Stores push banks for new credit card technology

Retail stores want Congress’s help to convince financial institutions to switch to new types of credit and debit cards that make it harder to commit fraudulent charges.

In a letter to lawmakers on Wednesday, National Retail Federation chief executive Matthew Shay wrote that members of the trade group “are committed to combating” thefts of customers’ financial data like recent hacks at Target and Neiman Marcus, but need banks' help.

The trade group wants current debit and credit cards to be replaced with more secure versions that store data in an embedded microchip and require people to enter a PIN number rather than sign for purchases. Current card technology dates back to the 1960s, the group noted, and could be easy to hack.


“For years, banks have continued to issue fraud-prone magnetic stripe cards to U.S. customers, putting sensitive financial information at risk while simultaneously touting the security benefits of next-generation ‘PIN and Chip’ card technology for customers in Europe and dozens of other markets,” Shay wrote in the letter to legislators in both chambers of Congress.

“Only by working together will consumers’ financial data be protected from criminals. That is why it is time for our partners in the card industry to invest in next generation technology to secure sensitive bank card data."

Financial institutions have urged retailers to strengthen their security standards.

After data breaches, banks and credit unions have to pay to issue new cards, which can be a heavy expense. A national credit union trade group said on Wednesday the Target hack had cost credit unions as much as $30 million. 

Data breaches cost companies of all stripes more than $11 billion in 2012, according to the National Retail Federation.

Shay also asked lawmakers to support a federal cybersecurity bill that would make it easier for businesses to share information about threats and help police investigate cyber crimes.

Additionally, Congress needs to pass a single law laying out how businesses should notify their customers after a hack, Shay wrote. That would replace the mixed set of laws that exist in 46 states and the District of Columbia.  

“A preemptive federal breach notification law would allow retailers to focus their resources on complying with one single law and enable consumers to know their rights, regardless of where they live,” he wrote.