Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Association Launches Initiative to Help Retailers Improve Data Security

In response to a spate of cyber attacks targeting retailers nationwide, the Retail Industry Leaders Association (RILA) announced on Monday that it would help its members improve their cyber defenses by launching a new initiative to address cyber threats and promote further safeguards to protect payment data.

In response to a spate of cyber attacks targeting retailers nationwide, the Retail Industry Leaders Association (RILA) announced on Monday that it would help its members improve their cyber defenses by launching a new initiative to address cyber threats and promote further safeguards to protect payment data.

“The RILA Cybersecurity and Data Privacy Initiative seeks to bring public- and private-sector stakeholders together to enhance existing cybersecurity and privacy efforts, inform the public dialogue, and build and maintain consumer trust,” the association said in the announcement.

“Retailers place extremely high priority on data security and invest tremendous resources to prevent attacks, but cyber-criminals are persistent and their methods of attack are increasingly sophisticated. Enhanced security measures help to thwart attacks, but unfortunately some attacks have been successful and the resulting incidents have affected millions,” said Sandy Kennedy, President of the trade association that includes more than 200 retailers, product manufacturers, and service suppliers.

The initiative is organized around three major components.

1. Strengthening Overall Cybersecurity:

Formation of a Retail Cybersecurity Leaders Council – Retailers rebuff cyber threats nearly every day and the resulting lessons can strengthen protections across the entire industry. The Retail Cybersecurity Leaders Council, made up of senior retail executives responsible for cybersecurity, will aim to improve industry-wide cybersecurity capabilities by sharing threat information and discussing effective security solutions in a trusted forum.

Federal Data Breach Notification Legislation – RILA will engage with lawmakers to develop federal data security breach notification legislation that sets a national baseline.

Federal Cybersecurity Legislation – RILA will work with policymakers to help develop federal cybersecurity legislation focused on measures widely viewed as being effective to strengthen cybersecurity for our nation’s critical infrastructure, such as the financial system. At a minimum, this legislation should include support for appropriate information-sharing mechanisms between the private and public sectors.

2. Improving Payments Security:

Eliminate the Mag-Stripe: The existing magnetic stripe technology used on credit and debit cards issued in the United States is antiquated. RILA will urge that it be phased out in favor of the better technology widely used throughout the world.

Universal PIN Security and Chip-based Smart Card Technology – RILA will continue to press the card networks and the issuing banks to migrate to universal PIN security and chip-based smart card technology. In the event of a successful cybersecurity breach, the dynamic security features of such technology effectively prevent the use of stolen data.

System Wide Collaboration – Enhanced card security would be an important first step, but innovation is needed to outpace criminal threats. Therefore, we will seek to forge deeper partnerships with other members of the payments ecosystem to collaborate on migration to near-term card security enhancements, new technologies and long-term, comprehensive solutions to the threats.

3. Addressing Consumer Privacy:

The Retail Data Story – Consumers want and expect data about them to be protected and secure. They also want tailored services and shopping options yet may have questions about the data-related means required to provide them. RILA will work with partners to describe how data is used to provide the experience that consumers demand and share the great lengths that retailers go to protect the data they collect. Where useful, we will help promote data practices and policies that are consistent with RILA’s privacy principles.

The RILA says its members account for more than $1.5 trillion in annual sales, and more than 100,000 stores, manufacturing facilities and distribution centers around the world.

“There’s little chance that this threat will diminish, and more targeted attacks will make it difficult to track, analyze and protect against [reatailers],” said Steve Durbin, Global Vice President of the Information Security Forum, on the recent Neiman Marcus and Michael’s data breaches. “While this doesn’t mean that every retail transaction is at risk, it does require organizations to better protect such data, to plan for loss of such data, and to have solid resilience and recovery plans in place to deal with any attack and breach.”

More information on the RILA’s cyber security initiative is available here

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...