Pub. 3 2015 Issue 4

22 The Community Banker www.mibonline.org Washington Watch T he rising visibility of data breaches and the perva- siveness of hacking ensure that cybersecurity and data protection will be top Washing- ton priorities in 2015. Despite the public’s apparent apathy to the seemingly daily reports of cyberthreats, Congress and the regulators are under increasing pressure to act in the aftermath of breaches at Home Depot, Target Corp. and other major retailers. For ICBA and community banks, this represents a new set of opportunities and challeng- es—to improve the nation’s cyber-defenses and require greater data protections among retailers without incurring additional and unnecessary reg- ulatory burdens. By supporting cybersecurity information-shar- ing and consistent data-security standards for all payments sys- tem participants, ICBA is looking to reduce security risks for community banks by bringing others up to their standard. Bipartisan opportunity While 2015 will have no shortage of Washington partisanship, Republicans and Democrats appear to share common ground in pursuing data-security and cybersecurity reform in the 114th Congress. Following an executive order from President Obama, the Na- tional Institute of Standards and Technology last year released a cybersecurity framework that is voluntary and focused on aligning policy, business and technological approaches to address cyber-risks in all critical infrastructure sectors. Similarly, a Republican task force recently issued an innovation agenda for the new Congress that empha- sized public-private partnership, individual rights and a non-reg- ulatory approach. Several congressional committees will have a hand in crafting legislation on cyberse- curity and data protection, so the process might get unwieldy at times. But if policymakers stick to these core principles of voluntary standards and collaboration, community banks will have ample opportunity to achieve successful reforms of both data-security and cyberse- curity policies. Data duties Data security is front and cen- ter in Washington due to the on- slaught of massive data breach- es at major retailers. ICBA’s data-security objectives focus on ensuring all participants in the payments system—includ- ing merchants—are required to play by the same kinds of rules and regulations. That means ap- plying standards such as those in the Gramm-Leach-Bliley Act on all participants and requiring the costs of data breaches to be borne by the breached party. ICBA also will continue to support a national data-secu- rity breach and notification standard that will replace the current patchwork of state laws. Further, ICBA opposes efforts to make banks liable for losses incurred by business customers as a result of their poor security practices. And while community banks continue to move to chip technology for debit and credit cards, policymakers and other stakeholders should understand that these technologies alone would not prevent future data breaches and do not protect against fraud in card-not-pres- ent transactions, such as online purchases. Community banks had to reissue more than 4 million payments cards following the data breaches at Target and Neiman Marcus at a cost of more than $40 million, ac- cording to an ICBA study. This doesn’t begin to include the subsequent breaches at Home Depot, Kmart, P.F. Chang’s and countless other merchants. Together, ICBA’s data-securi- ty initiatives are designed to reduce the cost of retailer data breaches for community banks CYBER SHOWDOWN Security will be top Washington priority in 2015 By Lily Thomas and Aaron Stetter