The National Retail Federation (NRF) expressed to a congressional panel that the retail industry is committed to safeguarding and protecting consumer data and information from highly-motivated and sophisticated cybercriminals and hackers. “Retailers mak e significant investments every year in order to protect [consumer] data. Collectively, retailers spend billions of dollars annually to safeguard data and fight fraud, as well as hundreds of millions annually on [credit card security] compliance,” says NRF vice president for retail technologies Tom Litchford.
He outlined specific steps that the nation’s retailers are pursuing and implementing to identify, prevent and combat cyber-attacks, while stressing on NRF’s steadfast support for immediately transitioning away from fraud-prone credit cards that utilise 1960s technology (magnetic-stripe and signature) to more advanced and secure cards that incorporate a personal identification number (PIN) or Chip and PIN cards that include a computer microchip. PIN-based cards, along with data encryption and tokenisation, would help prevent cybercriminals from monetising consumer financial information and provide better fraud protection for retailers, banks and consumers than proprietary Europay, MasterCard and Visa or EMV technology that does not require the use of a PIN.
Litchford went on to state that the nation’s retailers are pursuing the establishment of a Retail Information Sharing and Analysis Centre, or Retail ISAC, that would provide retailers and merchants (NRF members and non-members) with actionable and timely threat intelligence to help identify and mitigate cyber risks. “The retail industry is in a particularly good position to both benefit from and bring value to information sharing with outside organisations and entities,” states Litchford while describing NRF’s recent interaction with the United States Secret Service, United States Computer Emergency Readiness Team, iSightPartners and the Financial Services ISAC on cyber threats.
“NRF is currently in the planning stages with respect to a final step in the development of the Retail ISAC – the establishment of the technological and operational infrastructure to support a secure portal through which members can share information. “NRF’s goal is to allow credentialed [Retail ISAC] members to share information of varying levels of sensitivity anonymously, thus allowing the Retail ISAC to act as a repository of critical threat, vulnerability and incident information that is sourced from various members and outside organisations, and to facilitate peer-to-peer collaboration with the sharing of risk mitigation best practices and cybersecurity research papers,” adds Litchford.
Acknowledging that there is no silver bullet to combating cybercrime, NRF called on Congress to support the retail industry’s efforts on data security and cybersecurity by passing the Cyber Intelligence Sharing and Protection Act (H.R. 624) or CISPA, which would further encourage businesses and retailers to share information across sectors on cyber threats in real time.