Mike Malloy, EVP of products and strategy, Webroot
The retail space has been hit hard, with the personal information of millions of customers compromised. The simple fact is, the lack of a strong credit card authentication infrastructure has made it easier for big-box retailers – specifically Home Depot and Target – to get breached. However, the U.S. faces resistance with American retailers because they have to foot the bill for chip-and-PIN systems. Despite the U.S. typically being at the technology forefront, it is more than a decade behind many other countries in adopting this system. Meanwhile, chip-and-PIN is the standard in much of Europe and other developed countries around the world. Congress mandates requiring organizations to adopt chip-and-PIN will solve what should have been solved five years ago – preventing hackers from breaking into retailers and installing malicious software on magnetic-stripe cards. We’ve seen point-of-sale systems being hit hard for years. It’s high time Congress step in to help put a stop to this.
Jeff Williams, CTO, Contrast Security
Congress absolutely should not try to mandate the use of “safer” technology. We can all agree that the spate of recent attacks are deeply concerning, but the legislative process is too slow, too political and has too many lawyers. The disastrous history of digital signatures is an example of why government isn’t the path to good technology standards. Actually, there are serious problems with all the possible ways that government might encourage security: regulation, taxation, liability, grants, etc. But if you consider rampant insecurity as a market problem, perhaps there is a role for Congress. They can enact simple legislation that requires companies to make the security of their products and applications “visible.” This solves the inherent information asymmetry between buyers and sellers and enables market forces to work for security. Government doesn’t tell General Mills what ingredients to use, but they do require a Nutrition Facts label on my box of Cheerios.