Protection against cyber grinches

Unfortunately, not everyone in the payment ecosystem is prepared for the growing threat of cyber-criminals.  With the holidays fast approaching, we need to be mindful of any grinches that may be lurking. 

One only needs to look at the recent large-scale retailer breaches which compromised millions of consumers’ sensitive information for proof that the criminals are on the prowl and the cyber defense status quo isn’t good enough.  While there has been a rise in the number and sophistication of data breaches, no federal standard for protecting consumer data at retailers and other non-financial firms currently exists.  

{mosads}The Consumer Bankers Association’s member banks are doing their part to thwart cyber-attacks – both those targeted directly at their organizations and beyond their literal and digital walls.  Not only do our member banks spend millions for payment innovations, advanced fraud monitoring, and other security controls to prevent fraud from ever occurring, but they also protect their customers by often making them financially whole no matter where the breach occurred. 

Financial institutions know what it takes to stop these thieves from stealing holiday joy.  Since 1999, banks and credit unions of all sizes have abided by the Gramm-Leach-Bliley Act (GLBA) to implement administrative, technical, and physical safeguards to protect customer information.  Their track record over the past 15 years demonstrates the success of these common-sense security practices in stopping breaches before they start.  GLBA is a model of success for other sectors to emulate.  Thankfully, this is the exact approach of federal legislation in front of us this week.  

On Tuesday, the House Financial Services Committee has an opportunity to advance a bill to better protect consumers against cyber criminals.  Reps. Randy Neugebauer (R-Texas) and John Carney (D-Del.) will put forward the Data Security Act of 2015 (H.R. 2205).  This is a rare bipartisan bill that would encourage all sectors of our economy to invest in commonsense safeguards and processes to keep consumers’ financial and personal information safe and secure.

Consumers deserve the confidence in knowing that the companies with which they do business respect the security of their sensitive information as much as they do.  The Neugebauer-Carney bill would apply security standards that are proportional to the type of information the business holds.  If a company is collecting your information to aid quicker check-outs or marketing, it should be held to a higher standard than one that is not.  The Data Security Act, modeled on existing law applicable to the smallest credit unions and the largest banks, is also tailored to the size and scope of a business.  Because these security best practices work, CBA and its partners in the financial industry encourage others to come together in support of this bill as a truly meaningful step toward eliminating consumer fraud.

In additional to a strong data security standard, continual innovation is critical to our ability to stay one step ahead of the criminals.  Rather than deflect the policy discussion on security to one about antiquated technologies like PIN, retailers and banks alike should band together to use their resources to continually innovate on payment technologies and other cyber defenses.  We must stay on the cutting edge to thwart cyber criminals’ efforts to steal sensitive information. 

Collective industry efforts in technological innovation combined with common-sense security standards like those in the Data Security Act are the best way to protect consumers this holiday season and for years to come.

Zeisel is general counsel and executive vice president of the Consumer Bankers Association.