“Retailers place extremely high priority on data security and invest tremendous resources to prevent attacks, but cyber-criminals are persistent and their methods of attack are increasingly sophisticated. Enhanced security measures help to thwart attacks, but unfortunately some attacks have been successful and the resulting incidents have affected millions,” said RILA President Sandy Kennedy. “By working together with public-private sector stakeholders, our ability to develop innovative solutions and anticipate threats will grow, enhancing our collective security and giving customers the service and peace of mind they deserve.”
The initiative is organized around three major components.
1. Strengthening Overall Cybersecurity:
Formation of a Retail Cybersecurity Leaders Council: Retailers rebuff cyber threats nearly every day and the resulting lessons can strengthen protections across the entire industry. The Retail Cybersecurity Leaders Council, made up of senior retail executives responsible for cybersecurity, will aim to improve industry-wide cybersecurity capabilities by sharing threat information and discussing effective security solutions in a trusted forum.
Federal Data Breach Notification Legislation: RILA will engage with lawmakers to develop federal data security breach notification legislation that sets a national baseline.
Federal Cybersecurity Legislation: RILA will work with policymakers to help develop federal cybersecurity legislation focused on measures widely viewed as being effective to strengthen cybersecurity for our nation’s critical infrastructure, such as the financial system. At a minimum, this legislation should include support for appropriate information-sharing mechanisms between the private and public sectors.
2. Improving Payments Security:
Eliminate the Mag-Stripe: The existing magnetic stripe technology used on credit and debit cards issued in the United States is antiquated. RILA will urge that it be phased out in favor of the better technology widely used throughout the world.
Universal PIN Security and Chip-based Smart Card Technology: RILA will continue to press the card networks and the issuing banks to migrate to universal PIN security and chip-based smart card technology. In the event of a successful cybersecurity breach, the dynamic security features of such technology effectively prevent the use of stolen data.
System Wide Collaboration: Enhanced card security would be an important first step, but innovation is needed to outpace criminal threats. Therefore, we will seek to forge deeper partnerships with other members of the payments ecosystem to collaborate on migration to near-term card security enhancements, new technologies and long-term, comprehensive solutions to the threats.
3. Addressing Consumer Privacy:
The Retail Data Story: Consumers want and expect data about them to be protected and secure. They also want tailored services and shopping options yet may have questions about the data-related means required to provide them. RILA will work with partners to describe how data is used to provide the experience that consumers demand and share the great lengths that retailers go to protect the data they collect. Where useful, we will help promote data practices and policies that are consistent with RILA’s privacy principles.
To learn more about the RILA Cybersecurity and Data Privacy Initiative visit www.rila.org/cybersecurity.
RILA is the trade association of the world’s largest and most innovative retail companies. RILA members include more than 200 retailers, product manufacturers, and service suppliers, which together account for more than $1.5 trillion in annual sales, millions of American jobs and more than 100,000 stores, manufacturing facilities and distribution centers domestically and abroad.