Cyberthreats Require Collaboration Not Confrontation | Commentary
As retailers, every day we seek to provide customers the goods and services they want at the best value. But retailers also know that consumers demand more than just a good deal, they expect to be treated fairly and honestly. Consumers also expect that their purchases are made in an environment where personal information is secure.
According to a 2013 data breach investigation by Verizon, a wide variety of businesses, including health care companies, utilities, manufacturers, technology companies, financial institutions and retailers, were all victimized by cyberattacks. These attacks are launched by criminals who are persistent and their methods are increasingly sophisticated. The fallout from these criminal acts has gained widespread public attention and questions about the security of the electronic payments system have emerged.
The retail industry takes the threat of cyberattacks seriously and works diligently every day to stay ahead of these sophisticated adversaries. Retail companies individually and the industry collectively, are making substantial investments in the technology and experts needed to aggressively counter these threats. Retailers utilize ever-evolving techniques and tactics such as data encryption, tokenization, and redundant internal controls to both ward off attacks and reduce the impact of any successful cybersecurity attack.
The payment system itself though is an ecosystem that relies on interoperable cooperation across sectors. The saying that a chain is only as good as its weakest link applies here. While retailers understand and manage their internal systems and security, they have little or no influence over the actions taken by other players in the payments universe, actions with enormous implications on fraud. Instead, retailers must rely on others in the payments ecosystem to dictate critical security decisions, including card technology, retailer terminals, and when data can be encrypted during the transmission between retailers and the card networks. To effectively address today’s cybersecurity challenges, we must work collaboratively with the card networks, and issuing banks and credit unions to ensure that the system is made as secure as possible while giving customers access to the payment choices they prefer. It is our view that the responsibility for security should be shared, but we know that if we don’t collaborate to secure these systems and consumer confidence wanes, we will all share in the loss.
For years, U.S. retailers have urged card issuers and card networks to provide cardholders with the same enhanced fraud prevention technology used throughout the rest of the world. Merchants can’t wait any longer for these changes, and so last month, the Retail Industry Leaders Association (RILA) launched its Cybersecurity and Data Privacy Initiative. As part of the initiative, RILA called for collaboration among retailers, banks and card networks to advance improved payments security. The RILA plan in this respect focused on four major steps we should take to improve the security of debit and credit cards. First, quickly establish a plan to retire the antiquated magnetic stripe technology in place today. Second, require that every credit and debit card be issued with a corresponding PIN number. Banks require that cardholders enter a PIN number to withdraw money from an ATM; merchants should have the same opportunity to protect against fraud. Third, establish a road map to migrate to chip-based smart card technology with PIN security, also known as Chip and PIN. Finally, recognizing that card security must outpace criminal advancements, the members of the payments ecosystem must collaborate to identify new technologies and long-term, comprehensive solutions to the threats.
In order to accomplish these goals, everyone — merchants, card issuers and the credit card companies — must work together. I have little doubt that all parties share the same goals of protecting consumers and maintaining confidence in the payments system. That is why RILA has begun reaching out not only to representatives across the merchant community, but also to those that represent financial institutions of all sizes in an effort to work together to identify near- and long-term solutions.
If we are going to achieve our shared goals, we must not play the all too familiar Washington blame game. Instead, we must work together as leaders of our respective industries to identify and overcome these challenges in order to give customers the peace of mind they deserve.
Sandy Kennedy is the president of the Retail Industry Leaders Association (RILA).