ABA, Retailers to Testify on BreachesSenate Panel to Consider Consumer Safeguards
Representatives of the American Bankers Association, the National Retail Federation and the Payment Card Industry Security Standards Council are among those slated to testify at a Feb. 3 Senate hearing on safeguarding consumers' financial data. Additionally, a House panel is expected to hold a yet-to-be-scheduled hearing regarding retail data breaches the first week of February.
On Feb. 3, the Senate Subcommittee on National Security and International Trade and Finance will hear from James Reuter, executive vice president of FirstBank, on behalf of the American Bankers Association; Mallory Duncan, general counsel at the National Retail Federation; and Troy Leach, chief technology officer for the PCI Security Standards Council.
Also slated to testify are representatives of the U.S. Secret Service, the Federal Trade Commission's Bureau of Consumer Protection, and the U.S. Public Interest Research Group.
Meanwhile, the House Commerce, Manufacturing and Trade Subcommittee has announced that a Target official, along with law enforcement officials, will testify at a hearing the week of Feb. 3 about the retailer's breach. The panel has not yet set the date of the hearing nor revealed all of those testifying.
Target reports that the breach incident likely exposed some 40 million credit and debit transaction details, including encrypted PINs, along with personally identifiable information about 70 million customers.
On Jan. 16, American Bankers Association President and CEO Frank Keating asked Congress to examine the specific circumstances surrounding Target's breach (see Retail Breaches: Congress Wants Answers).
In a letter to the House and Senate, Keating acknowledged that retailers, banking institutions and all others who play a role in the payments chain all must work to ensure ongoing security. But the ABA asked for more shared responsibility when retail breaches result in fraud.
"When a retailer like Target speaks of its customers having 'zero liability' from fraudulent transactions, it is because our nation's banks are providing that relief, not the retailer that suffered the breach," he said. "It is often the case that banks must explain to their customers what has happened without the bank knowing where the breach has occurred. Moreover, bankers have historically received little meaningful reimbursement for the costs they have incurred."
Within five days of the ABA sending its letter, the National Retail Federation responded. In a letter to Senate and House leaders, Matthew Shay, the federation's president and CEO, noted that banking institutions and the government "have a critical role to play" when it comes to ensuring card security.
"For years, the banks have continued to issue fraud-prone magnetic stripe cards to U.S. customers, putting sensitive financial information at risk while simultaneously touting the security benefits of next generation Chip and PIN card technology for customers in Europe and dozens of other markets," Shay says. "Only by working together will consumers' financial data be protected from criminals."
The NRF supports the passage of the Cyber Intelligence Sharing and Protection Act, which would allow the commercial sector to more quickly share information about threats, Shay says.
In addition, the The Financial Services Roundtable is asking Congress to take action in light of the recent high-profile retail breaches (see Breaches Spark Call for Congress to Act). For example, it's calling for passage of a national data breach notification law as well as legislation to expand oversight of the retail and telecommunications sectors.