The retail and financial industries are laying down their swords to come together on a new initiative to combat cyber crime.
The two sectors have repeatedly sparred in the past, but when it comes to preventing people from hacking into financial data, “you can’t really make it better or improve it unless you look at it comprehensively,” said Tim Pawlenty, chief executive of the Financial Services Roundtable.
“That involves a whole series of stakeholders, and we need to work together constructively to improve it. And this partnership is designed to try to bring people together to focus on the things we can agree on,” added Pawlenty, the former Minnesota governor and Republican presidential candidate.
Recent data breaches at major stores like Target and Neiman Marcus have exposed tens of millions of Americans' financial data and heightened concerns about security at the series of stores, card companies, banks and other businesses that handle shoppers’ information.
In the past, banks and retailers have traded jabs over "swipe fees," as well as the development of new credit cards that come with a microchip instead of a magnetic stripe.
The working group will look at new, safer payment technologies, but the chip-based cards aren't likely to be a central focus, according to Brian Dodge, a senior vice president at the Retail Industry Leaders Association.
“There’s a range of technologies that this group is going to talk about,” Dodge, whose trade group counts Target, CVS and The Home Depot among its members, told The Hill.
“We want to make sure that we’re moving quickly to resolve or identify and quickly move forward on solutions that are easy to implement.”
One way Congress can get involved is to pass a federal law outlining how companies should notify customers if their data may have been threatened by a data breach, industry groups and consumer advocates alike have said. Dozens of states currently have some type of law on their books, but businesses have said a single law would make it easier on large stores.
“I think all of us have, in one way or another, called for a federal data breach notification law,” Dodge said.
“I think that is certainly a place where we all agree that the patchwork of 47 state laws doesn’t work particularly well, nor is it particularly efficient for the purposes that they want to accomplish.”
Dodge added that the government could play a role in helping to share information across industries and between businesses and federal agencies.
On Wednesday, the Obama administration released a highly anticipated set of voluntary cybersecurity standards to help private businesses ward off cyberattacks. The framework from the Commerce Department’s National Institute of Standards and Technology was specifically designed to protect critical infrastructure.
Still, Pawlenty said that the administration's effort would be “a good reference” for the finance and retail industry collaboration.