WASHINGTON — President Obama stepped into the cybersecurity arena on Friday with a new initiative aimed at arming the government, businesses and consumers with the tools to fight the onslaught of cyber attacks that have shaken the economy in the past year.
Retailers lauded the initiative, calling it a “catalyst” for the next generation of payment security tools, in the wake of massive data security breaches that have ensnared retailers, banks and government agencies and compromised the financial and personal data of millions of consumers across the country.
Obama on Friday signed the executive order that launched the so-called BuySecure Initiative, with the goal of implementing more advanced federal payment systems and helping victims of identity theft to mitigate the impact of cyber crimes.
“More than 100 million Americans had information that was compromised in data breaches in some of our largest companies, and identity theft is now America’s fastest-growing crime,” Obama said. “These crimes don’t just cost companies and consumers billions of dollars every year. They also threaten the economic security of middle-class Americans who’ve worked really hard for a lifetime to build some sort of security. The idea that somebody halfway around the world could run up thousands of dollars of charges in your name just because they stole your number or because you swiped your card in the wrong place at the wrong time — that’s infuriating. For victims, it’s heartbreaking, and, as a country, we’ve got to do more to stop it.”
High-profile security breaches at Target Corp. and Neiman Marcus Group Ltd. last year raised alarm in the industry, spurring more scrutiny from federal officials and lawmakers on Capitol Hill as well as industry collaboration and initiatives to protect consumers’ personal and financial data.
Since then, other breaches have been reported by Home Depot Inc., eBay Inc., Michaels Stores Inc. and, most recently, a smaller breach at a G.H. Bass & Co. store in Orlando.
In late August, the Department of Homeland Security estimated that more than 1,000 U.S. businesses have been infiltrated by point-of-sale malware, significantly broadening the scope of known cyber attacks. Seven POS systems providers or vendors confirmed security breaches that affected “multiple” clients, the agency said.
“Retailers applaud the President’s action to advance card security. Today’s announcement should serve as a catalyst for widespread adoption of chip and PIN-card security,” said Sandy Kennedy, president of the Retail Industry Leaders Association. “The antiquated card security system in place today in the U.S. makes it far too easy for criminals to commit card fraud. Retailers are dedicated to protecting consumers and believe that chip and PIN technology will better shield U.S. consumers from fraud, just as it has done for consumers elsewhere around the world.”
Matthew Shay, president and chief executive officer of the National Retail Federation, commended Obama for taking “proactive and positive steps by adopting PIN and chip technology for government-issued debit and credit cards, among other things.”
The NRF has supported the implementation of chip and PIN cards and, among retailers, the facilitation of information-sharing, Shay added. “This is not an issue about large retail versus small [retail] or global financial institutions versus community banks and credit unions or the federal government versus municipalities. We all stand together in seeking solutions to prevent criminals from accessing personal financial data regarding our customers, investors and citizens through preventable data breaches,” Shay said.
The first phase of Obama’s plan will apply chip and PIN technology to newly issued and existing government credit and debit cards and update all federal retail payment card terminals with the technology.
The government also will assist identity-theft victims by developing a new “one-stop resource” for victims at IndentityTheft.gov under the Federal Trade Commission’s banner, expanding information sharing between the public and private sector and requiring several agencies to streamline procedures to make the fraud-reporting process as easy as possible. Under the auspices of the Consumer Financial Protection Bureau, the financial services industry will make credit scores — a key indicator of identity theft — more readily available to the public.
In addition, American Express has pledged $10 million for a program to support small businesses in upgrading their POS terminals to higher security standards. Visa said it will launch a program to educate consumers and merchants on chip and other secure technologies and plans to send experts to 20 cities in a national public-service campaign.
Obama said he plans to hold a cyber-security summit later this fall, bringing together business leaders, consumer advocates and other stakeholders focused on the newest technologies available to protect consumers, including mobile PIN systems and devices.
Obama also called on Congress to pass legislation that creates a national standard for the steps companies must take to notify customers of a data breach.
He urged others to follow the lead of Wal-Mart Stores Inc., Target and Walgreen Co., all of which have already installed in-store chip and PIN readers, as well as Home Depot, which was recently hit by a security breach and is transitioning 85,000 POS terminals to the more secure systems.