Skip to main content

NRF to Banks and Congress: Beef Up Security for Cyber Pay Systems

In the wake of recent security breaches at major U.S. retailers, including Target, Nordstrom’s and Michaels, the National Retail Federation (NRF) asked Congress and banks to upgrade credit and debit card security.

With the U.S. enduring recent cyber attacks from domestic and foreign criminals and even national governments, new technologically-advanced safety measures are urgently required, according to NRF senior vice president and general council Mallory Duncan.

Duncan testified recently before a subcommittee of the Senate Banking, Housing and Urban Affairs Committee conducting hearings on data security.

Not only are retailers vulnerable, said Duncan, but also financial institutions, public utilities, and any business using credit or debit card payment systems.

“Rather than resort to blame and shame, the parties should work together to ensure that the data breach is remedied and steps are taken to prevent and mitigate future breaches,” Duncan said in his testimony, some of which was released in written form to print and online media in advance of his appearance before the subcommittee.

“Retailers take the increasing incidence of payment card fraud very seriously,” Duncan said.

“We have every reason to want to see fraud reduced, but we have only a portion of the ability to make that happen. We did not design the [payment] system, we do not configure the cards and we do not issue the cards. We will work to effectively upgrade the system but we cannot do it alone.”

Duncan urged banks to replace outdated magnetic strip cards with new, embedded microchips that can store encrypted data that only allow access with a Personal Identification Number.

Currently, consumer data is at risk because forged signatures can be used with credit and debit cards.

A first step toward resolving the security threats, said Duncan, would be for Congress to pass the Cyber Intelligence Sharing and Protection Act.

The proposed legislation would facilitate the sharing of information on cyber threats and requires that cyber crimes be investigated and perpetrators prosecuted.