Jason Oxman Testifies before House Financial Services Committee

May 14, 2015 – Jason Oxman testified before the House Financial Services Committee on the need for better payments security. Mr. Oxman outlined the ways in which the payments industry is embracing multi-layered security and adopting industry-led, multi-stakeholder guidelines to keep consumers’ data secure. He stressed the need for 1) a uniform national standard for data breach notification that would preempt the patchwork of 47 existing state laws, as well as 2) robust data protection standards for consumers’ private information. Other witnesses on the panel included representatives from the financial services, retail, and technological sectors.

Although fraudulent transactions only account for a very small percentage of transactions by volume (about 6 cents for every $100 processed), the payments industry is deploying new technology to address fraud. We are leading the migration to EMV (chip cards). EMV makes counterfeit card fraud virtually impossible. We also support the use of point-to-point encryption, whereby card data is encrypted starting from the moment the card is swiped or tapped and ending at final authorization, and tokenization, which replaces card data with a unique alphanumerical identifier (a “token”) that is only valid for a single transaction. It works like a code substituting symbols for important information like the credit card number.

A retail industry witness on the panel today called for the adoption of chip-and-PIN, which would require customers to enter a PIN for every transaction, rather than the more ubiquitous chip-and-signature in use today. While PIN has merit in certain transactions (like ATM withdrawals), we maintain that flexibility is vital. Issuing banks should be able to choose their method of verification, whether that involves a PIN, a signature, biometrics, or some other form of verification. A static standard may prove too burdensome for smaller merchants, whose consumers benefit from moving quickly through checkout lines with “swipe and go.”

We applaud the bipartisan data breach notification bill (H.R. 2205, “The Data Security Act”) introduced by Representative Neugebauer (R-TX), Chairman of the House Financial Services Subcommittee on Financial Institutions and Consumer Credit, and Representative Carney (D-DE). This bill would create a uniform national standard for data breach notification and impose robust data protection requirements. This standard can be scaled according to the size of the company and the scope of its operations. No two companies will experience data breaches in the same way – it is critical that policy remains flexible, yet technology- and industry-neutral.

The payments ecosystem is fast, seamless, and secure. The industry is working hard to keep it that way.

A copy of Jason Oxman’s written testimony to the House Financial Services Committee is available here.