As retailers, every day we seek to provide customers the goods and services they want at the best value. But retailers also know that consumers demand more than just a good deal, they expect to be treated fairly and honestly. Consumers also expect that their purchases are made in an environment where personal information is secure.
According to a 2013 data breach investigation by Verizon, a wide variety of businesses, including health care companies, utilities, manufacturers, technology companies, financial institutions and retailers, were all victimized by cyberattacks. These attacks are launched by criminals who are persistent and their methods are increasingly sophisticated. The fallout from these criminal acts has gained widespread public attention and questions about the security of the electronic payments system have emerged.
The retail industry takes the threat of cyberattacks seriously and works diligently every day to stay ahead of these sophisticated adversaries. Retail companies individually and the industry collectively, are making substantial investments in the technology and experts needed to aggressively counter these threats. Retailers utilize ever-evolving techniques and tactics such as data encryption, tokenization, and redundant internal controls to both ward off attacks and reduce the impact of any successful cybersecurity attack.
The payment system itself though is an ecosystem that relies on interoperable cooperation across sectors. The saying that a chain is only as good as its weakest link applies here. While retailers understand and manage their internal systems and security, they have little or no influence over the actions taken by other players in the payments universe, actions with enormous implications on fraud. Instead, retailers must rely on others in the payments ecosystem to dictate critical security decisions, including card technology, retailer terminals, and when data can be encrypted during the transmission between retailers and the card networks. To effectively address todayís cybersecurity challenges, we must work collaboratively with the card networks, and issuing banks and credit unions to ensure that the system is made as secure as possible while giving customers access to the payment choices they prefer. It is our view that the responsibility for security should be shared, but we know that if we donít collaborate to secure these systems and consumer confidence wanes, we will all share in the loss.