On October 17, 2014, President Obama signed a new Executive Order directing the government to lead by example in securing transactions and sensitive data. The new BuySecure Initiative will provide consumers with more tools to secure their financial future by assisting victims of identity theft, improving the government's payment security as a customer and a provider, and accelerating the transition to stronger security technologies and the development of next-generation payment security tools.
During remarks at the Consumer Financial Protection Bureau (CFPB), the President highlighted steps by his Administration and the private sector to improve security. With over 100 million Americans falling victim to data breaches over the last year, and millions suffering from credit card fraud and identity crimes, the President feels there is a need to act--and to move the economy toward stronger, more secure technologies that better secure transactions and safeguard sensitive data.
While it was no silver bullet, the President signed an Executive Order to implement enhanced security measures, including securing credit, debit, and other payment cards with microchips in lieu of basic magnetic strips, and PINs, such as those standard on consumer ATM cards. He called on all stakeholders to join the Administration and a number of major corporations in driving the economy toward more secure standards to safeguard consumer finances and reduce their chances of becoming victims of identity theft--America's fastest-growing crime.
Finally, the President announced the White House Summit on Cybersecurity and Consumer Protection later this year to promote partnership and innovation. The Summit will bring together major stakeholders on consumer financial protection issues to discuss how all members of our financial system can work together to further protect American consumers and their financial data, now and in the future.
Key Actions Announced by the Obama Administration
Moving to more secure payment systems: As part of the President's BuySecure Initiative, he issued an Executive Order (EO) that, combined with new efforts from the private sector, will help drive the market toward more secure payment systems.
* Making Federal payments more secure to help drive the market forward: The President's EO lays out a new policy to secure payments to and from the federal government by applying chip and PIN technology to newly issued and existing government credit cards, as well as debit cards such as Direct Express, and upgrading retail payment card terminals at federal agency facilities to accept chip and PIN-enabled cards.
* Companies join national effort to improve transaction security: Home Depot, Target, Walgreens, and Walmart will be rolling out secure chip and PIN-compatible card terminals in all their stores--most by January 2015. Also in January, American Express will start a new program to support small businesses upgrading their point-of-sale terminals to more secure standards. Finally, Visa will launch a new program to educate consumers and merchants on chip and other secure technologies, sending experts to 20 cities in a national public service campaign.
Preventing identity theft: The President also is announcing new steps by the government to assist victims of identity theft, and commending actions by the private sector to help Americans stay on top of their financial health and security, through:
* Victim resources: President's EO will support the Federal Trade Commission in their development of a new one-stop resource for victims, at IdentityTheft.gov, to streamline the reporting and remediation process with credit bureaus.
* Information sharing: The President's EO further directs expanded information sharing, ensuring federal investigators' ability to regularly report evidence of stolen financial and other information to companies whose customers are directly affected.
* Company assistance: MasterCard will also be providing its customers with free identity theft monitoring and resolution support.
Supporting credit score transparency: Helping consumers catch one of the best early indicators of identity theft, Citi, in partnership with FICO, will begin making credit scores available for free to its consumer card customers updated monthly online--joining the over 70 million Americans who already have access to this feature at other nationwide banks and card issuers.
The White House Announces the Cybersecurity and Consumer Protection Summit: Later this year, the White House will host, in collaboration with the President's Cabinet, a summit bringing together key stakeholders in the consumer financial space to share best practices, promote adherence to stronger security standards, and discuss next generation technologies.
Leading by Example: Securing Payments across the Economy
Federal efforts to transition to more secure payments systems: The federal government will be making an enterprise-wide transition to more secure credit, debit, and other payment cards, as well as the retail payment terminals at government locations such as the passport office, VA canteens, and national parks. These new systems will, at a minimum, meet the global security standard of more secure microchips to store card numbers instead of unencrypted magnetic strips, and secure PIN functionality, like the kind featured on most ATM cards. The goal is not just to ensure the security of doing retail business with the government, but also, through this increased demand, to help drive the market toward swifter adoption of stronger security standards. Institutions such as the US Postal Service have already made this transition across tens of thousands of retail facilities across the country.
* Making Chip and PIN Cards the Standard for the Federal Government: These "chip and PIN" cards, which have cut down on payment fraud considerably in other countries, will become the standard for Federal Government programs such as SmartPay[R] and Direct Express[R]. The Federal Government is working with these programs to ensure that it begins a replacement program on January 1, 2015, and will, within the calendar year, issue over one million new, more secure government payment cards.
* Updating to Chip and PIN Card Terminals in Federal Agencies Processing Consumer Sales: Every Federal agency processing consumer sales will actively replace any prior-generation card retail payment card terminals to those with new chip and PIN security features under a plan issued by Department of the Treasury, which establishes requirements that federal agencies must follow when receiving credit and debit card payments when using Treasury's collection system.
Building public-private awareness about more secure authentication: In the next 18 months, government agencies will ensure personal data digitally released by the government to citizens goes through multiple tests for authentication so that every citizen's personal information is protected by the most secure methods possible, consistent with a plan the National Security Council Staff, Office of Science and Technology Policy, and Office of Management and Budget will present to the President.
Helping Americans secure their good name: The President also is announcing new steps by the government to assist victims of identity theft, and commending actions by the private sector to help Americans stay on top of their financial health and security, through:
* Credit Score Transparency. Under the leadership of the Consumer Financial Protection Bureau, a number of leaders in the financial services industry will be making credit scores more readily available to all Americans--improving consumers' awareness of credit health, and helping them identify major shifts in their credit score, a key first sign of identity theft.
--Beginning in January, Citi, in partnership with FICO, will be making free credit scores available online to consumers with Citi branded credit cards--the score will be updated monthly and is the same score Citi Cards uses in lending decisions.
--This announcement builds on work done by institutions such as Discover, Barclaycard, Pentagon Federal Credit Union, and First National Bank of Omaha who, since implementing similar systems, have provided over 70 million Americans with access to their scores to track their credit health.
* Improving Identity Theft Resources. The Department of Justice, Department of Commerce, and Social Security Administration are also working to make the fraud reporting process as easy as possible for Americans who have experienced credit card fraud. Their goal is to, within two years, reduce by half the amount of time it takes consumers to remediate the average case of identity theft. To do that, they will:
--Streamline all necessary sources of information so that visitors to IdentityTheft. gov will be equipped with the resources they need to combat fraud, all in one place, and can more quickly resolve and remediate incidents of identity theft.
--Build upon the IdentityTheft. gov platform, in partnership with credit bureaus, to develop a more user-friendly and accessible portal that helps digitally submit reports of fraud to multiple credit bureaus.
* Company Assistance. Before year's end, MasterCard will offer all its credit, debit, prepaid and small business card holders free, 24/7 identity theft resolution support and online identity monitoring services.
* Enhanced Information Sharing: Finally, to enhance companies' and consumers' ability to respond quickly to incidents of fraud, as they occur, the Department of Justice and Federal Bureau of Investigation will improve and coordinate efforts to regularly submit information about compromised accounts and other information to the National Cyber-Forensics and Training Alliance's Internet Fraud Alert System.
* Private Sector Action to Transition to More Secure Payment Technologies: The President has also called on industry to ensure that consumers know the security of their information is being taken seriously, and to empower citizens with more tools to help safeguard the data that matters most. Some of the nation's largest retailers, card issuers, payment networks, and banks are coming together to secure their own systems, and offer more secure options for their customers. For this reason, the President is commending private sector steps taken in that direction, including:
--American Express: In January 2015, American Express will launch a $10 million program to assist small business customers in upgrading their point-of-sale terminals.
--Home Depot: In addition to transitioning 85,000 point-of-sale terminals to support chip and PIN in stores, Home Depot has completed a major new payment security project that provides enhanced encryption of payment data at point of sale in the company's US stores.
--Target: As of this month, Target has completed installation of chip and PIN readers in all its 1,801 stores. Starting in early 2015, stores will begin accepting all chip-enabled cards and reissuing more than 20 million Target-brand chip and PIN enabled credit and debit cards.
--Visa: Visa will invest more than $20 million to educate consumers and merchants on chip and other secure technologies, while also sending experts to 20 cities in a national public service campaign.
--Walgreens: As of today, Walgreens has chip and PIN readers in all its 8,200 stores, and starting in early 2015, stores will begin accepting cards with these upgraded features.
--Walmart: By November 1, 2014, all of the nearly 5,000 Walmart and Sam's Club US stores will have activated chip and PIN readers.
While President Obama and his Administration continue to take every possible step to secure transactions and information, it remains clear that American businesses and consumers demand Congressional action. As the President outlined in his Cybersecurity Legislative Proposal and as was reiterated in the recent report to the President on Big Data, the current patchwork of laws governing a company's obligations in the event of a data breach is unsustainable, and helps no one.
* Data Breach Legislation: The President called on Congress to act with urgency on data breach legislation, to bring clarity to the expectations consumers should have when their data has been breached, and to steps companies must take to notify their customers of risks after such security breaches.
* Cybersecurity Legislation: The President called on Congress to pass meaningful cybersecurity legislation that will help the government better protect federal networks and legislation that appropriately balances the need for greater information sharing and strong protection for privacy and civil liberties--respecting the longstanding responsibilities of civilian and military agencies.