NACS Sends Letter Addressing Errors in Recent Testimony

Office of the Comptroller provided erroneous testimony at Senate hearing on cybersecurity.

December 17, 2014

WASHINGTON – Earlier this week NACS sent a joint trade association letter  to Thomas Curry, Comptroller of the Currency, in response to some inaccurate testimony his agency provided during a cybersecurity hearing in the Senate Banking Committee on December 10. The testimony, offered by Valerie Abend, senior critical infrastructure officer from the Office of the Comptroller of the Currency (OCC), was startlingly uninformed about the way the payment card system allocates data breach liability and did not address the focus of the hearing: enhancing cybersecurity coordination to protect the financial sector.

Noting that bad information leads to bad policy decisions, the letter rebutted Ms. Abend’s testimony, which inaccurately implied that financial institutions overwhelmingly shoulder the costs of data breaches occurring at retail establishments. The letter pointed out  that “merchants pay more than 100% of the banks’ fraud losses – some prepaid through swipe fees and some paid after the fact,” such as when merchants pay the cost of reissuing cards after a breach. And despite the large data security investments merchants make, the letter emphasized that cyber-attacks will intensify as long as we continue to use antiquated and inadequate payments technology and standards – all of which is controlled by banks and card networks.

Other witnesses at the hearing were: Brian Peretti, director for the Office of Critical Infrastructure Protection and Compliance Policy of the Department of the Treasury; Phyllis Schneck, deputy undersecretary for cyber security and communications, national protection and programs of the Department of Homeland Security; William Noonan, deputy special agent in charge of the U.S. Secret Service; and Joseph M. Demarest, Jr., assistant director of the cyber division of the Federal Bureau of Investigation. Those witnesses focused on the work of different federal agencies on cybersecurity and their coordination to address the issue, rather than the mistaken assumptions that were a part of the OCC’s testimony.

NACS was joined in the letter by the Food Marketing Institute, the National Grocers Association, the National Restaurant Association, the National Retail Federation, and the Retail Industry Leaders Association.

Advertisement
Advertisement
Advertisement