The Economics of Financial Security Breaches

REPLAY VIDEO
Your next video will start in
Pause

Recommended Videos

  • Info

  • Comments

  • VIDEO TEXT

Feb. 4 (Bloomberg) -- National Retail Federation General Counsel Mallory Duncan discusses the impact of cyber crime on the economy on Bloomberg Television's "Bottom Line." (Source: Bloomberg)

Thanks for having me.

What are the economic consequences of these security breaches?

What numbers are we talking about on an annual basis?

The numbers are huge.

The fraud loss is estimated to be about $11 billion.

The time and inconvenience for customers.

The risk of an identity theft breach that customers could be adversely affected.

And then many billions of dollars the companies are spending trying to lock down their systems, trying to keep these criminal hackers from breaking in and the first place.

The credit union national association says that credit unions will have to pay between $25 million-$30 million to provide new debit or credit cards for customers affected by the data breach at target.

Is that fair considering the credit unions were not responsible for the breach?

This is a very complicated issue.

As i pointed out yesterday and i think other members who testified made very clear, we have a fundamental problem with cards in this country.

Cards are authenticated with a signature and a magnetic stripe.

The magnetic stripe can be easily lifted by, frankly, a reasonably sophisticated 12-year-old.

And in terms of the signature, they are worthless.

No one knows we're signature looks like.

-- what your signature looks like.

We need to move to a more secure card system.

A pin so that the customer is protected and she knows no one can use that card except her, and a chip so that the bank is protected, so they know that is the card they issued.

Why are u.s. sanctioned card networks still using a magnetic strip, and technology from the 1960's? that's a very good question.

You know, they have been promoting pin in chip all over the world in virtually every other developed nation, and frankly, many underdeveloped nations already have pin and chip technology.

The u.s. is just about the last place to move forward.

If we move forward, it will not solve all the problems, but it will remove fraud dramatically and make our whole payment system more secure.

It sounds to me that you are talking about cost.

That seems to be the only reason the u.s. is not moved forward.

Is the upfront cost of a system upgrade worth it considering the reputational damage, not to mention the possible litigation that results from a security breach?

We certainly think it is.

We will potentially save a good portion of the billions of dollars of fraud that is going on right now.

There are several billion cards that have been issued in the u.s., and the banks will have to decide if they are going to re-issue those cards with more security?

We think it is a good investment.

But we all have to work together.

Members of the senate banking committee one retailers to participate in a nine -- in a national data breach system.

They also want the ftc to have wider authority to investigate data theft.

Is the national retailers association in favor of these moves and should they be voluntary?

Right now, there are 46 state laws that require breach notification, plus district of columbia, plus three other territories.

Almost everyone is covered by the laws on the books now.

For several years, we have argued to congress that it would be better to have a single national standard, not the weakest standard, a good, solid, strong reach notification law out there, and we fully support that.

In our last 30 seconds, there have been other breaches, but the target one got the most headlines.

Is this something that did not have to happen?

You know, it is impossible to make a system that is bulletproof.

There will always be one more sophisticated and dedicated hacker who will find a way in.

Our goal is to keep the system away from personal data and we have to upgrade the system and

This text has been automatically generated. It may not be 100% accurate.

Advertisement

BTV Channel Finder

Channel_finder_loader

ZIP is required for U.S. locations

Bloomberg Television in   change