Congress Continues Data Breach Discussions

NACS statement to Senate says that payment card industry has “consistently put the profits of the companies that control it before good security.”

July 09, 2015

WASHINGTON – Yesterday, the Senate Judiciary Subcommittee on Crime and Terrorism held a hearing, titled “Cyber Crime: Modernizing our Legal Framework for the Information Age,” which examined how to update the nation’s laws so they are more applicable given the Internet’s ability to transcend borders and allow cybercrime to reach around the globe.

NACS submitted a statement for the hearing record  providing the industry’s views on data security efforts in the payment card system and data breaches. In particular, NACS noted that data security standards set for retailers have failed because the Payment Card Industry (PCI) – the entity that sets payment card security standards and is controlled by the card networks – has “consistently put the profits of the companies that control it before good security.”

PIN authentication for cards, for example, is a cheap and effective way to cut payment card fraud. However, even though banks require a PIN to get money from an ATM, the financial industry discourages PIN authentication at retail locations. NACS’ comments also emphasized that any data breach notification legislation must establish a level playing field and require the business that suffers a breach to provide consumer notification — otherwise thieves will exploit security gaps. Overall, however, payment systems were not a focus of the hearing and were hardly mentioned as witnesses and senators talked about cybercrime in general.

Committee members heard from two panels of witnesses, which included representatives from the Justice Department’s Computer Crime Section, the American Bankers Association and computer security firms Rapid7 and Symantec.

Overall, there was a consensus that legislation allowing the sharing of cyber threats is necessary but that additional measures are necessary as well. Subcommittee Chairman Lindsey Graham (R-SC) repeatedly emphasized that cybercrimes put more dollars at risk than many physical crimes – to highlight this difference, he asked the Justice Department to provide figures comparing the budgets and staffing for dealing with bank robberies to that dealing with cybercrimes. Senator Graham is working with the subcommittee’s ranking member, Senator Sheldon Whitehouse (D-RI), on legislation to update the nation’s criminal laws to improve the ability of law enforcement and prosecutors to bring perpetrators of these crimes to justice. The subcommittee is likely to further consider these issues in the future. 

Advertisement
Advertisement
Advertisement