“Retailers have taken extraordinary steps in the past year to combat cybercrime and protect our customers from the impact of data breaches and other cyber-attacks,” says vice president for privacy and cybersecurity.
The Retail Industry Leaders Association (RILA) applauded House passage of two pieces of legislation designed to strengthen the ability of law enforcement and the private sector to work together to address the growing threat of cybercrime.
The Protecting Cyber Networks Act (HR 1560), which passed yesterday, and the National Cybersecurity Protection Advancement Act (HR 1731) which passed today, encourage businesses to share cyber threat information electronically with federal law enforcement agencies, making it easier to track and guard against cyber-attacks.
“Retailers have taken extraordinary steps in the past year to combat cybercrime and protect our customers from the impact of data breaches and other cyber-attacks,” said Nicholas Ahrens, vice president for privacy and cybersecurity. “Passage of House cyber information sharing legislation is a strong first step toward enacting meaningful government reforms that complement our own efforts to defend against the threat posed by cyber thieves and hackers.”
Both bills drew strong bipartisan support and now await Senate action on similar legislation, expected in May.
Retailers view cyber threat information sharing as critical to protecting businesses from cyber-attacks, which is why last year, RILA, in partnership with its member companies, established the Retail Cyber Intelligence Sharing Center (R-CISC). The R-CISC has opened a steady flow of information sharing between retailers, law enforcement and other relevant stakeholders. These efforts have helped retailers establish trusted sharing relationships, prevented data breaches, protected millions of American customers and saved millions of dollars.
While supporting federal legislation making it easier to work with federal law enforcement, retailers have taken many additional steps over the past year to guard against cyber threats. Below is a summary of events and actions taken by the industry.
Retailers Lead in Cybersecurity Efforts
Over the past year the retail industry has led efforts to enhance cyber security and data security, starting with a massive investment in our stores.
Retailers are investing $8.65 billion to upgrade payment terminals. New technology about to be deployed by credit card companies will require U.S. consumers to carry a new kind of card and retailers across the nation to upgrade payment terminals. (“Costly Shift To New Credit Cards Won’t Fix Security Issues,” Reuters, 3/3/15)
Retailers are building cross-industry alliances to work toward solutions that thwart cyber threats.
Financial Services Roundtable is joining forces with the Retail Industry Leaders Association (RILA), the American Bankers Association, the National Restaurant Association, and other trade groups to launch a new working group. Together the industries plan to combine their brain power to fight hackers and work with Congress on any new possible laws. (“Stores, Banks Team Up To Fight Hackers,” The Hill, 2/13/14)
Retailers are leading the fight for “chip-and-PIN” technology, which is the safest technology available today to protect against data breaches and fraud.
A 2013 study by the Federal Reserve found that using PINs in debit card transactions reduced fraud by 700 percent. (“2011 Interchange Fee Revenue, Covered Issuer Costs, And Covered Issuer And Merchant Fraud Losses Related To Debit Card Transactions,” Federal Reserve, 3/5/13)
When defending against cyber-attacks, there are no silver bullets. Instead, strong defenses rely on layers of protections. Widespread migration to Chip-and-PIN is one of those very important layers. Working across the payments ecosystem with merchants, card networks, banks and credit unions, we hope to achieve that goal and build for a more secure future for our shared customer, the American consumer. (“Chip-And-PIN Increases Cybersecurity,” The Hill, 10/21/14)
The retail industry has been at the forefront of cybersecurity – just last month the Retail Cyber Intelligence Sharing Center (R-CISC) launched a portal to speed up its ability to spread information in the face of rapidly escalating attacks on payment and other retail data. Along with making it easier for retailers to report threat information that they uncover, the portal will allow retailers to receive intelligence from law enforcement, government agencies and key partners. It’s also intended to help provide security education and research offerings for retailers. (“Retail’s Cybersecurity Center Adopts Intel-Sharing Portal,” PYMNTS, 3/26/14)
Retailers are working with Congress to craft new data breach and cyber security legislation that will inform and safeguard our customers.
When attacks on consumer information are successful and will cause economic harm, retailers believe that their customers have the right to be notified as promptly as possible. Retailers also believe that they have an obligation to provide customers with information that is as accurate and actionable as possible so that they can take steps to protect themselves. (RILA Outlines Key Elements Of Data Breach Legislation At Congressional Hearing, 1/27/15)
Retailers understand that defense against cyber-attacks must be an ongoing effort, evolving to address the changing nature of the threat. RILA is committed to working with Congress to give law enforcement and retailers the tools necessary to thwart this unprecedented attack on the U.S. economy and bring the fight to cybercriminals around the globe. (RILA Outlines Key Elements Of Data Breach Legislation At Congressional Hearing, 1/27/15)