Today, the President is signing a new Executive Order directing the government to lead by example in securing transactions and sensitive data.  The new BuySecure Initiative will provide consumers with more tools to secure their financial future by assisting victims of identity theft, improving the Government’s payment security as a customer and a provider, and accelerating the transition to stronger security technologies and the development of next-generation payment security tools.

During remarks at the Consumer Financial Protection Bureau (CFPB), the President will highlight steps by his Administration and the private sector to improve security.  With over 100 million Americans falling victim to data breaches over the last year, and millions suffering from credit card fraud and identity crimes, there is a need to act — and to move our economy toward stronger, more secure technologies that better secure transactions and safeguard sensitive data.

While there is no silver bullet to guarantee data security, the President is signing an Executive Order to implement enhanced security measures, including securing credit, debit, and other payment cards with microchips in lieu of basic magnetic strips, and PINs, such as those standard on consumer ATM cards. He is calling on all stakeholders to join the Administration and a number of major corporations in driving the economy toward more secure standards to safeguard consumer finances and reduce their chances of becoming victims of identity theft — America’s fastest-growing crime.

Finally today, the President will announce the White House Summit on Cybersecurity and Consumer Protection later this year to promote partnership and innovation.  The Summit will bring together major stakeholders on consumer financial protection issues to discuss how all members of our financial system can work together to further protect American consumers and their financial data, now and in the future.

The President will also renew his call to Congress to enact overdue cybersecurity legislation that will help protect Americans — particularly by clarifying companies’ obligations when sensitive data is breached.

KEY ACTIONS ANNOUNCED TODAY

  • Moving to more secure payment systems:

    As part of the President’s BuySecure Initiative, he is issuing a new Executive Order that — combined with new efforts from the private sector — will help the drive the market towards more secure payment systems.

    • Making Federal payments more secure to help drive the market forward: The President’s Executive Order (EO) lays out a new policy to secure payments to and from the Federal government by applying chip and PIN technology to newly issued and existing government credit cards, as well as debit cards like Direct Express, and upgrading retail payment card terminals at Federal agency facilities to accept chip and PIN-enabled cards.
    • Companies join national effort to improve transaction security: Home Depot, Target, Walgreens, and Walmart will be rolling out secure chip and PIN-compatible card terminals in all their stores — most by January 2015. Also in January, American Express will start a new program to support small businesses upgrading their point of sale terminals to more secure standards.  Finally, Visa will launch a new program to educate consumers and merchants on chip and other secure technologies, sending experts to 20 cities in a national public service campaign.
  • Preventing identity theft:

    The President is also announcing new steps by the government to assist victims of identity theft, and commending actions by the private sector to help Americans stay on top of their financial health and security, through:

    • Victim resources:  The President’s EO will support the Federal Trade Commission in their development of a new one-stop resource for victims, at IdentityTheft.gov, to streamline the reporting and remediation process with credit bureaus. 
    • Information sharing: The President’s EO further directs expanded information sharing, ensuring Federal investigators’ ability to regularly report evidence of stolen financial and other information to companies whose customers are directly affected.
    • Company assistance: MasterCard will also be providing its customers with free identity theft monitoring and resolution support.
  • Supporting credit score transparency:

    Helping consumers catch one of the best early indicators of identity theft, Citi, in partnership with FICO, will begin making credit scores available for free to its consumer card customers updated monthly online — joining the over 70 million Americans who already have access to this feature at other nationwide banks and card issuers.

  • The White House Announces the Cybersecurity and Consumer Protection Summit:

    Later this year, the White House will host, in collaboration with the President’s Cabinet, a summit bringing together key stakeholders in the consumer financial space to share best practices, promote adherence to stronger security standards, and discuss next generation technologies.

 

Leading by Example: Securing Payments Across the Economy

Federal Efforts to Transition to More Secure Payment Systems: Today, the Federal Government is making an enterprise-wide transition to more secure credit, debit, and other payment cards, as well as the retail payment terminals at government locations like the passport office, VA canteens, and national parks.  These new systems will, at a minimum, meet the global security standard of more secure microchips to store card numbers instead of unencrypted magnetic strips, and secure PIN functionality, like the kind featured on most ATM cards.  The goal is not just to ensure the security of doing retail business with the government, but also, through this increased demand, to help drive the market towards swifter adoption of stronger security standards.  Institutions like the United States Postal Service have already made this transition across tens of thousands of retail facilities across the country.

  • Making Chip and PIN Cards the Standard for the Federal Government: These “chip and PIN” cards, which have cut down on payment fraud considerably in other countries, will become the standard for Federal Government programs like SmartPay® and Direct Express®. We are working with these programs to ensure that we begin a replacement program on January 1, 2015, and will, within the calendar year, issue over one million new, more secure government payment cards.
  • Updating to Chip and PIN Card Terminals in Federal Agencies Processing Consumer Sales: Every Federal agency processing consumer sales will actively replace any prior-generation card retail payment card terminals to those with new chip and PIN security features under a plan issued by Department of the Treasury, which establishes requirements that federal agencies must follow when receiving credit and debit card payments when using Treasury’s collection system.

Building Public-Private Awareness About More Secure Authentication: In the next eighteen months, government agencies will ensure personal data digitally released by the government to citizens goes through multiple tests for authentication so that every citizen’s personal information is protected by the most secure methods possible, consistent with a plan the National Security Council Staff, Office of Science and Technology Policy, and Office of Management and Budget will present to the President.

Helping Americans Secure Their Good Name: Improving Resources to Identify and Remediate Identity Theft: Today, the President is also announcing new steps by the government to assist victims of identity theft, and commending actions by the private sector to help Americans stay on top of their financial health and security, through:

  • Credit Score Transparency.  Under the leadership of the Consumer Financial Protection Bureau, a number of leaders in the financial services industry will be making credit scores more readily available to all Americans — improving consumers’ awareness of credit health, and helping them identify major shifts in their credit score, a key first sign of identity theft.

    • Beginning in January Citi, in partnership with FICO, will be making free credit scores available online to consumers with Citi branded credit cards —this score will be updated monthly and is the same score Citi Cards uses in lending decisions.
    • This announcement builds on work done by institutions like Discover, Barclaycard, Pentagon Federal Credit Union, and First National Bank of Omaha who, since implementing similar systems, have provided over 70 million Americans with access to their scores to track their credit health.
  • Improving Identity Theft Resources.  The Department of Justice, Department of Commerce, and Social Security Administration are also working to make the fraud reporting process as easy as possible for Americans who have experienced credit card fraud.  Their goal is to, within two years, reduce by half the amount of time it takes consumers to remediate the average case of identity theft.  To do that, they will:

    • Streamline all necessary sources of information so that visitors to IdentityTheft.gov will be equipped with the resources they need to combat fraud, all in one place, and can more quickly resolve and remediate incidents of identity theft.
    • Build upon the IdentityTheft.gov platform, in partnership with credit bureaus, to develop a more user-friendly and accessible portal that helps digitally submit reports of fraud to multiple credit bureaus.
  • Company Assistance.  Before year’s end, MasterCard will offer all its credit, debit, prepaid and small business card holders free, 24/7 identity theft resolution support and online identity monitoring services.

Enhanced Information Sharing:  Finally, to enhance companies’ and consumers’ ability to respond quickly to incidents of fraud, as they occur, the Department of Justice and Federal Bureau of Investigation will improve and coordinate efforts to regularly submit information about compromised accounts and other information to the National Cyber-Forensics and Training Alliance’s Internet Fraud Alert System.

Private Sector Action to Transition to More Secure Payment Technologies: The President has also called on industry to ensure that consumers know the security of their information is being taken seriously, and to empower citizens with more tools to help safeguard the data that matters most.  Some of the nation’s largest retailers, card issuers, payment networks, and banks are coming together to secure their own systems, and offer more secure options for their customers.  That’s why today, the President is commending private sector steps taken in that direction, including:

  • American Express: In January 2015, American Express will launch a $10 million program to assist small business customers in upgrading their point of sale terminals.
  • Home Depot: In addition to transitioning 85,000 point of sale terminals to support chip and PIN in stores, Home Depot has completed a major new payment security project that provides enhanced encryption of payment data at point of sale in the company’s U.S. stores.
  •  Target: As of this month, Target has completed installation of chip and PIN readers in all its 1,801 stores.  Starting in early 2015, stores will begin accepting all chip-enabled cards and reissuing more than 20 million Target-brand chip and PIN enabled credit and debit cards.
  •  Visa: Visa will invest more than $20 million to educate consumers and merchants on chip and other secure technologies, while also sending experts to 20 cities in a national public service campaign.
  • Walgreens: As of today, Walgreens has chip and PIN readers in all its 8,200 stores, and starting in early 2015, stores will begin accepting cards with these upgraded features.
  • Walmart: By November 1, 2014, all of the nearly 5,000 Walmart and Sam’s Club U.S. stores will have activated chip and PIN readers.

The Continued Need for Congress to Act on Data Breach and Cybersecurity Legislation: While President Obama and his Administration continue to take every possible step to secure our transactions and information, it remains clear that American businesses and consumers demand Congressional action. 

As the President outlined in his Cybersecurity Legislative Proposal and as was reiterated in the recent report to the President on Big Data, the current patchwork of laws governing a company’s obligations in the event of a data breach is unsustainable, and helps no one.

  • Data Breach Legislation: Today we are calling on Congress to act with urgency on data breach legislation, to bring clarity to the expectations consumers should have when their data has been breached, and to steps companies must take to notify their customers of risks after such security breaches.
  • Cybersecurity Legislation: We are also calling on Congress to pass meaningful cybersecurity legislation that will help the Government better protect Federal networks and legislation that appropriately balances the need for greater information sharing and strong protection for privacy and civil liberties — respecting the longstanding responsibilities of civilian and military agencies.