In a move that may hasten the adoption of chip and PIN technology in the U.S., President Obama signed an Executive Order Friday to implement enhanced security measures, which include securing payment cards through microchips and PINs.
Speaking at the Consumer Financial Protection Bureau, the President said (video) it was “infuriating” for someone “halfway around the world” to “run up thousands of dollars in charges in your name just because they stole your number or because you swiped your card at the wrong place and the wrong time.”
For the victims of those crimes, he added, “it's heartbreaking,” noting that the U.S. must “do more to stop it.”
He outlined the steps that his Administration and the private sector have taken and will take in the future to better security. Under a BuySecure Initiative, the federal government, for instance, will secure payments using chip and PIN technology to government credit and debit cards. Retail payment card terminals at federal agencies will be upgraded to accept the new technology.
The Order called for companies to join in the effort to improve security of the payment process, with the White House noting that Home Depot, Target, Walgreens and Walmart will be rolling out chip and PIN card terminals, by and large by January, while American Express will roll out a new program then to support small business efforts to upgrade point-of-sale (POS) terminals to comply with more secure standards. A Visa program will dispatch experts to 20 cities as part of a campaign to educate merchants on secure offerings such as chip.
Chip and PIN is already in widespread use in Europe, and the U.S. has faced harsh criticism for not adopting the more secure technology sooner. Calls to implement chip and PIN had initially met some resistance with naysayers claiming it would be too costly to upgrade the nation's current payment system. But as retailers have gotten hit by one costly breach after another and a troublesome volume of debit and credit card information has been exposed or compromised—a White House fact sheet said “more than 100 million Americans [fell] victim to data breaches over the last year”—merchants and financial institutions have been moving toward supporting the technology in earnest with a migration to EMV planned for next year. The Executive Order was met with support from industry advocates.
Retail Industry Leaders Association (RILA) President Sandy Kennedy, who attended the signing of the White House Executive Order, said, in a statement sent to SCMagazine.com, that the action “should serve as a catalyst for widespread adoption of chip and PIN card security.”
Kennedy added that the “antiquated card security system in place today” in the U.S. makes it easy for “criminals to commit card fraud.” Chip and PIN technology, already at work “elsewhere in the world,” will better protect this country's consumers from fraud.”
The PCI Security Standards Council (PCI SSC) was equally as approving of the President's announcement. “We applaud the White House for highlighting the importance of payment card security today," the council said. Noting that PCI SSC “has long been a supporter of EMV chip technology,” PCI General Manager Stephen W. Orfei, in a prepared statement sent to SCMagazine.com said the council applauded the White House efforts to underscore the importance of payment card security. “We view [EMV] as a critical layer in any payment security strategy,” he said.
The technology, he noted, will “button down security” at the POS. But, he warned, alone, EMV is “not by itself a silver bullet for data protection,” because it doesn't prevent malware attacks “like the ones we've been reading about in the news, nor does it prevent card not present attacks. No one single technology is the answer.”
Orfei advocated for businesses to “maintain a multi-layered security approach that involves people, process and technology working together to protect consumers.”
The Order also outlined efforts at preventing identity theft, lending support to the Federal Trade Commission as it develops a “one-stop resource” for victims of identity theft, found at IdentityTheft.gov. The site will help streamline reporting and remediation with credit bureaus. The FTC has been active in dogging private sector companies to improve their security and better safeguard consumer information. In a statement, FTC Chairwoman Edith Ramirez said she welcomed “the opportunity for the Federal Trade Commission to participate in this new initiative advancing efforts to address this insidious problem on behalf of consumers.” She noted that “identity theft has been American consumers' number one complaint for more than a decade, and it affects people in every community across the nation.”
The President's action also expands the sharing of information, clearing the way for federal investigators to regularly report evidence of stolen information to those companies whose customers have been impacted.