Fight Over Data Breach Management Heats Up Between Banking, Retail Groups

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://associationsnow.com/2015/01/data-security-fight-heats-banking-retail-groups/

If you think soap opera relationships are complicated, take a crack at
following how the retail and banking industries are getting along these
days.

The relationship runs hot and cold, with examples of both conflict and
cooperation on the critical question of how credit card data breaches
should be handled—from who foots the billwhen breaches occur to what
measures should be put in place to prevent them.

In the latest development last week, retail trade groups fired back against
what they called a misleading survey released by the Independent Community
Bankers of America, which alleged that banks are being forced to “absorb
exorbitant costs” because of data breaches suffered by retailers. In a
statement on the survey, ICBA said that after the Home Depot data breach
last year, community banks had to reissue some 7.5 million credit and debit
cards at a cost of around $90 million.

“We continue to advocate that the costs associated with data breaches be
borne by the party that experiences the breach,” ICBA Chairman John
Buhrmaster said in the statement. “Communities and customers should not
suffer for the faults of retailers.”

In a letter to ICBA President and CEO Camden Fine, several retail trade
groups—including the Retail Industry Leaders Association (RILA), National
Retail Federation, and National Restaurant Association—said the ICBA
statement contained many “inaccuracies and misrepresentations.”

“ICBA cannot simply dismiss data breaches as a retail problem and refuse to
recognize the risk to financial institutions—to do so would be a disservice
to your members,” the retail groups said in the letter.

Citing a 2013 Federal Reserve study on debit card fraud, they noted that
retailers bear an equal or greater cost of recovery after a data breach.

FINDING COMMON GROUND

It’s not all doom and gloom between banks and retailers, though. The two
sides have come together on multiple occasions. Last year, they formed a
coalition aimed at tackling cybersecurity issues. In November, that
coalition sent a letter to Congress asking lawmakers to pass uniform
data-breach notification legislation. And just last month the coalition
outlined eight stepsthat the two industries can take to strengthen the
security of the payments system.

Members of the coalition, which includes 250 senior executives from both
industries, have met nearly 50 times, called on dozens of experts, reached
a consensus on major policy issues, and participated in the 2014
Merchant-Financial Services Cybersecurity Summit.

“This partnership has been invaluable in ensuring the entire payments
system, and key stakeholders are working together to combat cyber attacks,”
said Sandy Kennedy, cochair of the partnership and president of RILA. “It
is imperative that our two industries continue to learn from each other in
this fight and work together in order to maintain the trust of our
customers and collaboratively improve overall security.”

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!