Op-Ed: National data security standards are better than PIN
The National Retail Federation (NRF) has launched an ad campaign to advocate for “uniform national” data breach standards for “all affected industries.”
Welcome to the cause. The financial services industry already is subject to uniform standards and continually has fought for national rules to cover all affected industries.
Retailers opposed these efforts. Instead groups like the Retail Industry Leaders Association push lawmakers and regulators to instead adopt a government mandate that would cost billions to implement and do little to protect consumers.
Barclays of London introduced Personal Identification Numbers (PINs) in 1967, the year the Beatles and Monkees battled for the top of the charts. That music is timeless. PIN is not. Because PINs are a static data element, they don’t protect against counterfeit or card not present (CNP) fraud, which together account for about 85 percent of total U.S. card fraud.
According to the Aite Group, it would cost retailers $4 billion to fully implement PIN. That expense would be worthy if it adequately protected consumers, but it wouldn’t. In fact, an Aite analyst concluded mandating PIN would be “difficult to justify.”