On Friday, at the headquarters of the Consumer Financial Protection Bureau, President Obama signed an Executive Order that will add chip-and-PIN protections (EMV) to federal credit cards starting in January. The President encouraged the financial and retail sectors to follow suit.
The signing of the Executive Order comes after a string of high profile breaches including those at Home Depot, Target, and JP Morgan Chase.
According to the White House, Wal-Mart, as well as Target and Home Depot, are just a few of the larger retail outlets that will be transitioning to chip-and-PIN in 2015. Furthermore, American Express is expected to launch a $10 million program geared towards helping small businesses upgrade their payment processing.
For years, the United States has lagged behind the rest of the world when it comes to card protections. The Executive Order, as well as the financial and retail push for chip-and-PIN, means that after fifty years, the nation will finally leave behind swipe-and-sign processing.
"While some institutions recently have shifted to the new chips, progress has been at a snail's pace," Warner Johnston, Head of Association of Chartered Certified Accountants (AACA), USA, said in a statement.
"We are heartened to hear our President urge banks and retailers to follow his action to improve measures for federal credit and debit cards by equipping them with microchips and PIN numbers (sic). Until this transition takes place, it appears that the odds are not in the consumer's favor in the U.S. As larger household brands and major banking institutions routinely come under attack, the risk of being victimized is greater than ever. The transition to chip-and-signature boils down to cold cash and common sense."
Outside of the more visible problem caused by swipe-and-sign card processing, data breaches and insider theft, there's another issue that chip-and-PIN implementations will address; card skimming.
A lack of chip-and-PIN in the United States has created a boon for criminals looking to operate skimming scams. This in turn has led to a sort of skimming arms race, as criminals devise novel ways to steal. Their efforts have resulted in skimming devices that are smaller and more sophisticated in terms of power, memory, communication and encryption.
According to a report from the AACA earlier this year, ATM and gas pump skimmers are the most common tools, because the United States has more ATMs than any other country and it isn't EMV compliant. After ATMs, handheld skimmers are the second most popular.
"Handheld skimmers are not an issue in other countries as much as in the U.S. For example, at U.S. restaurants, a waiter takes a credit or debit card and later with a receipt. At European restaurants, a card remains in sight at all times, and a waiter brings a terminal to the table," the AACA report explained.
Earlier this year, the Manhattan District Attorney announced an indictment that charged 13 people with operating a multi-million dollar fraud ring. The indictment says that the ring used Bluetooth-enabled skimmers at gas station pumps, which enabled them retrieve the data collected by the skimmers wirelessly.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.