Obama moves to improve credit card security

High-profile computer hacking events affecting consumers at Target, Home Depot, Bank of America and JP Morgan Chase, have sparked fears of data breaches.
High-profile computer hacking events affecting consumers at Target, Home Depot, Bank of America and JP Morgan Chase, have sparked fears of data breaches. Atlanta Journal-Constitution/MCT

Looking to better secure American’s credit cards, President Barack Obama on Friday ordered that U.S. government-issued cards contain chip and PIN technologies and directed government agencies to obtain new credit card readers.

“More than 100 million Americans had information that was compromised in data breaches in some of our largest companies, and identity theft is now America’s fastest-growing crime,” Obama said in speech detailing his executive order and other cybersecurity measures

The order follows several high-profile computer hacking events affecting consumers at Target, Home Depot, Bank of America and JP Morgan Chase, sparking fears of data breaches.

Obama delivered his remarks at the Consumer Financial Protection Bureau, created under the 2010 revamp of financial regulation. The bureau doesn’t have cybersecurity as its core mission, suggesting the rollout there was designed to remind voters of broader consumer protections ahead of midterm congressional elections in November.

The president also outlined the government-supported Buy Secure effort, featuring a rollout by major retailers such as Home Depot, Target, Walgreens and Wal-Mart of secure chip and PIN-compatible card terminals in their stores – most by January 2015, according to the White House. He promised a summit on payment protection of mobile systems and devices.

The debate over credit card technology has divided retailers and banks for years.

The president and the private sector are actually quite late to the game on card technology. McClatchy detailed in July 2012 how Canada and Europe were far ahead in adopting credit card technology that protects consumers against cyber theft.

By having government purchase new terminals and issue new cards to millions of government workers, Obama is playing catchup but hoping the government lead will prompt the private sector to follow suit.

PIN cards require a special code number instead of a signature, similar to debit cards. Chip cards are generally the safest option because they are embedded with a chip that emits different, unique numbers to a payment processor each time a card used.

Chip cards are also preferable because there is no value for thieves in stealing a credit card number, since they have little incentive to use it when making a fake credit card. It would lack the chip that emits the unique numbers to a payment processor.

While it seems like common sense for credit card issuers to use this technology in the United States, there is an ongoing fight over who pays for the transition to this new technology.

Banks have been reluctant to issue chip and PIN cards because they’ve been able to have store-level merchants eat many of the losses for fraud, and they want merchants to pay for the new card-reading machines.

“Protecting consumer data is a shared responsibility, and merchants must have the same tough data security standards as financial institutions to thwart hackers as well as the ability to accept chip-based cards,” Richard Hunt, president of the Consumer Bankers Association, said in a statement Friday. “Many of CBA’s member institutions are accelerating the transition to chip technology, which can only be effective if merchants have the technology to accept the cards at the point of sale.”

Retailers have pushed for the use of PIN and chip-enabled cards for almost a decade, but they want the cost of installing new card readers to be shared. (In neighboring Canada, retailers had to pay the cost for the technology transition.)

“This is not an issue about large retail versus small, or global financial institutions versus community banks and credit unions, or the federal government versus municipalities,” Matthew Shay, CEO of the U.S. National Retail Federation, said in a statement that hinted at the dispute. “We all stand together in seeking solutions to prevent criminals from accessing personal financial data regarding our customers, investors and citizens through preventable data breaches.”

Obama revealed Friday that his personal credit card was declined during a dinner in New York last month, apparently because of infrequent use. He thought the worst, however.

“I really thought there was some fraudulent” activity,” Obama said. “Fortunately, (first lady) Michelle had hers.”