TribLIVE

| Business

 
Larger text Larger text Smaller text Smaller text | Order Photo Reprints

Industries dodge breach blame

Email Newsletters

Click here to sign up for one of our email newsletters.

On the Grid

From the shale fields to the cooling towers, Trib Total Media covers the energy industry in Western Pennsylvania and beyond. For the latest news and views on gas, coal, electricity and more, check out On the Grid today.

'American Coyotes' Series

Traveling by Jeep, boat and foot, Tribune-Review investigative reporter Carl Prine and photojournalist Justin Merriman covered nearly 2,000 miles over two months along the border with Mexico to report on coyotes — the human traffickers who bring illegal immigrants into the United States. Most are Americans working for money and/or drugs. This series reports how their operations have a major impact on life for residents and the environment along the border — and beyond.

By The Associated Press
Tuesday, Feb. 4, 2014, 10:21 p.m.
 

WASHINGTON — Banks and big retailers are locked in a debate over the breach of consumer data that gripped Target Corp. during the holiday season. At issue: Which industry bears more responsibility for protecting consumers' personal information?

The retailers' argument: Banks must upgrade the security technology for the credit and debit cards they issue.

The banks' counterargument: Newer electronic-chip technology wouldn't have prevented the Target breach. And retailers must tighten their own security systems for processing card payments.

The finger-pointing is from two industries with considerable lobbying might. Their trade groups have been bombarding lawmakers with letters arguing why the other industry must do more — and spend more — to protect consumers.

“Nearly every retailer security breach in recent memory has revealed some violation of industry security agreements,” the Independent Community Bankers argued last month. “In some cases, retailers haven't even had technology in place to alert them to the breach intrusion, and third parties like banks have had to notify the retailers that their information has been compromised.”

The National Retail Federation has fired back.

Retailers must accept “fraud-prone cards” issued by banks that are attractive to thieves, the federation's general counsel testified at a Senate subcommittee hearing on Monday. “Unlike the rest of the world, the U.S. cards still use a signature and magnetic stripe for authentication.”

Their antagonism aside, the two sides agree on one point: Congress should set a national standard for notifying consumers of any data breaches. A uniform standard would replace the hodgepodge of state guidelines.

In the middle are American consumers, many of whom say they're alarmed about the safety of their personal information since the Target breach. In an Associated Press-GfK poll conducted Jan. 17-21, nearly half of those surveyed said they've become extremely concerned about the vulnerability of their personal data when shopping in stores since the incident.

This week, Congress is examining data security breaches and how to handle them. Four committees have scheduled hearings.

At a Senate Judiciary Committee hearing on Tuesday, the head of the Federal Trade Commission and officials from the Secret Service and the Justice Department are set to testify. So are executives of Target and luxury retailer Neiman Marcus.

An estimated 40 million credit and debit card accounts were affected by the Target breach, which occurred between Nov. 27 and Dec. 15. Stolen were customers' names, credit and debit card numbers, card expiration dates, debit-card personal identification numbers and the embedded codes on the cards' magnetic strips.

Personal information — names, phone numbers and email and mailing addresses — was stolen for as many as 70 million Target customers who could have shopped before or after the Nov. 27 to Dec. 15 period.

The Target theft could prove to be the biggest data breach on record for a United States retailer. Minneapolis-based Target, the No. 2 American discounter, has acknowledged that news of the breach has scared some shoppers away. The company last month cut its earnings outlook for its fourth quarter, which covers the crucial holiday season. It warned that sales would be down for the period.

Still unknown is how the malicious software that was used to carry out the theft got into Target's computer system and how the hackers stole credentials from a Target vendor to enter the system. The identity of the vendor isn't known, either. The Secret Service has been investigating, and Attorney General Eric Holder has said the Justice Department is conducting a criminal probe to find those responsible.

Subscribe today! Click here for our subscription offers.

 

 


Show commenting policy

Most-Read Business Headlines

  1. Consol takes $603 million loss in second quarter
  2. Leisure, hospitality lead Pittsburgh area job gains
  3. Ambridge’s PittMoss takes off with help from TV show, Mt. Lebanon native Cuban
  4. U.S. Steel to debut oil, gas pipeline connector
  5. Plummeting natural gas prices slash revenue of Marcellus shale producers
  6. Alcoa among 13 firms in $140B carbon-footprint pledge
  7. Invasive beetle costs Pittsburgh-area power companies plenty
  8. Israel’s Teva drops bid for Mylan, buys Allergan for $40.5B
  9. Muni bond funds stressed
  10. Bayer sets sights beyond aspirin
  11. Pitt to start Energy Law and Policy Institute