WASHINGTON (Reuters) - Community banks from across the United States and some of the country’s biggest retailers are at each other’s throats over whose job it is to protect consumers from the kind of cyber attacks suffered last month by Target and Neiman Marcus.
The National Retail Federation delivered a shot on Tuesday, saying in a letter to U.S. lawmakers that its bank “partners” had failed to adopt new technology and instead continued to issue “fraud-prone” magnetic stripe credit and debit cards.
On Wednesday, the Independent Community Bankers of America representing about 7,000 banks in small towns, big cities and suburbs, fired back, saying the NRF should focus on its response to theft of data “rather than hurling false allegations blaming the banking industry.”
ICBA members hold $1.2 trillion in assets, $1 trillion in deposits, and $750 billion in loans to consumers, small businesses and the agricultural community. The NRF represents a range of merchants in more than 45 countries.
“Retailers and their processors - not banks - are responsible for the systems in their stores that process payment cards,” ICBA President and Chief Executive Officer Camden Fine said in a statement.
The exchange ratcheted up an already heated dispute over who should shoulder responsibility for cyber attacks.
Target Corp, the No. 3 U.S. retailer, disclosed in December that it was victim to one of the biggest credit card breaches on record. Target said it ran for 19 days during the lucrative holiday shopping season, with data compromised in the records of about 70 million customers.
Privately-owned luxury retail chain Neiman Marcus has said it too was victim of a cyber attack and sources have told Reuters other retail chains have been hacked.
U.S. banks and retailers face an October 2015 deadline imposed by payment networks Visa Inc and MasterCard to switch to new cards that use computer chips to store information rather than magnetic strips.
Each group wants the other side to pay for the upgrades.
Industry experts and some executives, however, hoped the data breaches would spook the firms enough that they would speed up efforts to implement the new technology.
“This might be a chance for retailers and banks to for once work together as opposed to sue each other like we’ve been doing the last decade,” JPMorgan Chase chief executive Jamie Dimon said last week when he was asked about the issue during an earnings conference call.
National Retail Federation President Matthew Shay, in the letter to lawmakers, took a swipe at banks for “putting sensitive financial information at risk” for years with the more traditional cards “while simultaneously touting the security benefits of next generation ‘PIN and Chip’ card technology for customers in Europe and dozens of other markets.”
The bank group said on Wednesday that the technology would not have prevented last month’s breaches. ICBA has argued in previous letters to lawmakers that the party that suffers the breach bears responsibility.
Reporting by Emily Stephenson; Editing by Grant McCool