Lawmakers Look To Prevent More Target-Sized Data Breaches | WAMU 88.5 - American University Radio

Lawmakers Look To Prevent More Target-Sized Data Breaches

Play associated audio

The sheer size and frequency of the recent credit card data breaches at Target, Neiman Marcus and other companies are prompting lawmakers to consider legislative options to keep sophisticated cyberthefts from happening.

"If anything, we've learned from this major, major breach that we can no longer do nothing," said Sen. Amy Klobuchar, D-Minn. "We have to take action."

The bad guys who stole data from as many as 110 million Target customers are so good at what they do that even the most modern security programs couldn't detect them. If security software can't keep up, hopes for regulation to stop fraud are slim.

"This is kind of an ongoing war, and the types of threats are changing all the time," said Fran Rosch, a vice president at the security software company Symantec. He appeared Tuesday before the Senate Judiciary panel, which explored legislative options in data security.

"Information's everywhere," Rosch said. "It's in our data centers, it's in the cloud. It's in software that sits in the cloud and on our mobile devices. So the threats are exploding, but so are the attack surfaces."

Lawmakers are considering a few policy changes to better protect consumers, such as pushing for more secure credit and debit cards. American credit cards have already failed to keep up with European and Asian card technology, which feature encrypted chips. The chips prevent cyberthieves from reusing any data after they steal it.

"What's stopping our country when they're doing this in Europe?" Klobuchar asked.

Part of the problem is the complexity of the American financial system, which has so many competing card issuers, banks, retailers and business owners. Adopting systemic change to the way purchases are made would cost retailers and banks hundreds of millions of dollars.

But the recent breaches were so costly that both banks and retailers are backing a changeover to chip technology together.

"All of us have to move together simultaneously; it's a shared responsibility," said Target Chief Financial Officer John Mulligan. "The financial industry, obviously they're, in general, the issuers of the cards. So again, in partnership with them, we need to move together collectively so the whole system is employing chip and PIN technology."

Visa and Mastercard are aiming to have chips in the majority of U.S. cards by October 2015, but it could be even longer before retail outlets change their card readers. Lawmakers are asking what they could do to speed up the change.

Another plan would be to tighten data theft disclosure and security standards, an option pushed by Sen. Al Franken, D-Minn.

"Right now there's no federal law setting out clear security standards that merchants and data brokers need to meet, and there's no federal law requiring companies to tell their customers when their data has been stolen," Franken said.

Franken and Sen. Patrick Leahy, D-Vt., are co-sponsoring the Personal Data Privacy and Security Act, which includes those disclosure and security standards. Both retailers and security companies who appeared before senators Tuesday signaled support.

But the fast-changing tech terrain makes some lawmakers wary of any attempt at national standards.

"I'm always a little bit concerned about creating a new federal regulatory authority," said Sen. Mike Lee, R-Utah, "in part because sometimes when you establish something like that it can quickly become ineffective, especially if it's in an area like this one."

Outside a Washington, D.C., Target store Tuesday, Joshua Sands said he's still a loyal Target shopper — but he's taking personal responsibility for his security.

"It's like being on the Internet, when they tell you you should always have an anti-virus on your computer," he said. "You always assume somebody's trying to get in. You have to be vigilant for yourself. You can't leave it up to someone else to handle your security."

Until more systemic changes are put in place, security experts say the attacks on our payment systems are expected to continue.

Copyright 2014 NPR. To see more, visit http://www.npr.org/.

NPR

Mega-Rich Invest In Works By Living Artists

Renee Montagne talks to art sociologist and writer Sarah Thornton about how the habits of the 1 percent reverberate across the art world. She is the author of 33 Artists in 3 Acts.
WAMU 88.5

This Week On Metro Connection: Down The Hatch (Rebroadcast)

We'll celebrate Thanksgiving by revisiting our annual show about food, glorious food.
NPR

Pentagon Expected To Release More Detainees From Guantanamo

Since the midterm elections, there has been a new batch of transfers from Guantanamo Bay, Cuba, and more releases are in the works. But a new GOP Congress could stall the drive to empty Guantanamo.
NPR

Millennial Doctors May Be More Tech-Savvy, But Is That Better?

Text messages from your doctor are just the start. Millennials are the next generation of doctors and they're not afraid to say "chillax" in a consultation or check Twitter to find medical research.

Leave a Comment

Help keep the conversation civil. Please refer to our Terms of Use and Code of Conduct before posting your comments.