The panel will be made up of a “diverse group of participants,” including banks, credit unions, retailers, makers of devices used to process transactions and industry trade groups.
The two U.S.-based credit-card processing giants said one of the main purposes will be advancing the migration to chip-based processing systems, called EMV. The system, which is already popular in Europe, creates an individual token for each transaction, and makes it “nearly impossible for criminals to use the card for counterfeit fraud,” Visa and MasterCard said in the press release.
"One of the critical roles we play is to protect consumers and businesses against criminals and fraudsters," said Chris McWilton, president of North American Markets, at MasterCard.
"Only through industry collaboration and cooperation will we address the real and immediate issue of security and maintain consumer confidence and trust.”
A duo of trade groups representing the financial industry said in February the attacks have so far cost banks and credit unions some $200 million. Larry Ponemon, chairman and founder of the Ponemon Institute that specializes in data privacy, estimated the Target breach alone will cost the retailer $760.2 million.
It’s not immediately clear who will comprise the new security group.
Seth Eisen, a senior business leader with MasterCard, said “we spoke with a range of senior executives at retailers, financial institutions and manufacturers,” in creating the group. He added that “while we cannot share the names – those we spoke with asked for confidentiality – they represent brand name organizations.”
While its membership remains a mystery, Ponemon said "it seems like a pretty good idea to bring together the credit card companies to manage this rift between the banking industry and the retailers." He said the massive Target breach in which 70 million cards were compromised "hit a nerve."
"The average person gets scared," he said, "it does have an economic impact on companies."
Further, the data security expert who wasn't briefed about the new group said many retailers "really lagged on security practices" and that the so-called point-of-sale systems many stores use are still "horribly exposed" to hackers.
"Bringing together (the top players) will make it easier … for the retail industry," he said.
One area that he said the group could be particularly effective in would be sharing threat intelligence. He said the financial community (banks, credit unions, card processors, etc.) do a mediocre job with sharing potential cyber issues with their counterparts. However, right now, that's almost entirely absent from the retail industry, and occurs on an ad hoc basis across the board.
Ponemon said if threat intelligence is shared more effectively, it would help the community as a whole snuff out the problems before they spread.