In the wake of high-profile retailer data breaches and mounting political pressure to address security flaws in the nation’s payment card system, Visa Inc. and MasterCard Inc. on Friday said they were forming a “cross-industry group” to enhance payment security.
The leading card networks said in a joint news release that they were inviting banks, credit unions, merchant acquirers, retailers, and point-of-sale terminal makers to join the forum. “The group will initially focus on the adoption of EMV [Europay-MasterCard-Visa] chip technology in the United States, in addition to addressing other security-related topics, including tokenization, point-to-point encryption and broader needs of the region.”
“The recent high-profile breaches have served as a catalyst for much-needed collaboration between the retail and financial-services industry on the issue of payment security,” Visa president Ryan McInerney said in the release. “As we have long said, no one industry or technology can solve the issue of payment-system fraud on its own. These conversations will serve as a useful forum to share ideas, break down barriers and spur the adoption of next generation security solutions for the benefit of all.”
Added Chris McWilton, MasterCard’s president of North American Markets: “Only through industry collaboration and cooperation will we address the real and immediate issue of security and maintain consumer confidence and trust. EMV will be the next step in these efforts, alongside enhanced security solutions for online and mobile channels.”
When the group will meet and what might be on its agenda was unclear. Executives from neither network were available for interviews Friday afternoon.
The group’s formation comes in the wake of confirmed or suspected data breaches at Target, Neiman Marcus, craft store chain Michaels, and most recently Sally Beauty and the Smucker’s online store. Pressure to fix card payments is mounting in Congress, which held more hearings this past week about data security.
After the Visa-MasterCard announcement, the National Retail Federation reiterated its long-standing position that EMV chip cards include cardholder authentication by PIN, a position popular with many merchants and politicians, but not so much among card issuers and networks.
“We remain insistent that U.S. retailers’ customers be given the same protections as consumers in more than 80 countries who have both a chip and a PIN securing their credit and debit cards,” Mallory Duncan, general counsel and senior vice president at the Washington, D.C.-based NRF, said in a statement. “There is no single solution to the complex issue of criminal hacking and we know PIN and chip is just a bridge on the long road to a safer payment system, but it is an important step in the right direction.”
Consultant Steve Mott of Stamford, Conn.-based BetterBuyDesign, a frequent critic of the card networks, sees the cross-industry group’s formation as “strong evidence that Visa and MasterCard are chafing at all the criticisms of the broken, existing card payment system—which they are responsible for, and the growing sets of industry participants which are attempting to fill the vacuum the brands have left.” In an email, he cites as examples recent security and related initiatives by The Clearing House, the X9 standards group, the Federal Reserve, and others.
But payments-industry veteran Eric Grover, principal of Minden, Nev.-based consulting firm Intrepid Ventures, thinks Visa and MasterCard are correct in launching their initiative now. “Does anybody really want senators Dick Durbin and Al Franken designing and mandating payment-card security or delegating the task of payment-card security to regulatory mandarins at the Fed?” Grover says by email. “It makes sense for MasterCard and Visa to preempt mischief and a power grab from Washington.”