Losing the Battle – and the War – Against Data Breaches

Recently the war between the retailers and bankers seems to be heating back up. Tension began years ago over the Durbin Amendment to the Dodd-Frank Act that forced the Federal Reserve Bank to set price rates for debit card interchange payments. When the Federal Reserve did set those rates, the retailers sued, claiming that rates were not set low enough. The Federal Reserve was successful in defending its decision. The retail industry and its biggest legislative fan, Democratic Sen. Dick Durbin of Illinois, are constantly picking at the scab over that loss.

That was followed by large data breaches at a variety of retailers over the past several years. Today the retailers are advocating for requirements that chip-embedded cards and PIN verifications be utilized for all transactions. Two concerns about this are missing from these self-serving arguments. First is that these are transaction safety guards. The huge losses that banks have primarily picked up the tab for have been data breaches into the systems of retailers, not transactions. Let’s get serious and fight the bad guys who are going after identity theft at the root of the data, not at the transaction level.

The second concern is that putting such rules in effect may preclude further research from occurring that could very well be more advanced than the chip and PIN standard. As a matter of fact, there is already much being done on other technologies that could be far more advantageous for all parties. One such advancement is tokenization, which assigns an algorithmic code to each transaction and does not store the card number at the transaction location. This seems to be a much better long-term solution.

However, the retailers are now putting on a full court press with the state attorneys general to send a joint letter to Visa and MasterCard to change their rules to require chip and PIN technology. I believe that this is tantamount to putting a Band-Aid on a six-inch knife wound. It may help a tiny bit, but it won’t close the wound. On Monday, the IBA partnered with the Indiana Credit Union League to submit a letter to Indiana Attorney General Greg Zoeller to share our views on several mischaracterizations being purported by advocates for the chip and PIN requirements.

As I have stated in the past, it is long past time that we argue about this with each other. Business, government and academia need to work together to foil the efforts of these modern-day thieves. The thieves are working full-time every day to steal information that they can sell to other bad people or to unethical governments, which use the information for ill-gotten gain. We have to face the fact that the cost of fighting this war is going to be very high for all of us. But much like the war on terrorism, we simply have to win it, whatever the cost.

In the meantime, the retailers keep picking these street fights, instead of joining with banks, government and academia to fight the war. Their distraction is preventing us from collectively finding real solutions to bring us all to victory.

– S. Joe DeHaven

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: