WASHINGTON (Reuters) - U.S. banks and retail groups announced on Thursday that they are joining forces to work on cybersecurity, a sign they are trying to move past recent squabbles over who is to blame for data breaches.
The Financial Services Roundtable, Retail Industry Leaders Association and several other trade associations said the new partnership would focus on sharing more information on cyber threats and improving technology to protect consumers.
Bank and retail industry groups have been at odds for years over cyber issues, but massive data breaches at Target Corp and Neiman Marcus Group LLC have made the dispute more prominent.
Banks want retailers to bear more of the costs of replacing cards after breaches occur. Retailers say banks have been slow to adopt new, more secure debit card technology.
“There’s going to continue to be differences on things like the costs of issuing replacement cards that are triggered by some breach of somebody else’s systems. That’s not something that the two industries are likely to agree upon,” Tim Pawlenty, chief executive of the Financial Services Roundtable, said in an interview.
“But ... can we benefit from learning from each other on internal system resiliency and improvement in best practices and state-of-the-art cyber defenses? Absolutely.”
Tom Kellermann, managing director for cyber protection at Alvarez & Marsal Global Forensic and Dispute Services, said the joint effort was “long overdue.”
Pawlenty said the partnership came together quickly after Sandy Kennedy, head of the retail leaders group, contacted him. The associations plan to form working groups with their experts and representatives from member companies.
Brian Dodge of the retail leaders group said financial services firms already share information about cyber threats, but retailers do not have a formal program. The partnership will work toward better communication.
“We both viewed this as an opportunity to collaborate rather than to wage a public battle,” he said.
U.S. lawmakers have considered weighing in on how consumers should be notified of data theft. But progress on legislation is not guaranteed in a busy election year.
The group will also focus on thefts that do not involve debit or credit cards and on how to protect mobile payments.
That growing use of mobile devices has actually held back some progress between banks and retail groups, experts said. As electronic payments gain popularity, the incentive for either side to improve debit and credit card systems diminishes.
Card networks Visa Inc and MasterCard Inc have imposed a 2015 deadline to switch to new “chip and PIN” cards that are thought to be more secure than magnetic strip cards.
But the shift is expensive and neither banks nor retailers want to take the first leap, especially since customers could move to mobile payments.
David Robertson, publisher of payment industry newsletter The Nilson Report, said mobile payment security could be a critical aspect of the new retail-bank partnership. Mobile devices increase the points of access for criminals trying to break into data networks.
“That absolutely needs to be done now,” Robertson said. “We need to make sure that mobile becomes a secure way of doing business.”
Reporting by Emily Stephenson. Additional reporting by Ross Kerber and David Henry.; Editing by Karey Van Hall, Bernadette Baum and Andre Grenon