Tightening security on federal payment cards

Federal credit cards are going to get a harder to crack.

As part of wide-ranging set of policy initiatives about financial information security, President Barack Obama announced the federal government will be switching to payment cards that are protected by two new layers of security – a microchip that is harder to clone than a magnetic strip and a personal identification number that users key in during transactions, like a bank card.

Beginning next year, new payment processing terminals at federal agencies must have the necessary software to support these new security features, under an executive order signed Oct. 17. This effort will be overseen by the Treasury Department. The General Services Administration is responsible for making sure that debit and credit cards issued on government accounts possess the enhanced security measures, beginning next year.

Direct Express cards, which give recipients of Social Security and Supplemental Security Income electronic access to benefits, will also be equipped with chips and PINs.

The executive order also sets a deadline on a plan for establishing multiple-factor authentication for public-facing federal systems that store personally identifiable information.

Agency plans are due in 90 days, and by 18 months more secure identity verification measures must be in place. The National Institute for Standards and Technology has been operating a series of pilots under the National Strategy for Trusted Identities in Cyberspace program designed to test novel authentication systems that don't rely on user names and passwords.

In remarks at the Consumer Finance Protection Bureau announcing the initiative, Obama called on Congress to pass legislation to create nationwide rules on consumer data breaches, rather than relying on a patchwork of state rules. "Today, data breaches are handled by dozens of separate state laws, and it’s time to have one clear national standard that brings certainty to businesses and keeps consumers safe," Obama said.

Members of both parties in the House and Senate have proposed various financial data breach bills to standardize consumer notification of compromised accounts. The issue caught fire in early 2014 after a spate of highly publicized data breaches at large retailers, including Target. But thus far, members have yet to coalesce around a single bill.