Visa summit will counter data breach hype

D.C. event will argue breach fallout not that widespread

Credit-card payments giant Visa is hoping to shed new light on problems like consumer data theft and identity fraud through a conference that will bring together leaders from the business, government, and technology communities to discuss security for the electronic payments industry.

Hosted in partnership with the publishing arm of Harvard Business School, the day-long set of briefings is being held March 8 in Washington under the banner "Maintaining Trust in Payments Summit."

In a series of panels, controversial topics like the amount of time companies should be allowed to wait before disclosing data breaches to card issuers and consumers will be up for debate, as will the role of the government in providing protection for consumers and industry.

The list of scheduled speakers for the event includes Visa CEO John Philip Coghlan, business leaders like eBay CEO Meg Whitman, executives from retailer Nordstrom and Wells Fargo Bank, and a representative from ChoicePoint, the consumer data collection firm that was involved in one the most notorious electronic records mishaps ever reported. Public sector heavyweights will also take part, including Homeland Security cyber-czar Greg Garcia.

Visa controls the world's largest payment system. Like other payment companies, Visa finds itself at the center of a rapidly-changing fraud landscape driven by the spread of Internet usage and malicious software.

"The reality is that payment security is a complex issue, and the only way to reach a solution is to have an open and honest dialogue," said Rosetta Jones, vice president of corporate relations for Visa USA. "The goal for us was to bring together leaders from the technology, retail, law enforcement, and financial industries to raise the consciousness of data security among all the partners involved with payment systems."

The emphasis will be on shared responsibility among the many players involved in combating the exposure of sensitive consumer records and related fraud, Jones said.

Developers of payment systems applications used in point-of-sales devices will also participate in this year's summit in the name of expanding the debate. Visa considers application vendors crucial pieces of the payment security puzzle.

Robert C. Cresanti, the chief privacy officer and undersecretary of Commerce for Technology, said that it's not useful to get caught up in the blame game or focus too much on single any aspect of improving security for records and payment systems.

Cresanti said that the government's first objective in trying to improve the situation must be to "clean up its own house" in terms of reviewing the manners in which it gathers, stores, and protects data.

There also needs to be a better understanding in both the private and public sectors of how the exposure of electronic records has truly affected the growth of identity fraud, according to the expert.

"We're in an environment where these issues are forcing companies to make decisions between profits and losses every day, we see punishment in stock prices for those who have had incidents, and loss of consumer trust," Cresanti said. "We need to examine how we can put a fine edge on things to ensure that people are careful with the information they collect and hold while creating better public awareness of what is actually going on."

But media attention to data breaches may be creating too much awareness of the threat of data loss and too little understanding of the underlying causes, said analyst James Van Dyke of Javelin Strategy and Research.

Van Dyke plans to devote part of his time speaking on a show panel about a recent report produced by his company that contends identity theft led to fewer related losses in 2006 ($49.3 billion) than in 2005 ($55.7 billion) despite a mounting number of consumer records that have been lost or stolen.

"The biggest issue might be that too many people take simplistic view and assume that it's all about the Internet and data breaches, but it's really much more varied than that," said Van Dyke. "It's very much a shared problem, and merely handing out blame is unhelpful in terms of addressing the real issues."

Avivah Litan, analyst with Gartner, said that businesses walk a thin line when deciding about the reporting of potential breaches to customers and partners, including credit card issuers like Visa.

The business community is anxious to point out that every breach is different and that the exposure of credit card data has not proven as disastrous for consumers as some parties have predicted, she said.

Litan will host a panel discussion at the summit that, among other topics, will discuss the media's approach to handling data breach stories and whether or not the press has become too sensational in reporting some of the incidents.

"Companies have taken a lot of heat for not disclosing breaches faster, but they've been doing so in part because of their work with law enforcement -- they want to get that out and try to come to some consensus about how to handle these situations while catching the crooks," said Litan. "Issuers want to know immediately, but criminals will hide if they know they're being watched; there's a need for some system in place that better serves the needs of all parties."

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies