Retail spearheads anti-cybercrime efforts

Regrettably, the banking industry frequently engages in finger-pointing and blame-shifting
Nancy C. Kyle,

With cybercrime looming as an ever-present threat, everyone involved in commerce has a vested interest in protecting our customer data. This includes credit and debit card companies, card-issuing financial institutions and retail outlets where cards are used every day.

Unfortunately, cybersecurity risks exist at all stages of the payment card transaction process. Recent high-profile breaches highlight the increased sophistication and coordination of these attacks, and merchants across the country are stepping up efforts to make customer information more secure.

Financial institutions, however, are at significant risk as well, as evidenced by other recent hacking incursions at JPMorgan Chase and Fidelity Investments. In fact, a study by Verizon found that over one-third of all data-loss incidents last year were perpetrated against financial institutions.

This shared danger is precisely why card companies, retailers and banks of all sizes must work together to increase security for customers who use the services we provide. Finger-pointing and blame-shifting is unnecessary and counterproductive.

Regrettably, that is what the banking industry frequently engages in.

Retailers share in the financial liability according to contractually agreed-upon formulas worked out between the card companies and issuers. Under MasterCard's rules, for instance, retailers reimburse small financial institutions for fraud losses incurred on standard magnetic-stripe cards at a rate of $2.69 per card. Institutions issuing Visa cards operate under similar reimbursement agreements.

A 2013 study of debit card fraud by the Federal Reserve Board found that retailers and issuing institutions actually shouldered relatively equals shares of losses brought on by cyber attacks.

The magnetic-stripe cards issued by most institutions in the U.S., and which are thus used by most American consumers, are themselves part of the problem.

The New Hampshire Bankers Association recently declared that while banks "are largely successful in fending off cyber attacks," they are hampered because "there is no similar protection at the retail level."

Putting aside the justifiable concerns likely felt by JPMorgan and Fidelity customers over their institutions' ability to "fend off" attacks, the suggestion that merchants have no interest in additional customer protections is as blind as it is inaccurate.

Retailers have spearheaded efforts to adopt chip-and-PIN payment card technology in the United States. Already in use in every other G-20 nation, chip-and-PIN cards replace the 1960s vintage magnetic stripes with a microchip. In addition, customers are given the extra security of a personal identification number to enter when making purchases.

Chip-and-PIN's effectiveness elsewhere is well-documented. It cut United Kingdom card fraud losses by half between 2008 and 2011, and Toronto-Dominion Bank has suggested that chip-and-PIN cards made Canadian Home Depot customers less exposed to damage from that company's recent data breach.

We can easily expect similar success in this country. The Federal Reserve Bank of Kansas City predicts that chip-and-PIN could reduce U.S. card fraud losses by up to 40 percent.

Merchants are eager to embrace this technology and have already taken steps to prepare stores nationwide. It would increase security for customers of banks, card companies and retailers as they do business in the digital age. As such, it is imperative that all of these institutions stop attempting to falsely shift blame for data breaches and fraud loss, and instead work together for the customer's benefit.

Nancy Kyle is president and CEO of the New Hampshire Retail Association.

Categories: Opinion

More news from NHBR: