Financial Technology

Tightening security on federal payment cards

Shutterstock image: credit cards.

Federal credit cards are going to get a harder to crack.

As part of wide-ranging set of policy initiatives about financial information security, President Barack Obama announced the federal government will be switching to payment cards that are protected by two new layers of security – a microchip that is harder to clone than a magnetic strip and a personal identification number that users key in during transactions, like a bank card.

Beginning next year, new payment processing terminals at federal agencies must have the necessary software to support these new security features, under an executive order signed Oct. 17. This effort will be overseen by the Treasury Department. The General Services Administration is responsible for making sure that debit and credit cards issued on government accounts possess the enhanced security measures, beginning next year.

Direct Express cards, which give recipients of Social Security and Supplemental Security Income electronic access to benefits, will also be equipped with chips and PINs.

The executive order also sets a deadline on a plan for establishing multiple-factor authentication for public-facing federal systems that store personally identifiable information.

Agency plans are due in 90 days, and by 18 months more secure identity verification measures must be in place. The National Institute for Standards and Technology has been operating a series of pilots under the National Strategy for Trusted Identities in Cyberspace program designed to test novel authentication systems that don't rely on user names and passwords.

In remarks at the Consumer Finance Protection Bureau announcing the initiative, Obama called on Congress to pass legislation to create nationwide rules on consumer data breaches, rather than relying on a patchwork of state rules. "Today, data breaches are handled by dozens of separate state laws, and it’s time to have one clear national standard that brings certainty to businesses and keeps consumers safe," Obama said.

Members of both parties in the House and Senate have proposed various financial data breach bills to standardize consumer notification of compromised accounts. The issue caught fire in early 2014 after a spate of highly publicized data breaches at large retailers, including Target. But thus far, members have yet to coalesce around a single bill.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.