NRF Proposes Achievable Solutions to Address Cyber Security Threats

The National Retail Federation today presented Congress with practical, commonsense and achievable solutions to better protect consumers and help businesses prevent cyber attacks and data breaches.

“We should not be satisfied with simply determining what to do after a data breach occurs,” NRF Senior Vice President for Government Relations David French said. “Instead, it is important to look at why such breaches occur and what the perpetrators get out of them so that we can find ways to reduce and prevent not only the breaches themselves but the follow-on harm.”

French outlined six proposed solutions during his testimony before the House Oversight and Government Reform Committee’s Subcommittee on Information Technology including:

  • Expanding consumer liability protection for using debit cards;
  • Issuance of PIN-and-Chip cards that incorporate both computer microchips and use of a personal identification number (PIN) to authenticate a transaction;
  • Adoption of end-to-end data encryption throughout the payments system;
  • Developing open source, competitive tokenization standards to replace sensitive data with unique and unusable tokens;
  • Passage of a uniform nationwide breach notification law applying to all entities that handle sensitive customer information, and
  • Bolstering federal law enforcement investigation and prosecution of cybercriminals.

NRF’s recommendations were first proposed in an open letter to President Obama published in advance of the White House Summit on Cybersecurity and Consumer Protection last month.

“These are proposals that we believe policy makers can work together to achieve in the near term, either through consumer and industry-supported legislation or by working with the private sector on improving security practices outside of the lawmaking process,” French said.

In his testimony, French also reiterated NRF’s opposition to legislative efforts to impose on retailers, merchants and other nonbank businesses and individuals, the same Gramm-Leach-Bliley Act (GLBA) data security regulations designed for banks

“Without the cooperation of our partners in the financial system, we cannot alone affect the changes necessary to better defend and protect against cyberattacks that lead to payment card fraud,” French said. “We need to work together to do what we can to improve an aging and outdated payment system that is the principal target of cyberattacks affecting U.S. retail businesses and their customers.”

NRF has been leading the retail industry’s efforts on cyber, data and payment security and has been working closely with its members, government officials, law enforcement agencies and other stakeholders to shore-up the retail industry’s defenses against cybercriminals.

NRF is the world’s largest retail trade association, representing discount and department stores, home goods and specialty stores, Main Street merchants, grocers, wholesalers, chain restaurants and Internet retailers from the United States and more than 45 countries. Retail is the nation’s largest private sector employer, supporting one in four U.S. jobs – 42 million working Americans. Contributing $2.6 trillion to annual GDP, retail is a daily barometer for the nation’s economy. NRF’s This is Retail campaign highlights the industry’s opportunities for life-long careers, how retailers strengthen communities, and the critical role that retail plays in driving innovation. NRF.com