WASHINGTON (10/20/14)--As the number of data breaches and the accompanying costs for financial institutions and consumers continue to rise, President Barack Obama issued an executive order Friday aimed at improving the security of consumer financial transactions.
"While the U.S. government's credit, debit, and other payment card programs already include protections against fraud, the Government must further strengthen the security of consumer data and encourage the adoption of enhanced safeguards nationwide in a manner that protects privacy and confidentiality while maintaining an efficient and innovative financial system," the order reads.
Eric Richard, Credit Union National Association general counsel, commended the president for calling on Congress to enact cybersecurity legislation. CUNA previously wrote to Obama to request the formation of a cybersecurity council, as well as legislation to protect American consumers.
"As a member of the Payments Security Task Force, CUNA has been actively engaged with payment networks, financial institutions, retailers and manufacturers to ensure chip cards and readers are accessible and enabled by the end of 2015," Richard said. "Credit unions have been and will continue to be involved in this important conversation, and we look forward to working with the administration on this vital issue."
Obama's executive order lays out a timeline for increased cybersecurity measures to be taken by the government, as well as increased resources to consumers. This includes:
Government, executive departments and agencies to transition payment-processing terminals and credit and debit cards to employ enhanced security features, including chip-and-PIN technology, with a plan to be developed by the U.S. Treasury by Jan. 1:
Credit and debit cards provided through General Services Administration (GSA) contracts will be replaced by cards with enhanced security features no later than Jan. 1;
The Attorney General, with the Secretary of Homeland Security, will issue guidance to promote regular submissions of compromised credentials to the National Cyber-Forensics and Training Alliance's Internet Fraud Alert System by Feb. 15;
The U.S. Departments of Justice and Commerce and the Social Security Administration will begin to identify publicly available agency resources for victims of identity theft and provide the Federal Trade Commission (FTC) that information no later than March 15;
The Office of Management and Budget (OMB) and GSA will assist the FTC in enhancing the IdentityTheft.gov website, including coordination with the credit bureaus to streamline the reporting and remediation process by May 15; and
Within 90 days of the date of this order, the National Security Council staff, the Office of Science and Technology Policy, and OMB shall present to the president a plan, consistent with the guidance set forth in the 2011 National Strategy for Trusted Identities in Cyberspace, to ensure that all agencies making personal data accessible to citizens through digital applications require the use of multiple factors of authentication and an effective identity proofing process, as appropriate. Within 18 months of the date of this order, relevant agencies shall complete any required implementation steps set forth in the plan prepared pursuant to this section.
FTC Chair Edith Ramirez said in a statement following the order that she welcomes the opportunity to participate in the new initiative.
Use the resource link below to access the full text of the order.