Banks and America's big retailers are locked in a debate over the massive breach of millions of consumers' data that gripped Target Corp. during the holiday season. At issue: Which industry bears more responsibility for protecting consumers' personal information?
The retailers' argument: Banks must upgrade the security technology for the credit and debit cards they issue. The banks' counterargument: Newer electronic-chip technology wouldn't have prevented the Target breach. And retailers must tighten their own security systems for processing card payments.
An estimated 40 million credit and debit card accounts were affected by the Target breach, which occurred between Nov. 27 and Dec. 15. Stolen were customers' names, credit and debit card numbers, card expiration dates, debit-card personal identification numbers and the embedded codes on the cards' magnetic strips.
Also stolen was non-card personal information -- names, phone numbers and email and mailing addresses -- for up to 70 million Target customers who could have shopped before or after the Nov. 27-Dec. 15 period.
The Target theft could prove to be the biggest data breach on record for a U.S. retailer. Minneapolis-based Target, the No. 2 U.S. discounter, has acknowledged that news of the breach has scared some shoppers away. The company last month cut its earnings outlook for its fourth quarter, which covers the crucial holiday season. It warned that sales would be down for the period.
The two industries are pointing fingers at each other. Each has considerable lobbying might. Their trade groups have been bombarding lawmakers with letters arguing why the other industry must do more -- and spend more -- to protect consumers.
"Nearly every retailer security breach in recent memory has revealed some violation of industry security agreements," the Independent Community Bankers argued last month. "In some cases, retailers haven't even had technology in place to alert them to the breach intrusion, and third parties like banks have had to notify the retailers that their information has been compromised."
The National Retail Federation has fired back:
Retailers must accept "fraud-prone cards" issued by banks that are attractive to thieves, the federation's general counsel testified at a Senate subcommittee hearing Monday. "Unlike the rest of the world, the U.S. cards still use a signature and magnetic stripe for authentication."
Their antagonism aside, the two sides agree on one point: That Congress should create a national standard for notifying consumers of any data breaches. A uniform standard would replace the current hodgepodge of state guidelines. (continued...)
© 2014 Associated Press under contract with YellowBrix. All rights reserved.
Posted: 2014-02-11 @ 9:07am PT
@Ken D: That would be nice!
Posted: 2014-02-11 @ 9:06am PT
Here's a novel idea...
How about the retailers and the banks *work together* to come up with sound security measures?