This week, the Merchant Financial Cyber Partnership announced plans to strengthen the
security of the payments system and align on cyber security. In a press release, the group announced the issuance of eight next steps for ongoing collaboration by participants in key areas including:
Threat Information Sharing
1. Secure an agreement between the Financial Services Information Sharing and
Analysis Center (FS-ISAC) and the Retail Cyber Intelligence Sharing Center (R-CISC)
to have a formal administrative link and establish protocols for sharing information
between the financial services sector and the merchant sector.
2. Convene periodic threat information sharing forums.
Cyber Risk Mitigation
3. Host a joint “table top” cyber exercise with financial and merchant institutions to
simulate a significant attack against a processor or multiple processors
simultaneously that degrades ability to conduct commerce.
4. Leverage the National Institutes of Standards and Technology (NIST) ongoing
workshops to implement and refine the voluntary NIST Cyber security Framework
and drive its usage along with existing work with the FSSCC, FS-ISAC and other
relevant bodies. Develop compendium listing of leading practices.
5. Develop a paper on breach notification response programs.
Advanced Card Present & Card Not Present Security Technology
6. Outline recommendations for merchants, issuers, acquirers, and processors to
collaborate more in the development of technology standards to ensure the safety
and security of the payment system.
7. Outline principles for protecting the payments system, focusing on technologies that
minimize the value of payments information if it is stolen, lost or breached and on
customer authentication.
Cyber security Legislation
8. Present to congressional leaders joint principles supporting cyber threat information
sharing legislation.
One of the major steps is an effort to urge Congress to pass cyber threat information sharing legislation. To this end, the partnership this week sent a letter to Congress outlining joint principles for legislation to enhance cyber security across both the merchant and financial industries.
The letter expressed support for a set of principles for federal legislation that would increase the current level of voluntary cyber security information sharing, while recognizing key privacy concerns.
Launched in February, the Merchant Financial Cyber Partnership has succeeded in its goal to work collaboratively across the payments system to enhance security in order to protect customers and their data from cyber threats.
“This Partnership has been invaluable in ensuring the entire payments system and key stakeholders are working together to combat cyber attacks,” said Sandy Kennedy, co-chair of the partnership and president of the Retail Industry Leaders Association. “The threat posed by cyber criminals is increasingly sophisticated and is not unique to any one business, institution, industry or government. It is imperative that our two industries continue to learn from each other in this fight and work together in order to maintain the trust of our customers and collaboratively improve overall security.”
“Collaboration between our industries and with law enforcement will help protect consumers from cyber criminals,” said Tim Pawlenty, co-chair of the partnership and CEO of the Financial Services Round table. “This partnership has formed key links between our industries and we are hopeful these relationships will improve the entire payment system.”
The post US outlines cyber security steps for securing the payments system appeared first on Payments Cards & Mobile.