WASHINGTON — Retailers are facing a troubling trend of more sophisticated cyber attacks, despite stepped-up efforts to thwart data security breaches, according to government officials, who painted a bleak picture at a conference Wednesday and stressed the urgency for legislation to address some of the obstacles and vulnerabilities in the business and financial communities.
While federal officials sounded alarms about the rising incidents of cyber attacks, retail groups stressed the importance of their collaboration with the financial services industry to focus on improving threat information sharing, strengthening card security technology and improving the security of e-commerce purchases and mobile transactions.
Executives from Wal-Mart Stores Inc. and MasterCard outlined the steps they are taking to secure payment systems, but also acknowledged it could take time for consumers to adapt to these more secure payment tools.
The public and private sector officials spoke at a summit on Capitol Hill sponsored by the Merchant Financial Cybersecurity Partnership, composed of 250 executives from retailers, financial institutions and credit card companies, and 19 trade associations. The conference was held just days after news broke of a security breach at Home Depot, as well as reports that federal officials were investigating a breach at J.P. Morgan Chase.
Tim Pawlenty, chief executive officer of Financial Services Roundtable, said 150 million Americans, nearly 50 percent of all adults in this country, had their personal information exposed to hackers between May 2013 and May 2014.
Last month, the Department of Homeland Security estimated that more than 1,000 U.S. businesses have been infiltrated by malicious point-of-sale software, significantly broadening the scope of known cyber attacks that hit Target and Neiman Marcus stores in the past year. Seven POS systems providers or vendors have confirmed security breaches that have affected “multiple” clients, the agency said.
Two top Republican lawmakers raised alarms at the summit over the rise of cyber attacks on American businesses and institutions, and stressed the imperative of passing an information-sharing bill in the lame-duck session of Congress this year.
“We are getting crushed,” said Rep. Mike Rogers of Michigan, chairman of the House Permanent Select Committee on Intelligence. “Every day these companies in this room are getting attacked. Sometimes you know it, sometimes you don’t.…This is a deadweight cost for American industry and we’re losing. We’re in a cyber war and we’re losing.”
Sen. Saxby Chambliss of Georgia, vice chairman of the Senate Select Committee on Intelligence, said there is “no good news” on the cybersecurity front.
“We’ve just seen the tip of the iceberg relative to the reported incidents,” Chambliss said.
Michael Daniel, special assistant to the president and the cybersecurity coordinator, said, “Intruders are willing to be more destructive, and they are willing to take more and different kinds of things.”
But retailers and card companies said they are making progress on developing more secure payment systems.
Reed Luhtanen, senior director of payments strategy for Wal-Mart, said there is “no silver bullet” or single technology that will solve the problem for all of the stakeholders, adding, “We have to be mindful [that] it is a layered approach.”
Luhtanen said Wal-Mart began installing chip terminals in its stores eight to 10 years ago. Currently, chip card transactions represent more than 5 percent of all transactions at Wal-Mart stores, he said.