Several financial services trade groups criticized the National Retail Federation on Tuesday for “pointing fingers” over the recent Target data breach.
“Once again, the NRF is more interested in pointing fingers than accepting responsibility for their role in protecting consumer data,” the American Bankers Association, Consumer Bankers Association, Independent Community Bankers of America and National Association of Federal Credit Unions said after the NRF’s media briefing on data and payment card security. “That’s a distraction. Plain and simple, the Target breach—and the others recently in the news—had little to do with card technology and everything to do with failed computer security at major retailers.”
In testimony before Congress earlier this month, NRF Senior Vice President and General Counsel Mallory Duncan said the banking industry should replace magnetic stripe cards with PIN or chip-enabled cards, adding that financial institutions and card companies have instead pushed the EMV standard.
“Retailers take the increasing incidence of payment card fraud very seriously,” Duncan said. “We have every reason to want to see fraud reduced, but we have only a portion of the ability to make that happen. We did not design the [payments] system, we do not configure the cards and we do not issue the cards. We will work to effectively upgrade the system, but we cannot do it alone.”
The financial groups said that while chip-based technology should be part of the discussion on data security, “it’s not the whole solution.”
“Banks and retailers already have a plan in place to adopt its use—in addition to our own industry’s stringent federal data security requirements,” the groups said. “Other technologies are emerging to address online fraud, such as tokenization, which is being spearheaded by card networks and financial institutions in their effort to protect consumers. Protecting consumer data is a shared responsibility, and merchants must have the same tough data security as banks to thwart attackers.”