Statement On White House Actions On Cyber and Data Security

The Retail Industry Leaders Association (RILA) released the following statement ahead of the White House's actions on cyber and data security this week.

"Through the Buy Secure Initiative, the President has demonstrated his commitment to ensuring that debit and credit cards operate with the strongest security technology available today; Chip-and-PIN.

"We applaud the President's focus on cyber and data security and look forward to hearing the details that will emerge this week.

"Retailers have demonstrated a commitment to working with policymakers to enhance cybersecurity, carefully steward customer data and strengthen consumer trust. We encourage all policymakers to recognize the importance of prioritizing the collaboration and flexibility needed to promote retail innovation." – Sandy Kennedy, President of RILA.

Background on Retailers Action on Cyber and Data Security

Chip and PIN

Chip and PIN cards dramatically enhance card security and reduce cyber threats by rendering the basic card information, which today is contained on a magnetic stripe, useless to thieves.  The Chip is enabled with a dynamic security feature that generates a unique security code for each transaction, ensuring that the card being used is not counterfeit. The requirement that the cardholder use a PIN ensures that the card is in possession of the rightful person. This two-factor authentication technology is in place in nearly every other G-20 country today and the reduction in fraud has been substantial.

According to the Federal Reserve, PINs on debit cards make them 700 percent more secure than transactions authorized by signature.  (Federal Reserve. "2011 Interchange Fee Revenue, Covered Issuer Costs, and Covered Issuer and Merchant Fraud Losses Related to Debit Card Transactions." March 5, 2013 http://1.usa.gov/1xhPXph)

Many merchants already have Chip and PIN-enabled terminals in place today and the entire retail industry is on track to have completed an enormous investment in order to be able to accept Chip and PIN cards next year. But, banks, credit unions and card companies such as Visa, MasterCard, American Express and Discover intend to begin issuing chip cards in the U.S. without the crucial functionality of PINs.

Regulators and law enforcement have also expressed support for moving towards more advanced Chip and PIN card technology used in Europe and elsewhere throughout the world today. 

Retail Industry Making Strides in Threat Information Sharing

In May, RILA and some of America's most recognized retail brands also announced the formation of the Retail Cyber Intelligence Sharing Center (R-CISC), to promote threat information sharing, cybersecurity and data privacy through all appropriate means. The R-CISC is the cybersecurity resource for the retail industry, open to retailers and merchants of all segments and sizes and aims to become a resource for not only the retail industry but related merchant industries as well. The R-CISC is making tremendous strides and is now interviewing and hiring an Executive Director to run the Center. This is just one more step to continuing the growth of the center.

Ahead of this Holiday season the R-CISC, the FS-ISAC and the USSS issued the advisory, "Protecting Merchant Point of Sale Systems during the Holiday Season." Going into the Holiday season retailers are very aware of the increased threats and have been working collaboratively in order to share leading practices in order to best protect their customers.

The trust is building among retailers and we've seen a true commitment to collaboration and protecting customers. We've seen successes including preventing attacks, increased awareness about current threats, and robust sharing of traffic from suspicious IP addresses.

 Merchant Financial Cyber Partnership

RILA partnered with the Financial Services Roundtable (FSR) at the beginning of the year to establish the Merchant-Financial Cyber Partnership. The Partnership was formed to work collaboratively on a private sector solution to protect the payments system. The Partnership grew to include 19 financial and merchant  associations working together collaboratively across the payments systems to enhance security if order to product customers and their data from cyber criminals. More than 250 senior executives from both sides met nearly 50 times, heard from over 45 experts, participated in numerous outreach events, and sought consensus on critical policy issues. The Partnership has released eight next steps for ongoing collaboration by Partnership participants in key areas, including threat information sharing, cyber risk mitigation, advanced card present & card not present security technology and cybersecurity legislation. The Partnership sent a joint letter to Congress outlining principles for and urging Congress to pass cyber threat information sharing legislation.

Although the industry – along with many other industries and the government itself – will continue to be attacked, the work of the R-CISC and of relationships formed via the Partnership will provide another tool in retailer's arsenal against cyber attacks.

###​

RILA is the trade association of the world's largest and most innovative retail companies. RILA members include more than 200 retailers, product manufacturers, and service suppliers, which together account for more than $1.5 trillion in annual sales, millions of American jobs and more than 100,000 stores, manufacturing facilities and distribution centers domestically and abroad.