Federal agencies will soon be implementing greater security measures and new technology in their payment card programs to improve the data security of financial transactions.
Citing the significant economic consequences of recent data breaches (such as Target and Home Depot), President Obama issued an Executive Order directing “to transition payment processing terminals and credit, debit, and other payment cards to employ enhanced security features, including chip-and-PIN technology.”
Even though the government’s payment card program includes many safeguards against fraud and abuse, the president determined that “the Government must further strengthen the security of consumer data,” by upgrading its payment card program.
Agencies are to use the National Technology Transfer and Advancement Act of 1995 and Office of Management and Budget (OMB) Circular A-119 as guides to determine which security enhancement to use.
By January 1, 2015, new payment processing terminals will “include hardware necessary to support such enhanced security features,” according to the Order. By the same date, the Treasury Department will develop a plan for installing “enabling software that supports enhanced security features.”
Existing government credit, debit, and payment cards (used for official business) that do not have enhanced security features will have to be replaced. The General Services Administration (GSA) will begin replacing such cards provided through GSA contracts no later than January 1, 2015.
Other agencies with such card programs will also have to provide OMB (by January 1, 2015) with plans that will ensure that their cards have enhanced security features.
The Executive Order also addresses the security of federal online transactions. The president orders the National Security Council (NSC), the Office of Science and Technology, and OMB to develop a plan that ensures “that all agencies making personal data accessible to citizens through digital applications require the use of multiple factors of authentication and an effective identity proofing process,” within 90 days. These plans will have to be implemented within 18 months.