Obama signs “BuySecure” initiative to speed EMV adoption in the US
Home Depot, Target also promised to start using chip-and-pin terminals by Jan 2015
On Friday, President Obama signed an executive order to speed the adoption of EMV-standard cards in the US. The transition to EMV—an acronym eponymous of Europay, MasterCard, and Visa, the companies that developed the standard—has been slow to gain traction in the US. The EMV standard will require credit card companies to stop relying on the magnetic stripe cards that are common today and move toward cards with embedded chips that will offer more secure credit card transactions.
Lawmakers and credit card companies confirmed earlier this year that the US would make the transition to EMV cards in October 2015. But over the past several months, retail stores like Target, Home Depot, Michaels, Neiman Marcus, and more have sustained major hacks that caused the retailers to lose credit card information and personal information of millions upon millions of customers, giving new urgency to the call for more secure credit cards.
Speaking at the Consumer Financial Protection Bureau on Friday, President Obama said that the federal government would apply “chip-and-PIN technology to newly issued and existing government credit cards, as well as debit cards like Direct Express.” The White House also said that all payment terminals at federal agencies will soon be able to accept embedded chip cards.
“The goal is not just to ensure the security of doing retail business with the government, but also, through this increased demand, to help drive the market towards swifter adoption of stronger security standards,” A White House press release said. “Institutions like the United States Postal Service have already made this transition across tens of thousands of retail facilities across the country.”
The White House said that Home Depot, Target, Walgreens, and Walmart promised to start activating EMV-compatible terminals by January 2015. American Express and Visa also pledged to start programs to acclimate small business owners and consumers to the changes that will occur next year.
The chip embedded on EMV cards creates a unique code for each transaction when the card is used, so stealing the card number is much more difficult for an attacker. In addition, EMV cards can require the customer to enter a PIN for each transaction, creating another level of security against fraud. EMV is not hack-proof, but it is considered far safer than the magnetic-stripe status quo. The standard was first adopted a decade ago in Europe where card fraud was rampant, and once the transition was complete, fraud committed by taking credit card numbers from point-of-sale terminals diminished significantly. But US retail stores and card issuers have dragged their feet in giving consumers the upgraded cards.
The president also announced some more minor initiatives to assist victims of identity theft. The White House said it was committed to helping the Federal Trade Commission build out their Identitytheft.gov page, which is intended as a resource for victims of card fraud. Calling identity theft “America’s fastest-growing crime,” the executive branch asked federal investigators to “regularly report evidence of stolen financial and other information to companies whose customers are directly affected.”
The White House also said that it wanted greater credit score transparency so that consumers could monitor their own credit for fraud, but it was vague on implementation, aside from mentioning a handful of banks that currently offer or will soon offer free credit score information. Unfortunately for many Americans, credit scores are usually purchased, and credit reports can still only be had for free once a year through the major credit-reporting agencies.
Many banking and retail associations seemed to applaud the President’s action. The Electronic Transactions Association said in a press statement, “EMV implementation is a vital step in addressing counterfeit card fraud, the single largest source of card fraud in the USA… The decision of the US government to support such cards will help drive further merchant upgrades.”
But others thought the move was too late and not forward-thinking enough. As the Consumer Bankers Association told BankInfoSecurity, “Many financial institutions and retailers already have a plan in place to adopt [EMV]—in addition to our own industry’s stringent federal data security requirements. Other technologies are emerging to address online and mobile payments fraud, such as tokenization, which is being spearheaded by financial institutions and card networks in their effort to protect consumers.”