After a rash of high-profile data breaches at retailers across the country—including Target, Neiman Marcus and Michael’s craft stores—the National Retail Federation (NRF) is taking a stand on behalf of consumers.
Tom Litchford, the NRF’s VP of Retail Technologies, testified in front of the House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies. He said retailers are spending billions of dollars each year to keep customers’ data safe and combat cyber criminals. Additionally, Litchford said hundreds of millions of dollars are spent annually on credit card security compliance.
Hackers and other cyber criminals are becoming increasingly savvy and aggressive, managing to steal payment information from millions of consumers at large retailers like Target.
Tapping instead of swiping
One strategy that the NRF strongly supports is the transition from credit and debit cards that use magnetic strip and signature technology to payment cards utilizing more advanced chip and PIN (personal identification number) technology.
These cards, also called EMV cards, have a microchip inside them that protects consumer data better than 1960’s era magnetic stripe cards. This technology is already widely used in Europe, Canada and the rest of the world, but has been slow to come to the United States.
With chip and PIN cards, customers tap their cards instead of swiping them. Then they enter a PIN instead of signing to authorize the purchase.
Litchford placed the blame for recent cyber attacks and data breaches on credit card issuers being slow to employ chip and PIN technology. “The failure of U.S. card networks and banks to adopt such a system in the United States is one reason why cyber attacks on brick-and-mortar retailers have increased,” he said. “Chip and PIN technology dramatically reduces the value of any stolen ‘breached’ data for in-store purchases because the payment card data is essentially rendered worthless to criminals.”
Establishing an information sharing network
Litchford also said that the NRF plans to establish a Retail Information Sharing and Analysis Center (Retail ISAC) to provide merchants with intelligence that will help them identify and alleviate security breaches.
He indicated that the Retail ISAC is still in “the planning stages” and urged Congress to pass the Cyber Intelligence Sharing and Protection Act (CISPA), which encourages retailers to share information with each other and would help with the creation of the network.