(Photo by Joe Raedle/Getty Images)
Hide Caption

Target data breach pits banks against retailers

a a a a
Share this story

WASHINGTON (AP) -- Banks and big retailers are locked in a debate over the breach of consumer data that gripped Target Corp. during the holiday season. At issue: Which industry bears more responsibility for protecting consumers' personal information?

The retailers' argument: Banks must upgrade the security technology for the credit and debit cards they issue.

The banks' counterargument: Newer electronic-chip technology wouldn't have prevented the Target breach. And retailers must tighten their own security systems for processing card payments.

The finger-pointing is coming from two industries with considerable lobbying might. Their trade groups have been bombarding lawmakers with letters arguing why the other industry must do more - and spend more - to protect consumers.

"Nearly every retailer security breach in recent memory has revealed some violation of industry security agreements," the Independent Community Bankers argued last month. "In some cases, retailers haven't even had technology in place to alert them to the breach intrusion, and third parties like banks have had to notify the retailers that their information has been compromised."

The National Retail Federation has fired back:

Retailers must accept "fraud-prone cards" issued by banks that are attractive to thieves, the federation's general counsel testified at a Senate subcommittee hearing Monday. "Unlike the rest of the world, the U.S. cards still use a signature and magnetic stripe for authentication."

Their antagonism aside, the two sides agree on one point: That Congress should create a national standard for notifying consumers of any data breaches. A uniform standard would replace the current hodgepodge of state guidelines.

In the middle are American consumers, many of whom say they're alarmed about the safety of their personal information since the Target breach. In an Associated Press-GfK poll conducted Jan. 17-21, nearly half of those surveyed said they've become extremely concerned about the vulnerability of their personal data when shopping in stores since the incident.

This week, Congress is examining data security breaches and what to do about them. Four committees have scheduled hearings.

At a Senate Judiciary Committee hearing Tuesday, the head of the Federal Trade Commission and officials from the Secret Service and the Justice Department are set to testify. So are executives of Target and luxury retailer Neiman Marcus.

An estimated 40 million credit and debit card accounts were affected by the Target breach, which occurred between Nov. 27 and Dec. 15. Stolen were customers' names, credit and debit card numbers, card expiration dates, debit-card personal identification numbers and the embedded codes on the cards' magnetic strips.

Also stolen was non-card personal information - names, phone numbers and email and mailing addresses - for up to 70 million Target customers who could have shopped before or after the Nov. 27-Dec. 15 period.

The Target theft could prove to be the biggest data breach on record for a U.S. retailer. Minneapolis-based Target, the No. 2 U.S. discounter, has acknowledged that news of the breach has scared some shoppers away. The company last month cut its earnings outlook for its fourth quarter, which covers the crucial holiday season. It warned that sales would be down for the period.

Still unknown is how the malicious software that was used to carry out the theft got into Target's computer system and how the hackers stole credentials from a Target vendor to enter the system. The identity of the vendor isn't known, either. The Secret Service has been investigating, and Attorney General Eric Holder has said the Justice Department is conducting a criminal probe to find those responsible.

Sen. Mark Warner, D-Va., who leads the Senate Banking subcommittee, told the industry officials that "the only way this is going to work to protect consumers and give them the confidence they need is for the banking industry, the retail industry ... to actually collaborate together."

Retailers are trying to shore up consumers' confidence by upgrading and testing their systems for accepting payments. But their trade association says the billions that merchants are spending won't prevent breaches unless the banks adopt more secure card technology.

The banks plan to put digital chips for storing account information on debit and credit cards by the fall of 2015. Compared with the current magnetic strips, it's a system that typically makes data theft harder and is common in other countries. This would be a step forward but hardly a guarantee against cyber attacks, the banks caution.

Retailers want the chips, but they also want each debit or credit card transaction to require a PIN instead of a signature. Experts say it's harder for criminals to steal PINs than to forge signatures.

The magnetic strips use the same technology as cassette tapes to store account information and are easy to copy. By contrast, a digital chip generates a unique code each time

it's used. Criminals can steal and sell data from cards with chips, but they can't create fraudulent cards.

Previous
1 2
Next

Copyright 2014 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Print this article

Comments

Hmm... It looks like you’re not a WCPO Insider. or Subscribe now to contribute!

More National Business
American, US Airways tweak fees, mileage rules
American, US Airways tweak fees, mileage rules

If you use miles to get a free ticket on American Airlines, you may have to pay to check that suitcase.

How much of your beer money goes to taxes?
How much of your beer money goes to taxes?

The states on each side of the Ohio River are at opposite spectrums when it comes to how much your favorite pint of beer is taxed.

Luxottica shares rise on Google Glass deal
Luxottica shares rise on Google Glass deal

Shares in Italian eyewear maker Luxottica have risen sharply on the announcement that it will make frames for Google's new…

RadioShack closing 1,100 stores as troubles grow
RadioShack closing 1,100 stores as troubles grow

RadioShack plans to close up to 1,100 stores in the U.S. as its troubles continue to grow.

Data-breach costs take toll on Target profit
Data-breach costs take toll on Target profit

Target Corp says the massive data breach over the holidays helped push its profit down 46 percent.

Yellen: Cont'd pullback in Fed stimulus likely
Yellen: Cont'd pullback in Fed stimulus likely

Federal Reserve Chair Janet Yellen says that if the economy keeps improving, the Fed will take "further measured steps" to reduce…

Applications for US jobless benefits fall to 331
Applications for US jobless benefits fall to 331

The number of people applying for U.S. unemployment benefits declined 20,000 last week to 331,000, suggesting that Americans are facing fewer…

CVS Caremark to stop selling tobacco products
CVS Caremark to stop selling tobacco products

CVS Caremark is kicking the habit of selling tobacco products at its more than 7,600 drugstores nationwide.

Satya Nadella tapped as new Microsoft CEO
Satya Nadella tapped as new Microsoft CEO

Microsoft has named Satya Nadella, an executive in charge of the company's small, but growing business of delivering software and…

Markets steady despite massive sell-off in Japan
Markets steady despite massive sell-off in Japan

Financial markets steadied Tuesday after the turmoil of the previous day reverberated into the Asian session. However, lingering concerns…

Market Summary
The Dow Jones Industrial Average SM is proprietary to and is calculated, distributed and marketed by Dow Jones Indexes, a licensed trademark of CME Group Index Services LLC and have been licensed for use. "Dow Jones(r)", "Dow Jones Indexes" and "Dow Jones Industrial Average SM" are service marks of Dow Jones Trademark Holdings, LLC. "CME" is a trademark of Chicago Mercantile Exchange Inc. All content of the Dow Jones Industrial Average (c) CME Group Index Services LLC 2010.