NRF weighs in on data security issue

The National Retail Federation has issued a statement for a hearing on data security being held by the House Financial Services Committee’s Subcommittee on Financial Institutions and Consumer Credit, reiterating the retail industry’s commitment to protecting Americans’ financial information.



NRF SVP and general counsel Mallory Duncan, who previously testified before the Senate Banking, Housing and Urban Affairs Committee, urged Congress to examine the latest data breaches at card companies, government institutions, retailers and universities in a “holistic fashion.”



“It’s important to look at why such breaches occur and what the perpetrators get out of them so that we can find ways to reduce and prevent not only the breaches themselves, but the fraudulent activity that is often the goal of these events,” Duncan said. “If breaches become less profitable to criminals then they will dedicate fewer resources to committing them and our goals will become more achievable.”



NRF’s recommendations focused on the need for a more secure, transparent and competitive payments system that incorporates the latest technology. Duncan said new chip-based cards that banks plan to issue next year need to require the use of a PIN, not just a signature, in order to provide maximum consumer security and protection.



“We need PIN-authentication of cardholders regardless of the chip technology used on newly issued cards,” Duncan wrote. “We also need chip cards that use open standards and allow for competition among payment networks as we move into a world of growing mobile commerce. Finally, we need companies throughout the payment system to work together on achieving end-to-end encryption so that there are no weak links in the system where sensitive card payment information may be acquired more easily than in other parts of the system.”



Along with providing the committee with actionable recommendations to better protect consumer information, NRF expressed its support for a wide range of legislative proposals that include enhancing consumer protections when using a debit card, greater information sharing across industries to address emerging cyber threats, increased resources for law enforcement to investigate and prosecute cybercriminals, and a federal breach notification law modeled after state law.



“The payment system is complicated,” Duncan said. “Every party has a role to play; we need to play it together. No system is invulnerable to the most sophisticated and dedicated of thieves. Consequently, eliminating all fraud is likely to remain an aspiration. Nevertheless, we will do our part to help achieve that goal.”