Retailers Propose Achievable Solutions To Address Cybersecurity Threats

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.retailsolutionsonline.com/doc/retailers-propose-achievable-solutions-to-address-cybersecurity-threats-0001

Retailers are understandably concerned about the state of cybersecurity, in
light of the rash of major breaches that have costs the industry millions
of dollars. Now, they are supporting actions to help guarantee the safety
of customer information and reduce the impact of breaches on retailers.

During testimony before the House Oversight and Government Reform
Committee’s Subcommittee on Information Technology, NRF Senior Vice
President for Government Relations David French offered practical,
commonsense and achievable solutions to better protect consumers and help
businesses prevent cyberattacks and data breaches.

The NRF first proposed its recommendations in an open letter to President
Obama last month.

“We should not be satisfied with simply determining what to do after a data
breach occurs,” French said. “Instead, it is important to look at why such
breaches occur and what the perpetrators get out of them so that we can
find ways to reduce and prevent not only the breaches themselves but the
follow-on harm.”

In his testimony, French outlined six proposed solutions.  They included:

- Expanding consumer liability protection for using debit cards;
- Issuance of PIN-and-Chip cards that incorporate both computer microchips
and use of a personal identification number (PIN) to authenticate a
transaction;
- Adoption of end-to-end data encryption throughout the payments system;
- Developing open source, competitive tokenization standards to replace
sensitive data with unique and unusable tokens;
- Passage of a uniform nationwide breach notification law applying to all
entities that handle sensitive customer information, and
- Bolstering federal law enforcement investigation and prosecution of
cybercriminals.

One piece of the NRF’s proposed solution has taken a step forward, as the
Data Security and Breach Notification Actis on its way to the House Energy
and Commerce Committee for consideration on April 15, after being approved
byvoice vote by the subcommittee last week.

The measure would require companies to maintain “reasonable” security
practices, and inform all potentially affected customers within 30 days of
a breach.  Violation of the bill would subject companies to enforcement and
censure by the Federal Trade Commission (FTC).

“We are one step closer to enactment of an effective and uniform national
standard for data breach notification,”NRF Senior Vice President for
Government Relations David French said. “In that vein, we are particularly
pleased that the Subcommittee approved the amendment offered by Rep.
Pompeo, and supported by Rep. Peter Welch, D-Vt., which will close
third-party notice holes. Thanks to the Pompeo Amendment, consumers will
receive more effective notification about breaches and, most importantly,
businesses will be incentivized to enhance their data security practices.

“As we highlighted in our testimony before the Subcommittee last week, the
retail industry supports a strong and effective data breach notification
law that would enhance consumer protections and provide a uniform data
breach notification standard for all businesses and firms handling
sensitive customer data with equal or equivalent requirements and
obligations.”

The NRF has been collaborating diligently with government officials, law
enforcement agencies, and other stakeholders to find appropriate and timely
solutions to data and payment security to shore-up the retail industry’s
defenses against cybercriminals.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!