As Congress considers legislative responses to the recent Target data breach, the retail and banking industries are backing calls to improve security through technology and regulation—though they disagree on the details.
With the holiday season in the rearview mirror, Congress is gearing up to tackle the retail sector’s biggest story from that period.
As The Hill notes, several bills have been introduced in the wake of the Target data breach. One introduced by Sen. Jay Rockefeller (D-WV) would have the Federal Trade Commission set national standards for security and for notifying consumers in the wake of a breach. Another, from Sens. Tom Carper (D-DE) and Roy Blunt (R-MO), would put the burden of privacy protections on both retailers and financial institutions.
The problem? The banking and retail industries, while both directly affected by cybersecurity issues, aren’t on the same page on how to address the challenge.
It’s not the first time the two industries have found themselves at odds—the long battle over credit and debit card swipe fees, for example, is ongoing—but the recent security breaches have opened up a new front. More details:
Retailers call for new steps: Last week, the Retail Industry Leaders Association announced a new multipronged approach to improving cybersecurity and data privacy protections. The plan, dubbed the RILA Cybersecurity and Data Privacy Initiative, includes steps that range from the organizational (launching a Retail Cybersecurity Leaders Council) to the technological (moving away from magnetic stripes on credit and debit cards to PIN-based smart cards) to the legislative (seeking federal legislation on data breach notifications and cybersecurity). The goal? To be better prepared. “By working together with public-private sector stakeholders, our ability to develop innovative solutions and anticipate threats will grow, enhancing our collective security and giving customers the service and peace of mind they deserve,” RILA President Sandy Kennedy said in a statement. RILA’s steps largely match those of the National Retail Federation, which also is pushing for updated card technology.
Bankers raise concerns: Though RILA’s initiatives have backing from consumer groups, banking associations say that many of the retail industry’s proposed solutions put too much of the burden on financial institutions. Referring to the Target breach, Ken Clayton, American Bankers Association chief counsel and executive vice president of legislative affairs, told Bloomberg: “It’s clear that banks are already absorbing at least two-thirds of the cost, if not more, in order to protect their customers for a breach they had nothing to do with. They are rightfully upset about that.” Independent Community Bankers of America President Camden Fine, meanwhile, told the news service that the pain is even more acutely felt by its small-scale members. “There needs to be legislation,” Fine said, because retailers like Target have little incentive to work out issues with banks as things stand.
Card technology upgrades could be on the way whether or not there’s legislation requiring them. As The Hill notes, credit card companies have said they will shift liability for fraud cases to retailers unless they add the technology to accept the new smart cards by October 2015.