Many times bitten, retailers scramble to prevent another Target-like meltdown

In the wake of devastating data breaches at Target and Neiman Marcus, the nation's largest retailers have launched an initiative to enhance their existing cybersecurity technologies and policies. But will it be enough?


If you were one of 120 million or more people who shopped at Target, Neiman Marcus or as many as a dozen other popular retail stores last month, there's a pretty good chance that your credit card or banking information was compromised by a highly organized band of Russian cyberthieves.

The frequency and sophistication of these retail data breaches have escalated to such a degree that last week the FBI sent leading US retailers a confidential report warning that point-of-sale malware similar to the type used to snare data from Target and Neiman Marcus registers is starting to pop up all over the place.

Beleaguered and bewildered, the Retail Industry Leaders Association (RILA) on Monday responded to the FBI edict by launching a comprehensive initiative to provide additional safeguards for customers' personal data in the "payment ecosystem."

See also:  There's no hope for our payment systems

"Retailers place extremely high priority on data security and invest tremendous resources to prevent attacks, but cybercriminals are persistent and their methods of attack are increasingly sophisticated," said RILA President Sandy Kennedy. "By working together with public-private sector stakeholders, our ability to develop innovative solutions and anticipate threats will grow, enhancing our collective security and giving customers the service and peace of mind they deserve."

With POS systems connected to the internet, credit card processing and banking networks, some experts believe retailers have little chance of providing completely secure payment systems for their customers.

But RILA isn't giving up and offered up its lastest three-pronged attack on cybercrime:

First, it's forming a leaders council comprised of senior retail executives who will be charged with sharing threat information within the industry and discussing possible security solutions in a trusted forum. It will also lobby Capitol Hill to develop federal data security breach notification legislation to establish a "national baseline."

On the payments security front, RILA is advocating the elimination of the Mag-Stripe technology used on most credit and debit cards. Retailers want it phased out as soon as possible in favor of new technologies already deployed throughout the world including chip-based smart card technology and universal PIN security.

"In the event of a successful cybersecurity breach, the dynamic security features of such technology effectively prevent the use of stolen data," RILA officials said.

It also wants to forge deeper partnerships with other members of the payment cycle – banks, credit card processing firms, etc. – to collaborate on migration to near-term card security enhancements and long-term, comprehensive technologies and policies to prevent criminal activity.

Finally, the trade association believes there's an education element that needs to be improved, too. It wants to work with partners to describe to consumers exactly how data is used to provide the experience shoppers demand without compromising their privacy or financial information.

Even with these proposed improvements, retailers acknowledge that they'll likely only be able to manage the cybercrime plague rather than cure it.

"Enhanced security measures help to thwart attacks, but unfortunately some attacks have been successful and the resulting incidents have affected millions," Kennedy said.

See also: