Financial services, retail groups form cyber partnership

By Emily Stephenson

WASHINGTON (Reuters) - U.S. banks and retail groups announced on Thursday that they are joining forces to work on cybersecurity, a sign they might be moving past recent squabbles over who is to blame for data breaches.

The Financial Services Roundtable, Retail Industry Leaders Association and several other trade associations said the new partnership would focus on sharing more information on cyber threats, developing technology to protect consumers and discussing areas of disagreement between banks and merchants.

"Exploring avenues for increased information sharing and collaborating on innovative technologies and safeguarding data will be critical in defending against common enemies," Tim Pawlenty, chief executive of the Financial Services Roundtable, said in a statement.

Bank and retail industry groups have been at odds for years over cyber issues, but massive data breaches at Target Corp and Neiman Marcus Group LLC have made the dispute more prominent.

Financial services groups want retailers to bear more of the costs of replacing cards after breaches occur. Retailers say banks have been slow to adopt new, more secure debit card technology.

Both sides are now under public pressure to respond to the data breaches.

"It is long overdue that these two sectors sit down and rethink their cybersecurity postures," said Tom Kellermann, managing director for cyber protection at Alvarez & Marsal Global Forensic and Dispute Services.

The trade associations said they would form working groups consisting of their experts, representatives from member companies and others. They will also focus on thefts that do not involve debit or credit cards and on how to protect mobile payments.

MOBILE SECURITY

That growing use of mobile devices has actually held back some progress between banks and retail groups, experts said. As electronic payments gain popularity, the incentive for either side to improve debit and credit card systems diminishes.

Card networks Visa Inc and MasterCard Inc have imposed a 2015 deadline to switch to new "chip and PIN" cards that are thought to be more secure than magnetic strip cards.

But the shift is expensive and neither banks nor retailers want to take the first leap, especially since customers could move to mobile payments.

David Robertson, publisher of payment industry newsletter The Nilson Report, said mobile payment security could be a critical aspect of the new retail-bank partnership. Mobile devices increase the points of access for criminals trying to break into data networks.

"That absolutely needs to be done now," Robertson said. "We need to make sure that mobile becomes a secure way of doing business."

U.S. lawmakers have considered weighing in on how consumers should be notified of data theft. Kellermann, of Alvarez & Marsal, said there could also be a role for regulators to help improve cyber strategies on both sides.

But issues such as how to communicate across industries and who pays when a breach happens are likely up to the firms to sort out.

"The solution needs to be through cooperation," Jennifer Platt, vice president of federal operations at the International Council of Shopping Centers, said in a statement.

"We hope that this partnership will be a constructive step in helping to create a pathway to improved consumer confidence."

(Reporting by Emily Stephenson. Additional reporting by Ross Kerber and David Henry.; Editing by Karey Van Hall, Bernadette Baum and Andre Grenon)