On Heels of Security Breaches, ICBA Lashes Back at Retailer Group

The fallout from the recent Target and Neiman Marcus security breaches has led to a war of words between bankers and retailers.

With a scathing press release Wednesday, The Independent Community Bankers of America (ICBA) responded emphatically to an equally accusatory Jan. 21 letter published by the National Retail Federation (NRF) which heaved blame on the financial services industry for the breaches.

"The NRF should focus its attention on responding to the harm that security breaches at several retailers have done to consumers and their financial institutions rather than hurling false allegations blaming the banking industry for these retail breaches," ICBA president and chief executive Camden Fine said in Wednesday's release.

Fine added: "Retailers and their processors — not banks — are responsible for the systems in their stores that process payment cards. ICBA hopes that the massive retail security breaches at Target, Neiman Marcus and others will spur retailers to adopt security solutions going forward."

The release and Fine's remarks were in response to the Jan. 21 letter from NRF president and chief executive Matthew Shay addressed to the Speaker of the House of Representatives John Boehner and U.S. Senator Harry Reid. In the letter, the NRF implicated "partners in the financial sector," questioning the security of "the most criminally lucrative data": bank card information.

Shay said in the letter that "the retail industry is eager to work with banks and card companies to fight cyber attacks and reduce fraud."

"For years, banks have continued to issue fraud-prone magnetic stripe cards to U.S. customers, putting sensitive financial information at risk while simultaneously touting the security benefits of next generation "PIN and Chip" card technology for customers in Europe and dozens of other markets," Shay said in the letter.

Shay added: "The fact remains that retailers cannot do this alone. Only by working together will consumers' financial data be protected from criminals. That is why it is time for our partners in the card industry to invest in next generation technology to secure sensitive bank card data.

In response to the letter, the ICBA said in its statement that it hopes the breaches will encourage retailers to adopt security solutions in the future.

The ICBA also claimed in the release that security controls such as chip and PIN technology wouldn't have prevented the breach for more than 70 million consumers. The release also claimed that some retailers failed to have requisite technology to prevent the breaches.

"Nearly every retailer security breach in recent memory has revealed some violation of industry security agreements," the ICBA claims in the letter. "In some cases, retailers haven't even had technology in place to alert them to the breach intrusion, and third parties, like banks, have had to notify the retailers that their information has been compromised."

The Target breach took place during the 2013 holiday shopping season, affecting the card data of 40 million people and the personal contact information of 70 million.

The Target and Neiman Marcus breaches were executed using BlackPOS, a type of malware created by a Russian-based hacker in March of 2013, according to IntelCrawler, a Los Angeles-based security company.

For reprint and licensing requests for this article, click here.
Bank technology Consumer banking
MORE FROM AMERICAN BANKER