Today, Brian Dodge, RILA's executive vice president, communications & strategic initiatives, testified at the House Financial Services Committee hearing, "Protecting Consumers: Financial Data Security in the Age of Computer Hackers." In his testimony, Dodge outlined the major steps taken by the retail community to enhance cybersecurity throughout the industry, including an investment of more than $8 billion to upgrade payment terminals to accept more secure "Chip" credit cards. Dodge also urged banks to issue "Chip and PIN" credit cards instead of the less secure "Chip and Signature" cards, which lack the two factor authentication protection that has dramatically reduced fraud in Europe and Canada.
While highlighting current efforts on the part of the retail industry to combat cyber-attacks and share threat information, Dodge also voiced support for federal data breach legislation that clears up regulatory confusion to better protect and notify consumers in the event of a successful attack.
The full testimony can be read here: http://bit.ly/1AXjxBB
Excerpts from the testimony:
"Retailers embrace innovative technology to provide American consumers with unparalleled services and products online, through mobile applications, and in our stores. While technology presents great opportunity, nation states, criminal organizations, and other bad actors also are using it to attack businesses, institutions, and governments. As we have seen, no organization is immune from attacks and no security system is invulnerable."
"One area of security that needs immediate attention is payment card technology. RILA members have long supported the adoption of stronger debit and credit card security protections. The woefully outdated magnetic stripe technology used on cards today is the chief vulnerability in the payments ecosystem. This 1960s era technology allows cyber criminals to create counterfeit cards and commit fraud with ease. Retailers continue to press banks and card networks to provide US consumers with the same Chip and PIN technology that has proven to dramatically reduce fraud when it has been deployed elsewhere around the world.
According to the Federal Reserve, PINs on debit cards make them 700 percent more secure than transactions authorized by signature.1 While retailers are estimated to be investing more than $8.6 billion to upgrade card terminals to accept chip cards by later this year, the new cards will be issued without PIN numbers, instead relying on only a signature to authenticate the cardholder.2 Chip and signature technology falls woefully short of providing American consumers with same level of security provided to consumers in Europe, Canada and everywhere else in the developed world. Retailers believe that American consumers deserve the best available card security and that deploying the two-factor authentication enabled through chip and PIN will prevent criminals from duplicating cards with ease, devaluing the data that retailers collect at the point of sale and ultimately reducing cyber-attacks on retailers."
"Increasing cyber threat information sharing also is vital to defeating sophisticated and coordinated cyber actors. RILA strongly supports cybersecurity information sharing legislation that provides liability protections for participating organizations."
"When attacks on consumer information are successful and will cause economic harm, retailers believe that their customers have the right to be notified as promptly as possible. Retailers also believe that they have an obligation to provide customers with information that is as accurate and actionable as possible so that they can take steps to protect themselves. To that end, RILA supports federal data breach notification legislation that is practical, proportional and sets a single national standard that replaces the often incongruous and confusing patchwork of state laws in place today. A single, clear, preemptive federal standard will help ensure that customers receive timely and accurate information following a breach."
RILA is the trade association of the world's largest and most innovative retail companies. RILA members include more than 200 retailers, product manufacturers, and service suppliers, which together account for more than $1.5 trillion in annual sales, millions of American jobs and more than 100,000 stores, manufacturing facilities and distribution centers domestically and abroad.