Merchant Financial Cyber Partnership Charts Course

ARLINGTON, Va. — The retail and financial communities continue to build on their partnership, aptly called the Merchant Financial Cyber Partnership, to boost the security of the U.S. payments system.

"This partnership has been invaluable in ensuring the entire payments system and key stakeholders are working together to combat cyberattacks. The threat posed by cybercriminals is increasingly sophisticated and is not unique to any one business, institution, industry or government," said Sandy Kennedy, co-chair of the Merchant Financial Cyber Partnership and president of the Retail Industry Leaders Association. 

"It is imperative that our two industries continue to learn from each other in this fight and work together in order to maintain the trust of our customers and collaboratively improve overall security," Kennedy added.

The Partnership released eight "next steps" for ongoing collaboration by its participants in key areas including: threat information sharing, cyber risk mitigation, advanced card present and card not present security technology, and cybersecurity legislation. As outlined, the next steps are:

1. Secure an agreement between the Financial Services Information Sharing and Analysis Center (FS-ISAC) and the Retail Cyber Intelligence Sharing Center (R-CISC) to have a formal administrative link and establish protocols for sharing information between the financial services sector and the merchant sector.

2. Convene periodic threat information sharing forums.

3. Host a joint "table top" cyber exercise with financial and merchant institutions to simulate a significant attack against a processor or multiple processors simultaneously that degrades ability to conduct commerce.

4. Leverage the National Institutes of Standards and Technology (NIST) ongoing workshops to implement and refine the voluntary NIST Cybersecurity Framework and drive its usage, along with existing work with the FSSCC, FS-ISAC and other relevant bodies. Develop compendium listing of leading practices.

5. Develop a paper on breach notification response programs.

6. Outline recommendations for merchants, issuers, acquirers and processors to collaborate more in the development of technology standards to ensure the safety and security of the payments system.

7. Outline principles for protecting the payments system, focusing on technologies that minimize the value of payments information if it is stolen, lost or breached and on customer authentication.

8. Present to congressional leaders joint principles supporting cyberthreat information sharing legislation.

In addition, in a Dec. 4 letter to Congress, the partnership outlined joint principles for legislation to enhance cybersecurity across both the merchant and financial industries. Both industries recognize better information sharing between and among industry and government is important in preventing cyber attacks. 

In the letter, the merchant and financial services communities expressed support for a set of principles for federal legislation that would increase the current level of voluntary cybersecurity information sharing, while recognizing key privacy concerns.

The Merchant Financial Cyber Partnership launched in February. Its goal is to work collaboratively across the payments system to enhance security in order to protect customers and their data from cyberthreats.

Since February, the partnership's 250 participating senior executives from financial services and merchant companies have met nearly 50 times, heard from more than 45 experts, participated in numerous outreach events including the 2014 Merchant-Financial Services Cybersecurity Summit on Sept. 10, and sought consensus on critical policy issues.

"Collaboration between our industries and with law enforcement will help protect consumers from cybercriminals," said Tim Pawlenty, co-chair of the Partnership and CEO of the Financial Services Roundtable. "This partnership has formed key links between our industries and we are hopeful these relationships will improve the entire payments system."

Participants in the partnership include eight financial and 11 merchant associations, including NACS, the Association for Convenience & Fuel Retailing, and executives from financial institutions, card companies and merchants.