Right now, federal policymakers are debating how best to protect consumer data from hackers, a discussion that is long overdue. The House Small Business Committee will convene their second hearing today on the major security upgrade that the financial services industry is bringing to payment cards. Our industry is proud of this upgrade, but more needs to be done, especially by other industries that customers entrust with their personal data. The bottom line: retailers need to focus on protecting their customers’ data before it gets breached.
Unfortunately, some retail trade groups have chosen to fixate on mandating PINs, a static technology that only addresses a small and steadily declining share of fraud, rather than addressing what caused the high profile retail data breaches that compromised millions of Americans’ card accounts. These breaches weren’t caused by petty thieves swiping cards out of wallets – they were caused by organized crime rings exploiting gaps in retailers’ systems. For instance, it was found that hackers could access every cash register of a major national retailer simply by plugging in to their deli meat scales. In another large breach, criminals were able to break into the retailer’s systems through their air conditioning, a breach that allowed credit card information to go to a foreign country over the course of several months.
As we saw in the case of these massive retailer breaches, without standards that ensure the security, confidentiality and integrity of sensitive consumer financial information, all of our privacy is at risk.
The negative consequences of this patchwork system are not lost on consumers. According to an American Bankers Association survey conducted by Ipsos, 78 percent of consumers said lawmakers should hold retailers, banks and other companies involved in the payments system to the same security standards. While it may seem like common sense, it is not currently the case and criminals know it.
Fortunately, bipartisan legislation has already been introduced that takes consumer protection seriously and would significantly improve the current system. The Data Security Act of 2015, introduced by Sens. Tom CarperTom CarperDems blast Trump's policies at Climate March What to know about Trump's national monuments executive order Dems probe claims of religious bias in DHS 'trusted traveler' program MORE (D-Del.) and Roy BluntRoy BluntUnited explains passenger removal to senators Disconnect: Trump, GOP not on same page GOP senator: There will never be full U.S.-Mexico border wall MORE (R-Mo.) and Reps. Randy NeugebauerRandy NeugebauerWarren’s regulatory beast is under fire – and rightfully so Dem senators to Trump: Don't tell consumer bureau chief 'you're fired' Overnight Finance: Carson, Warren battle at hearing | Rumored consumer bureau pick meets Trump | Trump takes credit for Amazon hirings | A big loss for Soros MORE (R-Texas) and John Carney (D-Del.), provides the necessary framework for better security throughout the payments ecosystem. It establishes a uniform data security standard nationwide so that all businesses are held to the same high standard for consumer protection, underscoring that everybody must play a part in safeguarding consumer data.
Importantly, the bill also recognizes that no single technology can eliminate fraud, and that requiring a specific security feature would inhibit the private sector’s ability to innovate new technologies capable of thwarting sophisticated hackers. The U.S. is now the leader in chip cards and other advanced innovations, such as biometrics and tokenization technologies like Apple Pay, are being introduced to prevent emerging threats.
Now it’s time to turn our attention to what is needed to create the tough security infrastructure consumers deserve: a national standard for how businesses of all sizes must safeguard sensitive financial data.
Keating, former Republican governor of Oklahoma, is president and CEO of the American Bankers Association.