By technology editor Ian Bush
WASHINGTON, D.C. (CBS) — Target (see related story) and Neiman Marcus customers (see related story) are still dealing with the damage from recent data breaches, and Michaels — a chain of arts-and-crafts retailers — is now investigating a possible attack on the payment system on its stores (another related story).
But from Capitol Hill to corporate headquarters, there appears to be little appetite for sweeping changes to protect your personal information.
For those with shareholders to satisfy, it’s a game of chicken:
“This is an ongoing battle between banks and retailers. And the real question is who’s going to go first, ” says Politico technology reporter Jessica Meyers.
She says there’s general agreement among them that the chip-and-PIN system — popular in Europe — is a more secure way to store credit card details than the magnetic stripe used in this country.
But both sides are balking at the expense of upgrading machines and reissuing all that plastic.
“In 2015, the credit card companies are pushing for this voluntary agreement that would leave the banks or retailers liable if they don’t make these adjustments. We’ll see what happens with that — it’s still voluntary. So it’s up to them whether or not they want to make that investment,” Meyers says.
But chipped cards wouldn’t have been resistant to the Target attack, since malicious software was siphoning unencrypted data as it passed through a store’s computer memory.
So why aren’t retailers forced simply to fess up fast when a breach happens?
“Which is to say, let’s have a national standard to make sure companies report information,” Meyers notes. “But that’s also something that’s stalled five times in Congress” for Senate Judiciary chairman Patrick Leahy alone.
Others in Washington have also tried. Here, again, conflicting interests emerge, with some lawmakers and businesses resisting more regulations, and existing rules on the state level all over the place.