Eight 'Next Steps' for Merchant Financial Cyber Partnership

• Facebook
• Twitter
• LinkedIn

ARLINGTON, Va. -- The Merchant Financial Cyber Partnership has announced the next steps for the retail and financial industries to continue working together to strengthen the security of the payments system.

Launched in February, the partnership's goal is to work collaboratively across the payments system to enhance security in order to protect customers and their data from cyber threats.

To ensure the partnership's efforts fulfill its goals, it has outlined eight next steps for the partnership in the key areas of threat information sharing, cyber risk mitigation, advanced card present and card not present security technology and cybersecurity legislation:

1. Secure an agreement between the Financial Services Information Sharing & Analysis Center (FS-ISAC) and the Retail Cyber Intelligence Sharing Center (R-CISC) to have a formal administrative link and establish protocols for sharing threat information between the financial services sector and the merchant sector.
2. Convene periodic threat information sharing forums.
3. For cyber risk mitigation, host a joint "tabletop" cyber exercise with financial and merchant institutions to simulate a significant attack against a processor or multiple processors simultaneously that degrades ability to conduct commerce.
4. Leverage the National Institutes of Standards & Technology (NIST) ongoing workshops to implement and refine the voluntary NIST Cybersecurity Framework and drive its usage along with existing work with the FSSCC, FS-ISAC and other relevant bodies. Develop a compendium listing of leading practices.
5. Develop a paper on breach notification response programs.
6. Outline recommendations for merchants, issuers, acquirers and processors to collaborate more in the development of advanced card-present and card-not-present security technology standards to ensure the safety and security of the payment system.
7. Outline principles for protecting the payments system, focusing on technologies that minimize the value of payments information if it is stolen, lost or breached and on customer authentication.
8. Present to congressional leaders joint principles supporting cyber threat information sharing legislation.

"This partnership has been invaluable in ensuring the entire payments system and key stakeholders are working together to combat cyber attacks," said Sandy Kennedy, co-chair of the partnership and president of the Retail Industry Leaders Association (RILA). "The threat posed by cyber criminals is increasingly sophisticated and is not unique to any one business, institution, industry or government. It is imperative that our two industries continue to learn from each other in this fight and work together in order to maintain the trust of our customers and collaboratively improve overall security."

Also, the partnership has sent a letter to Congress outlining joint principles for legislation to enhance cybersecurity across both the merchant and financial industries. Both industries recognize better information sharing between and among industry and government is important in preventing cyber attacks. In the letter, the merchant and financial services communities expressed support for a set of principles for federal legislation that would increase the current level of voluntary cybersecurity information sharing, while recognizing key privacy concerns.

Since February, the partnership's 250 participating senior executives from financial services and merchant companies have met nearly 50 times, heard from more than 45 experts and participated in numerous outreach events including the 2014 Merchant-Financial Services Cybersecurity Summit on September 10 and sought consensus on critical policy issues.

Participants include eight financial associations (American Bankers Association, Consumer Bankers Association, Electronic Transactions Association, Financial Services Forum, Financial Services Roundtable, Independent Community Bankers of America, The Clearing House, NACHA-The Electronic Payments Association) and 11 merchant associations (American Hotel & Lodging Association, Food Marketing Institute, International Council of Shopping Centers, International Franchise Association, Merchant Advisory Group, National Association of Chain Drug Stores, National Association of Convenience Stores (NACS), National Grocers Association, National Restaurant Association, National Retail Federation, Retail Industry Leaders Association), executives from financial institutions, card companies and merchants.

Members help make our journalism possible. Become a CSP member today and unlock exclusive benefits, including unlimited access to all of our content. Sign up here.