President Barack Obama issued an executive order on Friday to have secure chip-and-PIN technology embedded into government-issued credit and debit cards as part of a broader move aimed at stemming payment data breaches.
Under the order, government-issued cards that transmit federal benefits such as Social Security will have microchips embedded instead of the usual magnetic strips, as well as associated PINs like those typically used for consumer debit cards. A replacement program for the cards is set to begin on Jan. 1 of next year, with the goal to have more than 1 million such cards issued by the end of the year, Obama said at the federal Consumer Financial Protection Bureau, according to a press release.
The order comes following a spate of breaches of payment systems at major retailers including Home Depot, Kmart and Target, which have affected more than 100 million Americans over the past year, according to figures published by the White House.
A chip-and-PIN system, which is already standard in Europe, is designed to make it harder for cyber thieves to steal payment card information. The technology requires special readers to scan the chip, plus the entry of a PIN that only the cardholder knows. For credit cards, it's essentially a two-step authentication procedure that's supposed to be superior to the use of a magnetic strip and a signature.
Also, because a unique code is generated by the chip each time, it's more difficult for criminals to create fraudulent card copies, the thinking goes.
Chip-and-PIN isn't foolproof, however. One possible danger: Hackers may load their own specialized software onto the reader systems to capture the data.
Obama's order covered only government cards and the readers at federal agency facilities. But the move could inspire more retail stores and banks to get on board. Stores including Home Depot, Target and Walmart are planning to have readers for chip-and-PIN cards installed in their stores by next year, the White House said.
Obama also said Friday that he would be supporting the U.S. Federal Trade Commission in its development of a new resource for victims of data theft, IdentityTheft.gov, to streamline the process of reporting thefts to credit bureaus.
Sign up for Computerworld eNewsletters.