Data breach prompting ideas for new data security measures
WASHINGTON (AP) — Visa and MasterCard want banks and retailers to work together on securing customer data and stop blaming each other after a massive data breach during the holiday season.
The two payment networks announced Friday that they are bringing together large and small banks, credit unions, retailers, makers of card processing equipment and industry trade groups in a group that aims to strengthen the U.S. payment system for credit and debit cards.
The data breaches affecting Target Corp., the No. 2 U.S. discounter, and luxury retailer Neiman Marcus have shaken consumers' confidence.
An estimated 40 million credit and debit card accounts were affected by the breach at Target. Stolen were customers' names, credit and debit card numbers, card expiration dates, debit-card personal identification numbers and the embedded codes on the cards' magnetic strips. The theft could be the biggest data breach on record for a U.S. retailer.
About 1.1 million Neiman Marcus customer accounts were also affected in a breach last year.
In the wake of the episodes the banking and retailing industries, each armed with lobbying clout, began pointing fingers at each other. Their trade groups peppered lawmakers with letters arguing why the other industry must do more — and spend more — to protect consumers.
The initial focus of the new group will be on banks' adoption of embedded digital chips for storing account information on debit and credit cards. Compared with the current magnetic strips, it's a system that typically makes data theft harder and is common in other countries. While it's not clear whether the chips would have prevented the Target breach, experts say they make it tougher for thieves to make counterfeit cards using stolen credit and debit card numbers.
Many retailers want the chips, but they also want each debit or credit card transaction to require a personal identification number instead of a signature. Experts say it's harder for criminals to steal personal identification numbers than to forge signatures. Some retailers are resisting the switch to PINs — planned to take effect by the fall of 2015 — because they'll be forced to buy newer, more expensive card readers.
Both chips and PINs are needed to ensure the security of customer data, said National Retail Federation President and General Counsel Mallory Duncan in a statement.
The new group will also look at other security ideas, such as using one-time numbers to add a layer of security to online sales, and better encryption.
MasterCard spokesman Seth Eisen declined Friday to provide the names of banks, retailers and other prospective participants, saying the group's formation was at an early stage.
Business Writer Josh Freed contributed to this report.