DATA breaches

Background:

In 2013, the Cyber Intelligence Sharing and Protection Act (CISPA), bill HR624, passed in the House of Representatives in a 288-127 vote. The Senate refused to vote on the bill. This legislation would allow for the sharing of certain Cyber Intelligence Information between the government and the private sector.

In February of 2013, President Obama issued Executive Order 13636, “Improving Critical Infrastructure Cybersecurity.” This EO was issued after CISPA did not pass but is similarly intended to promote greater information sharing between private industries and the government. 

In addition to CISPA, the Retail Industry Leaders Association launched a comprehensive sharing center called, the Retail Cyber Intelligence Sharing Center (R-CISC).  Through this, retailers are able to share cyber threat information among each other and with analysts like the Department of Homeland Security (DHS), Secret Service and the Federal Bureau of Investigation (FBI).

There is also a push in the industry to change from magnetic stripe credit cards to a new, chip – and – pin card. Personally Identifiable Information (PII) would be stored on the chip instead of the stripe. This would reduce fraud because criminals would need a unique pin number and not just a signature to verify PII.

According to a report in Digital Transactions magazine, “this transition has its genesis in a Visa, Inc., announcement three years ago that the liability for counterfeit card transactions at the point of sale will fall on the party not equipped to process transactions adhering to the Europay-MasterCard-Visa standard, which requires chip cards and payment terminals able to communicate with those cards. The liability shift is set for October 2015.

Why is this relevant to our members?

Data breaches can happen to anyone. No company is immune to experiencing a breach, regardless of its size; however, certain companies may be more equipped to deal with a breach than others. NSGA believes all retailers should be able to share critical information specifically relevant to cybersecurity with certain federal agencies and with other companies in the private sector when data is threatened or a breach occurs.            

We want to guide our members to the most beneficial resources available for their data security needs. We are also prepared to advocate on your behalf for any issues arising in the future for the cost of a new card reader needed for the chip-and-pin cards.

What’s new?

Since CISPA needs to pass in both the House and the Senate within the same Congress, the bill needs to be changed yet again. Currently, the Senate is said to be drafting a competing piece of legislation.

As a result of the President’s Executive Order, organizations and individuals have put together a “Framework for Improving Critical Infrastructure Cybersecurity.” This framework includes ideas on best practices and standards for cybersecurity. It is intended to be a living document with continuous updates as industries see fit.

What can you do?

Please let us know if you have any further questions about data security issues or if you need guidance to particular resources. NSGA will keep you informed of any progress made in Washington as soon as information becomes available.

Learn more about the following legislative issues dealing with data breaches:

Cyber Intelligence Sharing and Protection Act

Retail Cyber Intelligence Sharing Center (R-CISC)

Executive Order 13636

Framework for Improving Critical Infrastructure Cybersecurity