NRF Asks Congress to Help on Data Breaches
NRF is asking Congress to move quickly on legislation that would build on the retail industry’s efforts to stop data breaches like those that affected millions of consumers’ credit and debit cards late last year.
“The National Retail Federation and our 12,000 members are committed to combating this criminal threat to our industry and our customers,” NRF president and CEO Matthew Shay said in a letter to House Speaker John Boehner (R-Ohio) and Senate Majority Leader Harry Reid (D-Nev.). “We strongly recommend adoption of meaningful steps to fight cyber theft and credit card fraud.”
In the letter, Shay asked for passage of the Cyber Intelligence Sharing and Protection Act, House-passed legislation now pending in the Senate that would make it easier for the commercial sector to share information about threats and ensure that cyber crimes are thoroughly investigated and prosecuted. He also asked Congress to replace the varying data breach notification laws currently on the books in 46 states and the District of Columbia with a single nationwide standard.
In the meantime, NRF is urging the card industry to switch to new chip-and-PIN cards, which would require use of a Personal Identification Number instead of an easy-to-forge signature, and which would encrypt card data on an embedded computer microchip instead of storing it on a 1960s-era magnetic stripe. Despite years of retailers asking for chip-and-PIN, Shay said card companies “have continued to issue fraud-prone magnetic stripe cards to U.S. customers, putting sensitive financial information at risk” even though the new cards are widely used in Europe and have reduced fraud there.
“Our partners in the financial sector have a critical role to play in making sure their cards are safe,” Shay said. “Only by working together will consumers’ financial data be protected from criminals.”
Shay said some retailers have already installed point-of-sale systems that would work with the new cards but that the card industry needs to “invest in next-generation technology” by issuing chip-and-PIN cards.
NRF is exploring a variety of security methods in addition to chip-and-PIN, and is “committed to a long-term solution to the issue, working with all stakeholders to ensure that our customers’ sensitive information is protected,” Shay said.