In last week’s blog, I wrote about cybersecurity issues and shared that, in my 40+ years of working in the banking business, nothing has been scarier. The day after that blog post, a new group called the Merchant-Financial Cyber Partnership (MFCP) issued a letter to Congress in support of legislation that modifies constraints to improve information sharing, enables existing efforts through flexible mechanisms, provides liability protections for sharing, promotes government funding for research, updates the criminal code and enhances law enforcement abilities to fight cybercrime. The creation of MFCP is significant, because it represents a collaboration between the banking and retailing businesses. The co-chairs of MFCP signed the letter to Congress; those co-chairs are the CEO of the Financial Services Roundtable and the president of the Retail Industry Leaders Association ‒ organizations which historically have pointed fingers at each other regarding data breaches.
Finally, however, both industries recognize that they have more to lose than gain by holding onto the rhetoric of blaming each other for the problem. The reality is that neither is the cause of the problem, but both have a responsibility for helping to resolve it. Until that time occurs, both industries will continue to pay a heavy cost, as cybercrime continues to escalate. Therefore, despite the vitriol that has spewed between bankers and retailers on this issue and others, it is encouraging that these two important industries are starting to work together to go after the actual source of the problems.
The MFCP also released plans to address information sharing, cyberrisk mitigation, card and card-not-present security technology, and legislation. Success on these fronts would benefit both industries going forward. These principles encompass reaching formal agreements for information sharing and communicating them to both industries, developing and communicating breach notification procedures around the National Institute of Standards and Technology (NIST) framework, promoting more collaboration between the two industries in developing principles for protecting the system, and then sharing the results of all of this work with Congress, as it prepares legislation.
The MFCP partnership was formed earlier this year. Its members include seven financial associations; 11 merchant groups; and executives from the financial industry, card providers and retailers. While it is doubtful that the establishment of this organization will stop all of the sniping between bankers and retailers, it is a step in the right direction. Cyberthreats will continue to escalate, as more and more data becomes discoverable through new uses of cybercrime. Having all hands on deck to fight cyberthieves ‒ instead of each other ‒ is paramount to resolving these issues.
There will remain inequities in the system as to covering losses and expenses that result when thefts occur. Bankers will continue to believe that they should not be responsible for the losses caused by others. Retailers will continue to believe that bankers should create an impenetrable system for transacting electronic information. Regardless of those disagreements, it is a sign of progress that these two industry giants are working together to fight the real culprits.
– S. Joe DeHaven