Retailers, Bankers Haggle Over Blame for Data Breaches

Share this content:
The breach battle's on. Bank on it.
The breach battle's on. Bank on it.

Retailers and bankers traded jabs through their trade associations this week, each blaming the other for data breaches that occurred at Target and Neiman Marcus.

On Tuesday the National Retail Federation sent a letter to House Speaker John Boehnert (R-OH) and Senate Majority Leader Harry Reid (D-NV) urging passage of a cyber-security law and implementation of PIN and chip technology to avert future breaches such as the ones that affected an estimated 110 million shoppers at Target and one million customer of Neiman Marcus. In so doing, NRF placed the blame squarely on the shoulders of financial institutions.

“For years banks have continued to issue fraud-prone magnetic stripe cards to U.S. customers, putting sensitive financial information at risk while simultaneously touting the security benefits of next generation PIN and chip card technology,” charged the letter, which called for card-issuers to invest in technology to “secure sensitive bank card data.”

In return, the Independent Community Bankers of America expressed “shock and outrage” over the retailers' assertions. “The NRF should focus its attention on responding to the harm that security breaches at several retailers have done to consumers and their financial institutions rather than hurling false allegations blaming the banking industry for these retail breaches,” ICBA President and CEO Camden R. Fine said in the statement. “Retailers and their processors—not banks—are responsible for the systems in their stores that process payment cards.”

ICBA had earlier sent letters to members of Congress, urging that liability for such data breaches should be assigned to the party responsible for compromising consumer information, “be it a retailer, data broker, financial institution, or other entity.” The NRF's letter prompted ICBA's riposte, which essentially clarified its position that, in the cases of Target and Neiman Marcus, bankers felt that retailers were the guilty party.

The bankers are on the right track, according to the leader of a nonprofit that seeks to create best practices for data security and privacy. “I don't want to point a finger at Target, but there were questions about their customer data leaking and even their email lists,” says Craig Spiezle, president of the Online Trust Alliance (OTA). “It's very much one of the principles of security that different data sets should be isolated from one another. Something had to have happened, like a rogue employee for instance, for all that customer data to get out.”

OTA backers include such organizations as Epsilon, Microsoft, PayPal, Responsys,Return Path, and Symantec.

Retailers are sensitive to this issue because the cost to them is substantial. Financial institutions do not charge credit card holders for fraudulent purchases made with stolen cards, but somebody has the pay the bill, and that ends up being retailers, which are hit by the banks with what are called “chargebacks.”

The PIN and chip credit card system, otherwise known as EMV (Eurocard, Mastercard, Visa), is an accepted global security standard in which purchasers insert their cards into readers and input a personal ID number before the transaction can go through. Financial institutions have charged retailers with installing PIN and chip technology by the end of 2015. Those who do not comply will be liable for chargebacks.

Spiezle and the OTA hold that both parties in the transaction have a shared responsibility to protect the sanctity of their own first-party customer data. “It's not the time for finger pointing; it's time for stepping up to the plate and doing risk assessment on how to avert fraud,” Spiezle says. “Cyber criminals are tenacious and innovative. They're looking at these industries fighting with each other and they're enjoying it.”

The OTA this week released its free 2014 Data Protection & Breach Readiness Guide, which notes that 30% of the biggest data breaches occurred last year and that 89% of them could have been avoided with proper planning and controls.


Next Article in Privacy

Sign up to our newsletters

Company of the Week

We recently were named B2B Magazine's Direct Marketing Agency of the Year, and with good reason: We make real, measureable, positive change happen for our clients. A full-service agency founded in 1974, Bader Rutter expertly helps you get the right message to the right audience at the right time through the right channels. As we engage our clients' audiences along their journey, direct marketing (email, direct mail, phone, SMS) and behavioral marketing (SEM, retargeting, contextual) channels deliver information relevant to the needs of each stage. We are experts at implementing and leveraging marketing technologies such as CRM and marketing automation in order to synchronize sales and marketing communications. Our team of architects and activators plan, execute, measure and adjust in real time to ensure the strategy is working as needed and change things if it's not.

Find out more here »

Career Center

Check out hundreds of exciting professional opportunities available on DMN's Career Center.  
Explore careers in digital marketing, sales, eCommerce, marketing communications, IT, data strategies, and much more. And don't forget to update your resume so employers can contact you privately about job opportunities.

>>Click Here

Relive the 2017 Marketing Hall of Femme

Click the image above