM machines and 2017 for at-pump transactions.
The retail organization letter can be read in its entirety here.