The Merchant Financial Cyber Partnership, a unique coalition of eight financial-services trade associations and 11 merchant groups, wants Congress to make it easier for retailers and financial institutions to share information with each other related to data breaches.
Merchants and financial-services companies often are bitter foes when it comes to payments issues like interchange, but the onslaught of payment-data breaches, coupled with the negative publicity they have generated, has been a catalyst to more cooperative action. The Merchant Financial Cyber Partnership maintains that sharing information about cybercrimes can help improve security efforts.
In a letter sent Thursday to Congress, the coalition, formed in February following the Target Corp. breach a year ago, says there are obstacles in its path to improve information-sharing about breaches between merchants and financial-services companies. One obstacle, hinted at in the group’s letter to Congress, appears to be potential liability issues concerning the accuracy and use of that shared information. The group wants a “safe harbor” from that liability. The partnership did not respond to Digital Transactions News inquiries.
The coalition also wants legislation that would modify what it calls “current constraints” to improve information sharing. It did not explain what these constraints are. It also entreated Congress to increase government funding for improved data-security measures and make it easier for law enforcement to pursue criminals outside of the United States, among others.
“We believe that federal legislation that embodies these principles will materially improve the security of all of our systems and ultimately consumers,” states the letter, signed by Tim Pawlenty, chief executive of the Financial Services Roundtable and former governor of Minnesota, and Sandra L. Kennedy, president of the Retail Industry Leaders Association.
The partnership also released its wish list of the next steps to take, including holding periodic forums to share information, developing a paper on breach-notification response programs, and outlining recommendations for merchants, issuers, acquirers, and processors on collaborating more on technology-standards development.
Members of the Merchant Financial Cyber Partnership include organizations like the Electronic Transactions Associations, the American Bankers Association, the National Retail Federation and the National Restaurant Association.