Working Together: Trade Groups Unite at Cybersecurity Summit

The Merchant Financial Cyber Partnership hosted its 2014 Merchant-Financial Services Cybersecurity Summit in Washington, D.C. last week. The event was organized by the partnership (which is a coalition of 19 retail and financial trade groups) and the Bloomberg Government.

According to an article from www.nacsonline.com, more than 150 industry leaders, policymakers and members of the media attended. The summit focused on the topic “Cybersecurity: Protecting the Payments System,” and looked at it from various perspectives in three 45-minute panel sessions. The sessions featured officials from RILA, the American Hotel & Lodging Association, Wal-Mart, MasterCard and the FBI, among others.

Three Panels

  • Panel 1: “Regulatory Landscape in Congress: Cyber Security Legislation and Information Sharing”
  • Panel 2: “Information Sharing: Industry and Government View”
  • Panel 3: “Payments Security: How Can Advancing Technologies Help Payments Security”

The www.nacsonline.com article states, “Former Minnesota Governor Tim Pawlenty, now CEO of Financial Services Roundtable, opened the event by sharing the statistic that between May 2013 and May 2014, the data of more than 110 million Americans (almost half of the U.S. adult population) was compromised through cybercrime and security breaches. This fact set the tone for the rest of the summit, during which participants from government, financial and merchant sectors all emphasized the severity of the cybercrime landscape and the need for urgent action.”

According an Associations Now article, the summit aimed to highlight efforts by associations in the financial and retail industries to improve security through information-sharing. That’s a noble goal, the article says, but one that’s not without significant challenges.

One of the problems is trust. Ernie Smith, author of the Associations Now article, writes:

“While data sharing among retailers and financial firms may help prevent breaches, it can lead to antitrust questions and can risk exposure of sensitive threat information that companies and law enforcement want to keep secure.”

Another issue is that new technologies aren’t always covered under current data security laws.

“Laws currently on the books do encourage financial data security – most notably the Electronic Fund Transfer (EFT) Act of 1978. The problem is that current law doesn’t always cover new technologies, such as the just-announced Apple Pay system,” writes Smith. A way to deal with this issue is to ensure any updates to the EFT Act are “technology neutral.”

A third problem is just how good today’s cyberattackers are – and tomorrow’s are even better. Smith writes that they are likely to be state-sponsored terrorist groups or part of an organized crime syndicate – and they’re constantly getting better at what they do.

In summary of what associations can do, Smith’s article included a quote from RILA senior vice president Suzie Squier. “We need to get the liability taken care of between public and private collaborations,” she said.

Smith concluded his article with this: “Even though privacy advocates point to the potential dangers of the private sector collecting and sharing information, FSR’s CEO Tim Pawlenty, a former Minnesota governor and Republican presidential candidate, said the risks of doing nothing are much greater. While critics are concerned about one form of privacy, Pawlenty told conference attendees, ‘personal privacy is being violated flagrantly every day’ by cybercriminals.”

 

For more information, see our two sources: http://associationsnow.com/2014/09/how-can-retail-and-financial-groups-prevent-another-target-breach/ and http://www.nacsonline.com/News/Daily/Pages/ND0911141.aspx#.VBkHGfldXiZ