Obama signs Executive Order to bolster federal credit card security

Banks and retailers in the public sector are urged to follow suit

On Friday, at the headquarters of the Consumer Financial Protection Bureau, President Obama signed an Executive Order that will add chip-and-PIN protections (EMV) to federal credit cards starting in January. The President encouraged the financial and retail sectors to follow suit.

The signing of the Executive Order comes after a string of high profile breaches including those at Home Depot, Target, and JP Morgan Chase.

According to the White House, Wal-Mart, as well as Target and Home Depot, are just a few of the larger retail outlets that will be transitioning to chip-and-PIN in 2015. Furthermore, American Express is expected to launch a $10 million program geared towards helping small businesses upgrade their payment processing.

For years, the United States has lagged behind the rest of the world when it comes to card protections. The Executive Order, as well as the financial and retail push for chip-and-PIN, means that after fifty years, the nation will finally leave behind swipe-and-sign processing.

"While some institutions recently have shifted to the new chips, progress has been at a snail's pace," Warner Johnston, Head of Association of Chartered Certified Accountants (AACA), USA, said in a statement.

"We are heartened to hear our President urge banks and retailers to follow his action to improve measures for federal credit and debit cards by equipping them with microchips and PIN numbers (sic). Until this transition takes place, it appears that the odds are not in the consumer's favor in the U.S. As larger household brands and major banking institutions routinely come under attack, the risk of being victimized is greater than ever. The transition to chip-and-signature boils down to cold cash and common sense."

Outside of the more visible problem caused by swipe-and-sign card processing, data breaches and insider theft, there's another issue that chip-and-PIN implementations will address; card skimming.

A lack of chip-and-PIN in the United States has created a boon for criminals looking to operate skimming scams. This in turn has led to a sort of skimming arms race, as criminals devise novel ways to steal. Their efforts have resulted in skimming devices that are smaller and more sophisticated in terms of power, memory, communication and encryption.

According to a report from the AACA earlier this year, ATM and gas pump skimmers are the most common tools, because the United States has more ATMs than any other country and it isn't EMV compliant. After ATMs, handheld skimmers are the second most popular.

"Handheld skimmers are not an issue in other countries as much as in the U.S. For example, at U.S. restaurants, a waiter takes a credit or debit card and later with a receipt. At European restaurants, a card remains in sight at all times, and a waiter brings a terminal to the table," the AACA report explained.

Earlier this year, the Manhattan District Attorney announced an indictment that charged 13 people with operating a multi-million dollar fraud ring. The indictment says that the ring used Bluetooth-enabled skimmers at gas station pumps, which enabled them retrieve the data collected by the skimmers wirelessly.

Join the CSO newsletter!

Error: Please check your email address.

Tags chip and pinapplicationsEMVsoftwareHome DepotObama Administrationdata protectionskimmersTargetamerican express

More about Home DepotJP MorganManhattanMorganWal-Mart

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Steve Ragan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place