WASHINGTON – A panel of security experts expressed doubt at Visa's Global Security Summit that regulations implementing a nationwide cap on debit interchange would do anything to further the effort to fight card fraud.
The panelist were almost unified on the notion that the Federal Reserve choosing and dictating card data protection technology would be a bad idea, although one panelist,
Aaron McPherson of IDC Financial Insights expressed hope the Fed might simply dictate the use of smart cards and thus push past industry obstacles. But other panel members doubted that would happen.
Nessa Feddis, senior counsel with the American Bankers Association, thought that would be a bad idea since it would be obsolete by the time the rule was finalized and, in the proposal, would give criminals a road map to where they need to develop expertise.
Gray Taylor, executive director of the National Alliance of Convenience Store Security Standards Board, predicted the Durbin amendment would or should lead to the consumer being drafted into the battle against fraud. He contended that too many issuers are still urging card holders to use the more fraud prone authentication method, their signatures.
But Feddis responded that Visa had developed signature transactions in order to please merchants who did not want to upgrade their existing payment systems to handle personal identification numbers. Gray responded by calling that a “fantasy.”
Online Only: On-Site Coverage: National Security Comes to the Fore of Summit
WASHINGTON — As concerned as credit unions and other card issuers are about data security, there were signs at Visa's Global Security Summit that the topic's importance has moved past payments.
Former Homeland Security Secretary Michael Chertoff struck this note when he told the meeting at the April 27 gathering that he saw significant more room for cooperation between public and private institutions working on the national priority of data security.
Chertoff is chairman of The Chertoff Group, a security analytical and consulting firm.
“Clearly data security is the primary concern of the people in this room, but we have come to understand that data security means securing more than just payments,” Chertoff told the meeting.
Chertoff listed other significant data threats that have come to worry government, including the theft of intellectual property and disruptive attacks aimed at institutions or even whole nations, citing the attacks on Estonia from a few years ago.
He characterized the theft of intellectual property as having included “several Libraries of Congress worth of data” which he called the “crown jewel” of intellectual property that had been stolen so far.
He told the meeting that both public and private sector authorities need to start thinking of security in different ways, moving away from the notion of building a “Maginot Line” of higher and higher firewalls to keep out intrusion.
Instead he recommended beginning to think in terms of different networks with different levels of security for different purposes. Maybe the overall general Internet is not the best network on which to place financial transactions, he suggested. Maybe a network that connects researchers in different fields might require a different level of authentication.
He also suggested that each side, public and private, have unique skills and ability to bring to the effort. Government brings a worldwide perspective and prosecutions of violators. The private sector can bring greater abilities to analyze and mine data, he said.
Howard Schmidt, cyber security coordinator for the Obama administration, sounded a similar theme when he addressed the meeting over lunch. Schmidt used his talk to recount efforts in both the public and private sectors to come to something close to universal standard for identity authentication.
“Imagine a time when the average American consumer will not need 10 or 12 different IDs with passwords that likely overlap, but which should not,” he said.