Why it matters
In an effort to push retailers to adopt heightened security for credit and debit cards, President Barack Obama signed an executive order mandating chip-and-PIN technology for government cards. While the order applies only to government-issued cards and card terminals, the President took the opportunity to urge all stakeholders to “drive[] the economy towards more secure standards to safeguard consumer finances and reduce their chances of becoming victims of identity theft – America’s fastest growing crime.” As part of the signing ceremony, the President also announced that several major retailers – like Home Depot, Target, Walgreens, and Walmart – have agreed to use the technology as well. “These new systems will, at a minimum, meet the global security standard of more secure microchips to store card numbers instead of unencrypted magnetic strips, and secure PIN functionality, like the kind featured on most ATM cards,” according to the order. “The goal is not just to ensure the security of doing retail business with the government, but also, through this increased demand, to help drive the market towards swifter adoption of stronger security standards.”
Detailed discussion
President Obama visited the headquarters of the Consumer Financial Protection Bureau (CFPB) to sign the executive order. The order requires that by January 1, 2015, all retail payment card terminals at federal agencies be able to accept the chip-and-PIN technology; all federal government-issued cards should be equipped with the tech by the same date.
“Given that identity crimes, including credit, debit, and other payment card fraud, continue to be a risk to U.S. economic activity, and given the economic consequences of data breaches, the United States must take further action to enhance the security of data in the financial marketplace,” according to the order. “While the U.S. Government’s credit, debit, and other payment card programs already include protections against fraud, the Government must further strengthen the security of consumer data and encourage the adoption of enhanced safeguards nationwide in a manner that protects privacy and confidentiality while maintaining an efficient and innovative financial system.”
The order also states that it shall not “be construed to preclude agencies from adopting additional standards or upgrading to more effective technology and standards to improve the security of consumer financial transactions as technologies and threats evolve.”
The rash of high-profile data breaches – from Target to JPMorgan Chase – has led to a dispute between banks and retailers over which industry should shoulder the associated costs. But both the National Retail Federation and the American Bankers Association (ABA) issued statements in support of the order.
“We applaud the President for highlighting the challenges facing American companies and consumers,” said Frank Keating, president and CEO of the ABA. “This initiative is part of an ongoing effort to use innovative technologies to better secure the system. Criminals are always looking for ways to exploit the payment system, and we will continue to adapt security measures to meet evolving threats.”
Industry was cited as doing its part in the President’s efforts, with MasterCard promising to provide customers with free identity theft monitoring and resolution support, while Visa has plans for a national public service campaign to educate consumers and merchants about chip technology. American Express will launch a program in January providing support to small businesses upgrading their point-of-sale terminals, the President noted.
President Obama also addressed other cybersecurity issues. To aid the prevention of identity theft, he announced support for the Federal Trade Commission’s efforts to launch IdentityTheft.gov, a one-stop resource for victims intended to streamline the reporting and remediation process with credit bureaus. The order also directed businesses to engage in “expanded information sharing” to aid federal investigators.
The President again called upon Congress “with urgency” to enact national data breach notification legislation in lieu of the current patchwork of state laws as well as cybersecurity legislation “that will help the Government better protect Federal networks and … appropriately balance[] the need for greater information sharing and strong protection for privacy and civil liberties.”
To read the executive order, click here.
