After weeks of pointing fingers over a massive theft of
credit-card information from Target Corp. customers, the U.S.
financial and retail industries are trying to mend fences.
Fifteen Washington, D.C., trade groups representing banks and
retail stores joined a new partnership this week focused on
protecting payment data from hackers, saying they intended to work
to share information about cyberthreats and advance payment
technology that is less vulnerable to attacks.
The move follows criticism from Capitol Hill about the
industries' failure to work together to protect consumers and could
portend greater collaboration in the U.S., which has lagged behind
other countries in adopting technology known to reduce credit-card
fraud.
But the two industries, which have previously battled over
federal rules governing transaction fees, still have a significant
gulf over some key issues, including who will be held liable for
the costs of a cyber breach.
The drivers of the new partnership were Sandy Kennedy, president
of the Retail Industry Leaders Association, which represents Target
and other big retail chains, and former Minnesota Gov. Tim
Pawlenty, who leads the Financial Services Roundtable and
represents big banks and the payment networks Visa Inc. and
MasterCard Inc. Ms. Kennedy originally pitched the idea weeks ago
and the two met in Mr. Pawlenty's office Monday, agreeing to
marshal support with other trade associations.
"The financial services industry and the retailers have some
things we are going to continue to disagree on," Mr. Pawlenty said
in an interview. "That shouldn't stop us from working together
where we can."
A series of congressional hearings and news conferences about
the Target breach in recent weeks has laid bare the differences
between the two groups. The breach involved the theft of 40 million
credit- and debit-card numbers from the company's servers.
James Reuter, executive vice president of Lakewood, Colo.-based
FirstBank and a member of the American Bankers Association, told
the Senate Banking Committee on Feb. 3 that banks recover "pennies
on the dollar" when they pay to cover fraudulent charges or reissue
cards and Congress ought to change that. The National Retail
Federation blasted banks for their failure to make transactions
with stolen card numbers harder to execute, including by making
consumers enter personal identification numbers for credit-card
transactions. Both the retail federation and the bankers
association are part of the new coalition, which was announced
Thursday.
Sen. Mark Warner (D., Va.), who chairs a security-focused
subcommittee of the banking panel, urged the groups to avoid a
repeat of the fight over the "interchange" fees associated with
card transactions. "We don't need another...long-term fight between
the bankers, the retailers and the card industry," Mr. Warner said
at the Feb. 3 hearing.
The new coalition will include working groups made up of experts
from both industries. One early goal: Finding consensus on a
national standard for notifying customers whose data has been
stolen, to replace a patchwork of state notification
requirements.
But the lobbying battles are likely to continue. The Credit
Union National Association, which estimates its members have so far
paid $30.6 million to reissue about 4.6 million credit and debit
cards because of the Target breach, declined to join the new
coalition this week. It is planning to advocate for more financial
liability for retailers when it brings credit union leaders to
Capitol Hill to meet with members of Congress later in
February.
Patrick Keefe, vice president of communications for CUNA, said
in an email that the group didn't join the coalition "at this time"
because it wanted to conduct those meetings "without any
implication that some sort of understanding has been reached
between credit unions with the retailers (because it hasn't)."
Write to Ryan Tracy at ryan.tracy@wsj.com
Subscribe to WSJ: http://online.wsj.com?mod=djnwires