On Friday, President Obama signed an Executive Order directing the government to require the use of so-called “chip and PIN” technology for any newly issued or existing government debit and credit cards.
The Order was intended to make the federal government “lead by example in securing transactions and sensitive data,” the White House said in a statement.
The new BuySecure Initiative will provide consumers with more tools to secure their financial future by assisting victims of identity theft, improving the Government’s payment security as a customer and a provider, and accelerating the transition to stronger security technologies and the development of next-generation payment security tools.
The Order launches a new initiative dubbed “BuySecure” intended to “drive the market towards more secure payment systems” by putting the weight of the federal government behind secure payments technology for government employees. Newly issued and existing government credit cards, as well as debit cards like Direct Express will be required to use chip and PIN technologies. Retail payment card terminals at Federal agency facilities will also be upgraded to accept chip and PIN-enabled cards.
Get the New 2017 SANS Research Report on 'Threat Hunting' -- Written by experts from the SANS Institute, the survey reveals a number of interesting data points about the challenges and benefits of threat hunting.
According to the White House, leading chain retailers have signed on to the initiative including Home Depot and Target (both recent victims of wide scale data theft), Walgreens, and Walmart. Those stores will roll out secure chip and PIN-compatible card terminals in all their stores by January 2015.
Card issuer American Express said it is launching a program to support small businesses as they upgrade their point of sale terminals to more secure standards. Visa said it will launch a national public service campaign to educate consumers and merchants on chip and other secure technologies by sending experts to 20 cities as part of the BuySecure program.
The Order also includes efforts to help consumers affected by data- and identity theft. MasterCard said it will provide its customers with free credit monitoring services and Citi will offer free credit report available to its card customers monthly, in cooperation with FICO. Finally, the Federal Trade Commission (FTC) is working on a web site, IdentityTheft.gov, intended to be a “one-stop resource” for victims of that crime.
Finally, the White House will host a Summit on Cybersecurity and Consumer Protection later this year to promote partnership and innovation. It is inviting “major stakeholders on consumer financial protection issues” to discuss ways to “work together to further protect American consumers and their financial data, now and in the future.”
In a statement, the American Bankers’ Association said it “applauded the President for highlighting the challenges facing American companies and consumers.”
However, the ABA said it was already working with banks, payment networks and retailers to “make chip cards and readers widely available in advance of the October 2015 implementation deadline.”
“This initiative is part of an ongoing effort to use innovative technologies to better secure the system. Criminals are always looking for ways to exploit the payment system, and we will continue to adapt security measures to meet evolving threats,” the ABA said.
Writing for The SANS Institute, Director John Pescatore noted that pushing chip and PIN is “a good thing,” but will only help stem breaches linked to point of sale systems. (POS systems have been targets in many of the recent retail breaches.)