NRF Works to Eliminate Credit Card Fraud
The National Retail Federation (NRF), in a letter to the Payment Card Industry (PCI) Security Standards Council, requested changes in how the credit card industry mandates merchants to store credit card data, citing concern over data breaches.
“All of us – merchants, banks, credit card companies and our customers – want to eliminate credit card fraud,” said NRF Chief Information Officer David Hogan in the letter. “But if the goal is to make credit card data less vulnerable, the ultimate solution is to stop requiring merchants to store card data in the first place.”
The letter outlines the retail industry’s commitment to PCI compliance while addressing the issue that PCI itself does not discourage hackers from attempting breaches of retailers’ systems.
“With this letter, we are officially putting the credit card industry on notice,” said Hogan. “Instead of making the industry jump through hoops to create an impenetrable fortress, retailers want to eliminate the incentive for hackers to break into their systems in the first place.”
Hogan outlined NRF’s approach in the letter, stating that credit card companies and their banks should provide merchants with the option of keeping nothing more than the authorization code provided at the time of sale and a truncated receipt, rather than requiring that merchants keep reams of data for an extended period of time, putting retail customers at unnecessary risk.
“If all merchants took advantage of this option, credit card companies and their member banks would be the only ones with large caches of data on hand, and could keep and protect their card numbers in whatever manner they wished,” Hogan said. “The bottom line is that it makes more sense for credit card companies to protect their data from thieves by keeping it in a relatively few secure locations than to expect millions of merchants scattered across the nation to lock up their data for them.”
For additional information, visit www.nrf.com.