Wal-Mart Stores Inc., the world’s largest retailer, says it has 1,000 stores ready for a transformative change in credit card technology and plans to have the rest of their U.S. stores ready by the end of 2014.
An official with the National Retail Federation told a congressional panel Wednesday (April 16) that the retail industry is committed to safeguarding and protecting consumer data and information from highly-motivated and sophisticated cybercriminals and hackers.
“Retailers make significant investments every year in order to protect [consumer] data,” NRF Vice President Tom Litchford said during his testimony. “Collectively, retailers spend billions of dollars annually to safeguard data and fight fraud, as well as hundreds of millions annually on credit card security compliance.”
Litchford testified before a field hearing of the House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies, where he outlined specific steps that the nation’s retailers are pursuing and implementing to identify, prevent and combat cyberattacks.
He described NRF’s support for immediately transitioning away from fraud-prone credit cards that utilize 1960s technology (magnetic-stripe and signature) to more advanced and secure cards that incorporate a Personal Identification Number or PIN, or Chip and PIN cards that include a computer microchip.
PIN-based cards, along with data encryption and tokenization, would help prevent cybercriminals from monetizing consumer financial information and provide better fraud protection for retailers, banks and consumers than proprietary Europay, MasterCard and Visa or EMV technology that does not require the use of a PIN.
“Chip and PIN technology dramatically reduces the value of any stolen ‘breached’ data for in-store purchases because the payment card data is essentially rendered worthless to criminals,” Litchford said. “The failure of U.S. card networks and banks to adopt such a system in the United States is one reason why cyberattacks on brick-and-mortar retailers have increased.”
Wal-Mart told The City Wire that it has long supported the adoption of chip and pin technology within the United States.
“We have 1,000 stores with terminals equipped for pin and chip transactions, we will have the rest of our stores equipped by the end of this year. We are glad to see this discussion taking place. The rest of the world is already using this technology and we think it’s past time for card issuers to adopt this technology in the U.S.,” said Brooke Buchanan, spokeswoman for Wal-Mart Stores Inc.
The nation’s retailers are pursuing the establishment of a Retail Information Sharing and Analysis Center, or Retail ISAC, that would provide retailers and merchants with actionable and timely threat intelligence to help identify and mitigate cyber risks.
Litchford said the development of the Retail ISAC is in the final stages of planning for the establishment of the technological and operational infrastructure to support a secure portal through which members can share information.
“NRF’s goal is to allow credentialed [Retail ISAC] members to share information of varying levels of sensitivity anonymously, thus allowing the Retail ISAC to act as a repository of critical threat, vulnerability and incident information that is sourced from various members and outside organizations, and to facilitate peer-to-peer collaboration with the sharing of risk mitigation best practices and cybersecurity research papers.”
Acknowledging that there is no silver bullet to combating cybercrime, NRF called on Congress to support the retail industry’s efforts on data security and cybersecurity by passing the Cyber Intelligence Sharing and Protection Act (H.R. 624), or CISPA, which would further encourage businesses and retailers to share information across sectors on cyber threats in real time.