There is no question that serious action is needed to combat the epidemic of fraud brought about by data breaches.  These have affected millions of Americans, and can have devastating consequences that impact everything from our personal finances to the integrity of our very identities.  Just under half of the population reported being affected by a breach by end of 2014, a sobering statistic that came at the close of a year when data intrusions seemed to dominate the news. 

The fight to keep our personal information safe and stay one step ahead of cyber-criminals remains very much a topic of discussion, but the national conversation is not advanced when major news outlets fail to tell the full story.   


A recent CNNMoney article by Jose Pagliery asked and answered a rhetorical question with its headline: “Why was your credit card number stolen?  Retailers are lazy.”  Pagliery went on to accuse merchants of implementing “lax security” for card payments and being “lazy about protecting” their customers’ personal data, citing newly-released Verizon data on cybersecurity compliance practices.  But perhaps the most notable feature of Pagliery’s report is what he chooses not to include. 

He paints the Verizon analysis – the “2015 PCI [Payment Card Industry] Compliance Report” – as castigating retailers almost exclusively.  This is far from the truth, as Verizon’s own description of their own methodology makes sure to point out.  In fact, they note that only 26 percent of the companies surveyed for their study came from the retail sector, while 30 percent came from the financial services industry.   

Financial institutions are themselves a prime target for cyber-attacks, a fact which is readily acknowledged by Verizon but seems to have escaped the notice of CNNMoney.  Mr. Pagliery’s article mentions the oft-cited Target data breach of 2013 – singling out the retailer as the only company other than Verizon mentioned by name in his article – but ignores last year’s hack at J.P. Morgan Chase, which compromised personal data for more than 80 million accountholders of the nation’s largest bank. 

Indeed, the Verizon report cautions against bias writing, “Looking at the media,” it explains, “it would be easy to conclude that it’s only retailers that are affected by payment card data breaches, but that’s far from the truth … banks, processors, acquirers and card issuers are at risk too.”

America’s retailers are working to better protect everyone’s personal data by preparing the way for a proven security measure: Chip-and-PIN payment cards.  These cards remove the magnetic stripes – which date to the 1960s and have been identified as a source of most U.S. data breaches and replace them with embedded chips.  Also, the easy-to-forge signature is replaced with a Personal Identification Number (PIN).  Chip-and-PIN cards have proven effective at cutting fraud in other countries, and a recent poll indicated that more than 80 percent of Americans are ready for Chip-and-PIN to debut on our shores.  Retailers are leading this transition, spending billions to outfit stores with new Chip-and-PIN-ready card readers. 

In a subsequent report, Mr. Pagliery chose to highlight a prototype card manufactured by Oberthur Technologies which features a “dynamic CVV code,” a constantly randomizing three-digit number displayed in a window on the back of the card.  While innovation in the payment sphere is always welcome, Chip-and-PIN cards have already shown their fraud-fighting prowess around the world.  They could be easily implemented in the United States – like the American people want – if only big banks and card companies would stop being so resistant to change and invest resources in the protection of their own customers.  

A clear path toward better data security will only be discovered as the result of honest conversations.  Retailers are working to ensure their stores and ready for Chip-and-PIN card technology, and big banks need to stop making excuses and give their customers the same level of security that nearly every other G-20 nation already has in place.

Kennedy is the president of the Retail Industry Leaders Association (RILA).