NRF Goes On Offensive Against Data Breaches

Retail Trade Group Targets Lawmakers with Ad Saying It's Not In This Alone

By Published on .

The National Retail Federation wants the U.S. government to see that data breaches aren't a problem that only affects the retail industry.

NRF ad
NRF ad

In an ad called "Hackers Don't Discriminate" running in Washington, D.C.-based political publications Politico, The Hill and Roll Call Feb. 3 through Feb. 6 in print, the NRF lays out that the most security breaches, at 37%, take place at financial institutions, citing statistics from a recent Verizon survey. Just 24% of breaches happen at retail and restaurant companies, according to the 2013 data-breach investigation by Verizon analyzing more than 47,000 security breaches and 621 confirmed data breaches.

"One of the problems is that during these more recent discussions, there has been a lot of pointing of fingers and a lot of that has been pointed toward the retail industry. It's important for us to point out consistently and frequently that we're not the only industry that's up against" data breaches, said Bill Thorne, senior VP-communications and public affairs at the NRF. "It's not a problem for retailers to solve alone."

The ad was created by the NRF's internal marketing, public affairs and government relations team. It breaks as NRF Senior VP-General Counsel Mallory Duncan testified on Feb. 3 before the Senate Banking, Housing and Urban Affairs subcommittee on national security and international trade and finance. He spoke to the committee in light of the data breaches that recently hit Target Corp. and Neiman Marcus Group, where tens of millions of consumers' credit and debit-card numbers were stolen.

Officials from the Secret Service, the Federal Trade Commission and the Payment Card Industry Security Standards Council, among others, also planned to testify. Target and Neiman Marcus are scheduled to testify on Wednesday morning before the subcommittee on Commerce, Manufacturing and Trade, according to a Jan. 29 statement on the U.S. House of Representatives website.

In prepared remarks provided by the NRF, Mr. Duncan urged the subcommittee to understand why data breaches occur and prevent future breaches from happening. "If breaches become less profitable to criminals then they will dedicate fewer resources to committing them and our goals will become more achievable," she said, according to the prepared remarks released by the NRF.

Of the data breaches that occurred in 2013, Mr. Duncan said, "Nearly one-fifth of all of these breaches were perpetrated by state-affiliated actors connected to China. Three in four breaches were driven by financial motives. Two-thirds of the breaches took months or more to discover and 69% of all breaches were discovered by someone outside the affected organization."

He added that credit- and debit-card fraud losses totaled $11.27 billion in 2012, citing statistics from Card Hub, a credit- card services company.

Potential solutions to data breaches, said Mr. Thorne, "start with creating the mechanisms to work with foreign governments" to track down hackers and incarcerate them. "There's not a single answer and single direction. It's going to take multiple industries and multiple companies to work together to solve this," he said. "Retailers every single day are looking at their data systems and are looking at the technology they have. They are investing and updating and certainly trying to prevent these hackers from being successful."

The NRF is pushing an industry standard to embrace chip and personal identification number technology in credit cards, which would not use signature verification because, the NRF said, signatures can be easily forged. Mr. Thorne added that mobile payments are another viable and secure avenue to consider.

The NRF, meanwhile, also wants Congress to pass a nationwide standard on data-breach notification laws. In addition, the group is pushing to pass the Cyber Intelligence Sharing and Protection Act, which would make it easier for commercial companies to share cyberthreat information and ensure they get investigated and prosecuted.

Most Popular