NRF: Retailers committed to protecting consumer data

Washington, D.C. - The National Retail Federation told a congressional panel on April 16 that the retail industry is committed to safeguarding and protecting consumer data and information from cybercriminals and hackers. Tom Litchford, NRF VP for retail technologies, testified before a field hearing of the House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies, where he outlined specific steps that the nation’s retailers are pursuing and implementing to identify, prevent and combat cyber attacks.



He described NRF’s support for immediately transitioning away from fraud-prone credit cards that utilize 1960s technology (magnetic-stripe and signature) to more advanced and secure cards that incorporate a Personal Identification Number or PIN, or Chip and PIN cards that include a computer microchip.



PIN-based cards, along with data encryption and tokenization, would help prevent cybercriminals from monetizing consumer financial information and provide better fraud protection for retailers, banks and consumers than proprietary Europay, MasterCard and Visa or EMV technology that does not require the use of a PIN.



“Retailers make significant investments every year in order to protect [consumer] data,” said Litchford. “Collectively, retailers spend billions of dollars annually to safeguard data and fight fraud, as well as hundreds of millions annually on [credit card security] compliance. Chip and PIN technology dramatically reduces the value of any stolen ‘breached’ data for in-store purchases because the payment card data is essentially rendered worthless to criminals. The failure of U.S. card networks and banks to adopt such a system in the United States is one reason why cyber attacks on brick-and-mortar retailers have increased.”



Litchford went on to state that the nation’s retailers are pursuing the establishment of a Retail Information Sharing and Analysis Center, or Retail ISAC, that would provide retailers and merchants (NRF members and non-members) with actionable and timely threat intelligence to help identify and mitigate cyber risks.



NRF called on Congress to support the retail industry’s efforts on data security and cybersecurity by passing the Cyber Intelligence Sharing and Protection Act or CISPA, which would further encourage businesses and retailers to share information across sectors on cyber threats in real time.