Visa’s Ellen Richey Reflects on State of the Union

“If we can agree to work together, and keep investing in innovative technologies, I’m confident we can continue to protect consumers and companies from fraud, capture cybercriminals and maintain trust in the payments system.”

President Obama made it clear during his January State of the Union address that protecting American companies and consumers from cyberthreats was a national priority. At Visa, we share this critical goal. We recognize, as the President has, that “neither government, nor the private sector can defend the nation alone.” In order to defeat cybercriminals, all of us – government, industry, law enforcement and consumers – must work together.

President Obama’s call for data breach notification legislation is an important step in government working more collaboratively with the private sector. While those of us who handle sensitive customer information are dedicated to vigilantly protecting it, we recognize cybercriminals are continuously working to steal this same information. And, while they fail far more often than not, we know that despite our best efforts they have infiltrated many of our country’s computer systems. When this happens, companies have an obligation to notify customers that their personal information may have been compromised. Currently, 46 states, Washington, D.C., Guam and Puerto Rico have laws regarding breach notification. Since many companies have operations in several states, they must comply with differing state regulations and an inefficient process of customer notification. The President’s call to Congress to develop a uniform Federal data breach notification standard will be a valuable tool to guide businesses on when, and by what means, consumers and law enforcement agencies must be notified if sensitive information has been exposed.

President Obama’s proposal to foster greater information sharing with liability protections is also an important first step toward fostering greater collaboration. Not only will this permit the government and the private sector to share information on cyberthreats more freely, but it will enable us to increase the speed at which we do so.

These commonsense reforms are vital to encouraging greater cooperation between the government and private sector to protect consumers and industry. Nonetheless, we know that cybercriminals will continue to target U.S. companies, critical infrastructures, the payments system or any database that contains valuable information. With that in mind, Visa is investing in new ways to reduce – or even eliminate – sensitive account data from the merchant environment. Moving beyond simply building higher walls to keep hackers out, we want to make account data within a merchant’s systems of no use for committing fraud. If the data available in the merchant environment could no longer be used to commit fraud, criminals would no longer have a reason to steal it, and merchants would no longer be a target of criminals seeking to commit payment fraud.

And the good news is that we are making significant progress in this area. Visa has helped lead the industry to develop smart technologies such as EMV chip, tokenization and encryption – technologies which increasingly can enable a transaction to take place, without passing real account information through the ecosystem. Of course, while technology is an important part of fighting fraud and further protecting against evolving threats, we need to be careful that technology mandates – where the government sets parameters around the use and development of technology – don’t stifle creativity by establishing a “box” inside which innovation must occur. We cannot afford to limit flexibility and imagination.

On the other hand, if we can agree to work together, and keep investing in innovative technologies, I’m confident we can continue to protect consumers and companies from fraud, capture cybercriminals and maintain trust in the payments system. In other words, cooperation – between government and industry, merchants and financial institutions, innovators and adopters, and even among political parties to pass needed legislation – is the best way to ensure success in our shared mission of defeating cybercriminals.

– Ellen Richey, Vice Chairman of Risk and Public Policy for Visa

– See more at: