For years, retailers have been warring with major card networks such as Visa and MasterCard and the card-issuing banks, over the Byzantine digital payments system used in the United States.
Now, the enemies say they’re dropping the guns to join hands in making customers’ personal information more secure.
More than a dozen leading industry associations announced that they have formed a new cybersecurity partnership to improve payment-card security and thwart data thieves.
“Consumers expect both that the payments system will protect their sensitive information, and that they will receive the convenience they’ve come to expect while using their credit or debit cards,” Frank Keating, head of the American Bankers Association, said in a joint news release.
The Financial Services Roundtable, a group that encompasses major financial institutions, including card networks, and the Retail Industry Leaders Association are taking the lead.
The partners said they will form working groups to discuss sharing information, new security technology, how to address the shift to mobile payments and the growing threat of card-not-present fraud online.
The group said the existing Financial Services Information Sharing and Analysis Center could serve as “a forum or model” for sharing threat intelligence.
The push for collaboration follows a wave of data-security breaches at high-profile retailers, notably discount giant Target Corp., that has rattled consumer confidence and prompted congressional hearings on securing consumer data.
In Target’s case, thieves stole the payment card data or personal information of up to 110 million customers and forced banks to send out more than 17 million new debit and credit cards, a number that continues to rise.
The Consumer Bankers Association, which is part of the new partnership, previously estimated that it costs an average of $10 to replace a card, for a total of $172 million, a number that doesn’t include the cost of any fraudulent activity that may have occurred.
The disparate industries are all involved in the country’s difficult rollout of new chip-based payment cards, called EMV cards, which are theoretically set to start replacing magnetic stripe cards.
Retailers and payments players face an October 2015 deadline to be ready for the new cards. That shift alone has been daunting, with some players saying it’s iffy whether the deadline will be met and others saying that EMV alone isn’t enough to protect payment information.
Avivah Litan, a Gartner Inc. analyst who specializes in cybersecurity, said she views the new partnership with skepticism beyond the collaborative benefits. But it’s a good move, she said, and the goal of setting up a way to share threat intelligence seems tangible, and badly needed.
Of the partnership announcement as a whole, she called it “a crisis reaction.”
“It is a crisis,” Litan said. “The retail payments system is under attack in a way that hasn’t been true until now.”