Stores Magazine - November 2007 - (Page 12) CONSIDER THIS / PRESIDENT’S PAGE Thieves Can’t Steal What You Don’t Have BY TRACY MULLIN The Voice of Retail Worldwide STORES is published by NRF Enterprises Inc., a subsidiary of National Retail Federation Inc., 325 7th St. NW, Washington, D.C. 20004. (202) 783-7971 FAX (202) 737-2849 ver the summer, several NRF executives met to discuss retailers’ efforts to protect customer data. In particular, discussion centered on the $1 billion-plus and thousands of hours retail companies have spent working toward Payment Card Industry (PCI) Data Security Standard compliance. Inevitably, someone asked why retailers keep this data, anyway. The short answer: They have to. But what if they didn’t? Retailers are essentially forced by credit card companies to keep certain data, including card numbers, for 12 to 18 months to satisfy retrieval requests when a charge is disputed. But what if there were a way to handle these requests without requiring merchants to keep sensitive data – thus reducing the incentive for criminals to hack into our systems to steal it? We started questioning retailers. We asked CIOs, most of whom would prefer not to store the data at all. We checked with CMOs, who acknowledged they could often use what they needed within a few days. We queried data security experts, who concluded the plan was logistically possible. After vetting the idea within the industry, NRF sent a letter to the PCI Security Standards Council. Instead of forcing retailers to keep this data, we requested that retailers be given a choice. We even proposed a solution for handling chargebacks, asking card companies to let us use the authorization code from each transaction to handle disputes, and a truncated card number for returns. There would certainly be some initial investment and headache required of retailers, their financial partners and solution providers. But ultimately, if the end goal is protecting customer data, keeping sensitive information in as few places as possible is an appropriate first step. This seems to be a solution that would make sense to customers. After all, if a person wanted to protect priceless family heirlooms, we wouldn’t tell them to put thicker bars on their doors and windows — we’d suggest they put the goods in a safe deposit box at the bank. At the end of the day, this is about giving retailers the choice not to keep sensitive customer data, with a guarantee that they won’t be punished by credit card companies if they opt not to do so. Since NRF proposed its solution, some card companies have begun playing a game of “pass the buck.” While they are jockeying for position, the best interests of consumers are being left on the sidelines. Retailers will continue to invest millions to ensure the safety of customer data, but are asking that card companies meet them halfway. Instead of requiring merchants to keep information they don’t want, the card industry should work with them to keep this information secure. O CHAIRMAN OF THE BOARD M. Farooq Kathwari, Chairman, President and CEO, Ethan Allen Inc., Danbury, CT VICE CHAIRMEN Paul R. Charron, Chairman Emeritus Liz Claiborne, Inc., New York, NY Myron E. Ullman III, Chairman and CEO, J.C. Penney Co., Plano, TX PRESIDENT & CEO Tracy Mullin SENIOR VICE PRESIDENTS Mallory B. Duncan, General Counsel David Hogan, CIO Karen Theibert Knobloch, Member Services Carleen C. Kohut, Finance & CFO Steven J. Pfister, Government Relations NRF Divisions Association for Retail Technology Standards EXECUTIVE DIRECTOR Richard E. Mader (202) 626-8140 National Council of Chain Restaurants PRESIDENT John R. (Jack) Whipple (202) 626-8183 FAX: (202) 626-8185 Retail Advertising & Marketing Association EXECUTIVE DIRECTOR Mike Gatti (202) 626-8117 FAX: (202) 737-2849 EXECUTIVE DIRECTOR Scott Silverman (202) 626-8192 FAX: (202) 626-8191 325 7th Street, NW Suite 1100 Washington, D.C. 20004 All articles published in this magazine represent solely the individual opinions of the writers, and not necessarily those of the National Retail Federation. 12 STORES / NOVEMBER 2007 WWW.STORES.ORG http://WWW.STORES.ORG
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.