The U.S. government should focus on prosecuting cybercriminals and on encouraging threat information-sharing between businesses and government, Leach said.
The development of payment card standards is "something we are uniquely qualified to do," he said. "The recent breaches underscore the complex nature of payment card security. The multifaceted problem cannot be solved by a single technology, mandate or regulation."
Other lawmakers pressed representatives of the U.S. Secret Service and the U.S. Department of Homeland Security to more aggressively prosecute cybercrime. Representative Carolyn Maloney, a New York Democrat, questioned if the U.S. government was collecting enough information about the extent of cyber and payments processing crime.
"Who's keeping the data on how big of a problem it is in the United States?" she said. "It's huge, in terms of national security, financial security and economic security of our country."
The DHS is collecting as much information as it can, but businesses are not required to report data breaches, said Larry Zelvin, director of the DHS National Cybersecurity and Communications Integration Center.
"We still don't have the visibility on everything," he said. "It is still just a snapshot."
Sign up for Computerworld eNewsletters.