The National Retail Federation urged Congress in a Monday letter to take a comprehensive approach as it seeks to address criminal cyberattacks which have become increasingly more frequent in recent years.
NRF said in the letter that while retailers are willing to work to improve security, banks and card companies must also take steps to improve the fraud-prone payments system.
“When a criminal breach occurs in the payments system, all of the businesses that participate in that system and their shared customers are victimized,” NRF Senior Vice President and General Counsel Mallory Duncan said. “Rather than resort to blame and shame, the parties should work together to ensure that the data breach is remedied and steps are taken to prevent and mitigate future breaches.”
The calls echo similar statements by major groups like the Independent Community Bankers of America, Electronic Payments Coalition and American Bankers Association.
“The electronic payments system brings extensive benefits to consumers, retailers and financial institutions, including fast, secure and reliable transactions, but these recent merchant breaches are a reminder that the work to protect consumer information is never done,” the EPC said. “Data security is a rapidly changing and complex issue, and solutions require dedicated collaboration. All parties – retailers, networks, processors, financial institutions and others – must come together to implement solutions such as EMV and tokenization to strengthen the system and avoid future breaches.”
James Reuter, the executive vice president of FirstBank, testified on behalf of the ABA on Monday, saying the banking industry’s number one priority in security breaches it to protect consumers from fraud losses. He added, however, that securing the payments system must be a collaborative effort.
“Banks, retailers, processors and all other participants in the payments system must share the responsibility of keeping the system secure, reliable and functioning in order to preserve customer trust,” Reuter said. “That responsibility should not fall predominantly on the financial services sector. Banks are committed to doing their share, but cannot be the sole bearer of that responsibility. Policymakers, card networks and all industry participants have a vital role to play in addressing the regulatory gaps that exist in our payments system, and we stand ready to assist in that effort.”