Data Protection Report - Norton Rose Fulbright

On October 17, 2014, the President issued an executive order on “Improving the Security of Consumer Financial Transactions.”

The executive order first directs all executive departments and agencies to transition their payment processing terminals and government-issued credit, debit, and other payment cards “to employ enhanced security features, including chip-and-PIN technology.”

The effective date for this change, January 1, 2015, is just around the corner.  The October 17 order also directs executive agencies to, by February or March 2015, step up detection of and remediation for identity theft and fraud by coordinating and consolidating resources and efforts among agencies, law enforcement, credit bureaus, and the private sector.

Although common in countries outside of the United States and now required for the US executive branch, the chip-and-PIN technology has not yet become the US standard.  Touted as being more secure than the current US practice of swiping cards with magnetic strips that can be easily duplicated, the chip-and-PIN technology requires cardholders to insert their cards, embedded with micro chips that are difficult to clone, and enter a PIN code before use.

While the October 17 executive order is limited to the U.S. executive branch, President Obama, in a speech given in conjunction with what he calls the “Buy Secure” initiative, made clear that the new measures are to also aimed at encouraging “every retailer, every bank, and every credit card company to join” in the effort.

Indeed, the President recognized in his October 17 speech that

the private sector is already deeply engaged in this effort.  Today, a group of retailers that include some of our largest—Home Depot, Target, Walgreens, Walmart—and representing more than 15,000 stores across the country, all of them are pledging to adopt chip-and-pin technology by the beginning of next year.  American Express is pledging $10 million to replace outdated card readers at small businesses.  MasterCard is pledging to provide its customers with free identity-theft monitoring and resolution support.  And Citi is joining other financial institutions in making free FICO scores available to customers, because a sudden drop in your credit rating is one of the clearest signs that you’ve been hit by fraud.

The President also announced that, in the near future, the Administration plans to organize a “cybersecurity summit” of industry leaders and consumer advocates to discuss new and improved mobile payment systems and devices.