Retailers Call for Collaborative Effort at Senate Data Breach Hearings
WASHINGTON, D.C. -- The U.S. Congress is in the midst of a group of hearings before the Senate Banking Subcommittee, International Trade and Finance, in an effort to determine what led to the recent massive data breaches at Target Corp., The Neiman Marcus Group and other retailers.
Yesterday, members of Congress focused on whether retailers such as Target delayed informing law enforcement officials and the public once they learned of the data breaches, reported WCCO. Politicians also discussed the possibility of enacting tougher laws to protect consumers.
Retail groups fired back that they are willing to do their part to improve security, but said banks and credit card companies must also take major steps to shore up the current "fraud-prone" system.
"Credit card companies make the cards and set the security standards," said Lyle Beckwith, senior vice president of government relations at NACS, the Association for Convenience & Fuel Retailing. "Merchants spend roughly $6.5 billion each year to help prevent fraud and protect consumers, but can't make up for all of the vulnerabilities that fraud-prone credit and debit cards have."
Retailers take payment card fraud seriously, added Mallory Duncan, senior vice president and general counsel secretary for the National Retail Federation (NRF).
"We have every reason to want to see fraud reduced, but we have only a portion of the ability to make that happen," he said. "We did not design the [payments] system, we do not configure the cards and we do not issue the cards. We will work to effectively to upgrade the system, but we cannot do it alone."
Experts disagree regarding whether upcoming Europay, MasterCard and Visa (EMV) guidelines can thwart most future data attacks. However, most believe EMV is clearly a step in the right direction.
EMV guidelines call for credit and debit cards to switch from the current magnetic stripe system to chip-and-PIN and chip-and-signature cards. Retailers must upgrade their point-of-sale equipment to EMV readers by October 2015 for in-store transactions, October 2016 for most ATM transactions and October 2017 for transactions at the pump.
The U.S. Secret Service has yet to make any arrests related to the recent data breaches. It has isolated the alleged cybercriminals to areas of eastern Europe, though.
The hearings continued today with Target Chief Financial Officer John Mulligan testifying.