To paraphrase the old adage, security breaches make for not-so-strange bedfellows. After weeks of sniping, counter-charges and complaints about lack of cooperation in the wake of the Target and Neiman Marcus card breaches as to whether banks or retailers should shoulder most of the responsibility for responding to payments fraud, 13 financial services and merchant trade groups have announced a new cybersecurity partnership. According to the participants, the partnership will "focus on exploring paths to increased information sharing, better card security technology, and maintaining the trust of customers."
The Financial Services Roundtable (FSR) and the Retail Industry Leaders Association (RILA) initiated talks about the partnership and were joined by the American Bankers Association (ABA), the American Hotel & Lodging Association (AH&LA), The Clearing House (TCH), the Consumer Bankers Association (CBA), the Food Marketing Institute (FMI), Independent Community Bankers of America (ICBA), the International Council of Shopping Centers (ICSC), the National Associations of Convenience Stores (NACS), the National Grocers Association (NGA), the National Restaurant Association (NRA), and the National Retail Federation (NRF).
According to Frank Keating, president and CEO of the ABA, "This is a positive first step toward addressing a complicated set of concerns shared by everyone involved in payments. With all stakeholders at the table -- including community banks, large banks, networks and retailers -- we have a real opportunity to find solutions and continuing opportunities to meet the threats posed by cyber thieves."
The partnership reportedly will encourage collaboration across the industries, focused on the following three principles, outlined in a press release issued by the participating trade groups:
Information sharing is paramount to warding off cyber attacks and protecting data. We are stronger together than divided and must warn each other about cyber threats being waged against all our defenses. The financial services industry has a robust information-sharing mechanism through the Financial Services Information Sharing and Analysis Center (FS-ISAC) that could serve as a forum or model for further information sharing across sectors.
Other innovative technologies must be implemented, such as systems that will transmit payment data in a way that is unique and dynamic to reduce the risks. Ongoing innovation will be needed to outpace the threats.
We must forge partnerships among all stakeholders of the payments ecosystem to collaborate on long-term, comprehensive solutions to the threats that are growing to card-not-present situations and the mobile environment.
"We are committed to working together to ensure customer personal and financial information is secure and protected," added Tim Pawlenty, CEO of FSR, in the press release. "Exploring avenues for increased information sharing and collaborating on innovative technologies and safeguarding data will be critical in defending against common enemies."
[The FSR's Tim Pawlenty talks cybersecurity in an exclusive Q&A]
"Cybercriminals are becoming more sophisticated, and recent events underscore the urgency to update the payments system and protect customers against recent and future threats," added James Aramanda, President and CEO of The Clearing House Association and Payments Company, in the group statement. "Customers deserve a proactive approach -- like the Secure Cloud tokenization initiative to protect consumer credentials that The Clearing House and its owner banks have undertaken -- by banks and retailers alike to address these real and evolving threats."
Noted Richard Hunt, the CBA's president and CEO, "Customers are counting on everyone to keep their data safe and secure. It's critical to recognize that the real enemy here is the hacker." And ICBA president and CEO Camden R. Fine noted, "Data protection is a shared responsibility of everyone involved in the payments processing chain. Consumer confidence in the payments system is vital for retailers, networks, processors, telecom providers, and card issuers and is at the heart of the customer-bank relationship."
From the retailer perspective, Sandy Kennedy, president of RILA, said, "This partnership will improve collaboration across the payments ecosystem allowing us to work together to develop near- and long-term solutions that will enhance security for our customers." Also sounding the collaboration theme was Jennifer Platt, VP of Federal Operations at ICSC, who said, "The solution needs to be through cooperation. We hope that this partnership will be a constructive step in helping to create a pathway to improved consumer confidence"; and Henry Armour, president and CEO of NACS: "Everyone, from the smallest to the largest businesses, has an interest in keeping our customers' payment data secure."
Added Matt Shay, president and CEO of NRF, "This partnership is a positive step in the right direction, since there is no single solution to the complex issues surrounding cyber security. That is why it is important to bring stakeholders together as we seek answers, share solutions and implement programs that not only prevent hackers from breaching data systems, but protects the consumer by shutting down these criminal enterprises."