WASHINGTON (AP) — Saying more must be done to stop data breaches affecting consumers, President Barack Obama announced on Friday a government plan to tighten security for the debit cards that transmit federal benefits like Social Security to millions of Americans.
Cards issued by the federal government will now have an internal chip replacing magnetic strips to reduce the potential for fraud. Concern is growing over the security of Americans' financial data, with an estimated 100 million people having been affected by breaches in the past year, including at big retailers like Target and Home Depot.
In addition, the government will apply the security chips and personal identification numbers, called PINS, that replace signatures to all existing and newly issued government credit cards, Obama said. Payment terminals at federal government facilities will be equipped to handle cards with the new technology.
In remarks at the federal Consumer Financial Protection Bureau, Obama said that for victims of fraud and identity crimes, the experience is infuriating and heartbreaking. He said the problem requires a hands-on approach across the government.
It's imperative to ensure "that the American people have the basic safeguards that they can count on," Obama said.
The White House says the idea of the government program is to lead by example, to nudge the broader financial industry and retailers toward more secure standards.
Obama noted that Home Depot Inc., Target Corp., Walgreen Co. and Wal-Mart Stores Inc. plan to install payment terminals in their stores equipped to handle cards with digital security chips and personal identification numbers, called PINS, which replace signatures.
Obama also cited a plan by American Express Co. to support small businesses that upgrade their payment terminals with more secure standards, and a program by payments processor Visa Inc. to inform consumers and merchants about the new technologies.
"There is a need to act and to move our economy toward stronger, more secure technologies that better secure transactions and safeguard sensitive data," the White House said in a statement.
Obama's executive order also calls for the government to take new measures to help victims of identity theft. The Federal Trade Commission will develop a new website for consumers to report identity theft and remedy errors with credit reporting.
And Obama called on Congress to enact a single national standard for retailers to notify consumers of data breaches, to replace a patchwork of state laws. Proposals have languished in Congress.
In the wake of the massive data breaches, banks and retailers have sped the adoption of digital chips for credit and debit cards. They've set a deadline of October 2015 for wide use of chips in cards and payment terminals.
The financial and retail industries have been at odds over solutions and adopting new security technology. The retailers have insisted that banks must upgrade the technology for the credit and debit cards they issue. Banks have countered that retailers must tighten their own security systems for processing card payments. They say it isn't clear whether the digital chips would have prevented many of the retail breaches.
Retailers want the chips, but they also want each debit or credit card transaction to require a PIN. Experts say it's harder for criminals to steal PINS than to forge signatures.
Similarly, digital chips are considered more secure than magnetic strips. The chips typically make data theft harder and are common in other countries.
The magnetic strips use the same technology as cassette tapes to store account information and are easy to copy. By contrast, a digital chip generates a unique code each time it's used. Criminals can steal and sell data from cards with chips, but they can't create fraudulent cards.
"Protecting consumer data is a shared responsibility, and merchants must have the same tough data-security standards as financial institutions," Richard Hunt, president of the Consumer Bankers Association, said in a statement Friday. He said many banks "are accelerating the transition to chip technology, which can only be effective if merchants have the technology to accept the cards at the point of sale."
The National Retail Federation's president, Matthew Shay, said the group "continues to work with our members and other stakeholders on practical and comprehensive solutions that are less about process and more about progress toward how we collaboratively prevent and combat this criminal activity."