Companies aren’t waiting on Congress to ensure that the billions of dollars in electronic payments flowing through data networks each year are defended from hackers.
Data breaches were thrust in the spotlight after hackers broke into the networks of retailers during last year’s holiday season. Lawmakers held a slew of hearings in the aftermath and many proposed legislation intended to ensure that consumers are warned promptly when their information is put at risk.
“Whenever you're going through that many gauntlets, it's hard. It's the reason we haven't had a privacy bill in 10 years,” said a financial services lobbyist who asked not to be identified. “No one in the industry thinks a bill might move in the next couple months.”
With action in Congress unlikely to happen soon, the nation’s largest retailers and financial groups are taking it upon themselves to increase safeguards for consumer information. With their reputations and business on the line, both industries are determined to make progress.
“Customers are counting on everyone to keep their data safe and secure. It’s critical to recognize that the real enemy here is the hacker,” said Richard Hunt, the head of the Consumer Bankers Association, in an announcement of a massive collective spearheaded by the Financial Services Roundtable and the Retail Industry Leaders Association earlier this year.
More than a dozen financial and merchant groups — including the National Restaurant Association, the American Bankers Association, the American Hotel & Lodging Association and the Electronic Transaction Association — have teamed up to work on data security.
Jason Kratovil, the Roundtable’s vice president of government affairs for payments, said the talks have been productive and are helping industries share information about looming security threats.
"The partnership is a good opportunity to discuss data security challenges facing the current payment system, talk about technologies on the horizon, and how our industries can better coordinate and communicate on cyber threats going forward,” Kratovil told The Hill.
Data breaches have become fairly common in recent years, according to the Privacy Rights Clearinghouse, a California-based nonprofit that tracks leaks.
This year alone, there have been 33 breaches at businesses or financial institutions both large and small that compromised more than 1.1 million records. Those breaches came in the form of credit card fraud, exposure to hackers or unintended disclosure.
Since 2009, there have been 636 data breaches that have been made public, involving 443 million records, according to the Clearinghouse database. The numbers are high because one person can have multiple records compromised in a single hack.
Though movement in Congress on data-security legislation has slowed recently, lobbyists who spoke with The Hill said that another high-profile cybersecurity breakdown could spur lawmakers into action.
“It maybe only takes one more galvanizing moment, one more significant data breach and things [on Capitol Hill] could happen very quickly,” Kratovil said.
All told, more than 75 groups and companies actively lobbied policymakers on data-breach issues during the first three months of 2014, according to the most recent lobbying disclosure records available.
Major industry players lobbying on data security include the U.S. Chamber of Commerce, the National Association of Realtors, General Motors, American Express, the National Retail Federation the American Association for Justice and Aflac insurance.
Consumers spend trillions of dollars through electronic payments every year, which includes credit card transactions and newer ways of paying for goods, such as mobile wallet apps.
That has made data security a top priority on K Street, with lobbyists at Facebook, Comcast, AT&T, Verizon, the National Cable and Telecommunications Association and CTIA-The Wireless Association all keeping tabs on new developments, according to reports.
A tech lobbyist said that policymakers still have a long way to go before addressing the security challenges posed by new technology.
“Congress and Washington are not focused on what's to come in the future of payment innovation, and I hope that they inject a level of innovation into the discussion to really get a sense of what's going on,” the lobbyist, who asked not to be identified, said.
Cybersecurity efforts are also a focus at financial institutions, which are more steeped in technology than ever before.
Scott Talbott, the Roundtable’s former chief lobbyist, moved to the Electronic Transactions Association, a group that represents companies involved in the intricate chain of how consumers pay for goods electronically.
He said that lawmakers are becoming more interested in emerging technologies that could make credit cards more secure and allow people to use their phones safely for transactions.
"Electronic payments will continue make consumer transactions easier, safer and faster. It is an exciting time as ETA members develop and deploy new payments technology around the world," Talbott said. "It was a driving force in my decision to join the ETA team."