Retailers sue Federal Reserve
New York City — A coalition of retail organizations, including the National Retail Federation, the Food Marketing Institute and the National Association of Convenience Stores, have filed a lawsuit charging that the Federal Reserve failed to comply with a new law requiring it to reduce fees bank charge retailers when shoppers use credit cards.
The law, which went into effect Oct. 1, said that banks could charge a maximum of 21 cents when consumers use a debit card, down from an average of 44 cents per transaction.
The retail groups argue that the Reserve Board’s rules "have allowed big banks to continue charging unjustifiably high swipe fees" and are discouraging price competition among credit card networks, contrary to the requirements of the law.
The lawsuit alleges that the Fed — under pressure from the banks and card industry — included costs in that calculation that were barred by the law.
"Doing so has deprived merchants and their customers of the full extent of the swipe fee relief to which they were entitled," NRF said in a statement.
Nine Cyber Monday Data Loss Prevention Tips for Retailers
By Todd Feinman, CEO of Identity Finder
- It’s 10:00. Do you know where you data is?
Like good parenting, good IT security requires constant vigilance. Your sensitive data has a tendency to wander out of secure systems each time an employee accesses it. Regularly scan your network’s devices hard drives with data-at-rest data loss prevention software to create a detailed data inventory. Having an up-to-date data inventory aids compliance with several regulations, and enables a quick, surgical response in case a breach ever occurs.
- Backups are essential, but expand your security perimeter
Anyone who has ever lost data to a system crash knows the importance of backing up vital corporate information. But beware what you store, and for how long. Wholesale daily backups may inadvertently violate the law if they accidentally store credit card or other sensitive information. Treat each backup with the same level of security as your live data, and remember that each backup expands your security perimeter. Periodically scan backups and remove old sensitive information.
- What’s on that old hard drive, anyway?
A major source of corporate breaches is old, forgotten information. Sometimes forgotten servers with sensitive information are accidentally connected to the internet; unsanitized hard drives end up on E-bay; old email attachments sit like landmines on backup drives. Take time to scan old hard drives and every network device to determine which devices contain sensitive information. You’ll be glad you did, and surprised at what you find.
- Destroy old hard drives
When retiring a computer, never donate, recycle, or sell the computer without removing and destroying the hard drive. If you must leave the hard drive intact, use scanning and shredding software to permanently erase critical data, including already-deleted data.
- Segment your networks
Building Fire Walls don’t prevent fires, but they do limit damage when fire happens. Likewise, proper network segmentation and network firewalls will reduce the scope, cost, and difficulty of a PCI-DSS assessment, and potential liability associated with guarding sensitive personal information. By segmenting users from each other as well as network assets, you limit your exposure to potential malware, or even an attacker. Treat employee computers as untrusted devices whenever practicable.
- “Trust but verify”
Even small retailers may have multiple locations. Even though each location may be required to install standard point-of-sale equipment and adhere to the corporate security policy, not all locations may strictly adhere to the policy. While you must trust branch managers, it is also vital to verify that their networks are not storing sensitive information against corporate policy.
- Encryption is key, but not a silver bullet
Encrypt. Seriously, encrypt. Disk and database encryption protect information while it’s stored, ensuring it can’t be read except by someone who has the encryption key. Several States’ laws now require encryption of sensitive information while in motion and at rest. Although data-at-rest encryption is fundamental to any data loss prevention strategy, it won’t prevent employees or malicious outsiders from accessing and exporting the information while the hard drive is on.
- Don’t forget physical security
Hacking, malware, social engineering and other threats tend to grab headlines, but don’t forget to secure your computers with physical locks, or store them in a secure facility.
- Lock your computer when you walk away
Train employees not to leave desktops or laptops unattended. If employees must leave a computer unattended, they should have a habit of logging off or locking the computer to prevent unauthorized access. Use strong passwords with letters, numbers and punctuation, and never share them or store them in easily accessible locations.
Todd Feinman is CEO of Identity Finder.
Target.com under new leadership
MINNEAPOLIS — Target merchandising executive Casey Carl was given added responsibilities for the retailer’s online businesses, following a series of snafus related to an August relaunch that resulted in the departure of former online president Steve Eastman.
Carl will serve as president of multichannel with responsibility for Target’s digital platforms including mobile, social and Target.com, while retaining his prior responsibilities as SVP merchandising for entertainment, toys, sporting goods and electronics.
“We are firmly committed to implementing a multichannel strategy that enables our guests to engage with Target anywhere, anytime,” Target EVP merchandising Kathee Tesija said. “Under Casey’s leadership and with the support of a strong team, we are confident that we will continue to improve our digital operations and deliver on our ‘Expect More. Pay Less’ brand promise.”
Carl joined Target in 1997, and in his recent capacity as SVP hardlines, he was co-lead on the retailer’s multichannel steering committee.