US big box retailers are joining forces to strengthen their defences against cyber criminals following data breaches that have compromised tens of millions of shoppers.
The Retail Industry Leaders Association (RILA), a trade group for the country’s largest retailers, said on Monday it had launched an initiative to counter potential cyber threats and promote additional safeguards for personal data.
“Retailers place extremely high priority on data security and invest tremendous resources to prevent attacks, but cyber criminals are persistent and their methods of attack are increasingly sophisticated,” said RILA president Sandy Kennedy.
Target disclosed that personal data from more than 70m people and the credit card details of at least 40m had been stolen between November 27 and December 15 after malicious software was deployed against the retailer.
Department store Neiman Marcus said 2,400 customer credit cards might have been used fraudulently and the data of approximately 1.1m could have been compromised. Michaels Companies, the arts and crafts retailer, said it too was investigating a possible security breach on its payment card network.
“By working together with public-private sector stakeholders, our ability to develop innovative solutions and anticipate threats will grow, enhancing our collective security,” Ms Kennedy added.
The group will form a council of senior retail executives to enable information sharing about potential threats. It will also lobby lawmakers to develop federal legislation on data security breach notification.
Like other industry watchers, RILA is calling for the elimination of credit and debit cards that use magnetic stripe technology, which are outdated and easily exploitable. It wants chip-based smart cards and universal PIN security to be adopted instead.
RILA also seeks to forge closer relationships with banks, credit card processing companies and other members of the payment cycle, as well as improve communication with consumers on how their personal data are used.
But security experts say retailers have little chance of providing a completely secure payment system for customers against sophisticated cyber thieves. Corporate security teams have faced great difficulty in tracking and eradicating such malware in commercial settings, as hackers tend to sell on the software via multi-layered underground forums.
“Retailers are trying to do everything they possibly can, but ultimately it is a game of cat and mouse with one side trying to outsmart the other,” said Richard Bortnick, a lawyer who advises companies about cyber security risks. “There is only so much a retailer can prepare for the worse case scenario.”
Get alerts on Cyber Security when a new story is published