PCI security council welcomes Obama executive order on EMV

The PCI security council has welcomed US president Obama’s executive order to speed the adoption of EMV-standard cards

The Payment Card Industry Security Standards Council (PCI SSC) has welcomed US president Barack Obama’s executive order to speed up the adoption of cards that reach the Europay, MasterCard and Visa (EMV) standard in the US.

EMV is a global standard for the inter-operation of integrated circuit cards, known as chip and PIN in the UK.

While EMV is not hack-proof, it provides more security than the magnetic stripe-based system, with a unique identifier for each transaction and user verification through a PIN code.

Although widely adopted in the Europe, where it has been credited with significantly reducing card-present fraud, EMV adoption in the US has been relatively slow.

Consequently, cyber criminals have targeted merchants in the US, where most have continued to rely on the less secure magnetic-stripe cards.

US legislators and credit card companies had confirmed the US will make the transition to EMV cards in October 2015.

But in recent months, major US retailers like Target, Home Depot, Supervalu, Neiman Marcus and others have been hit by breaches of payment card data, affecting millions of customers.

With more than 100 million US citizens falling victim to data breaches in the past year, and millions suffering from credit card fraud and identity crimes, there is a need to move to stronger, more secure technologies that better secure transactions and safeguard sensitive data, the White House said in a statement.

In an effort to speed up adoption of the EMV standard, Obama signed an executive order on 17 October 2014 that directs the federal government to lead by example in securing transactions and sensitive data. 

The White House said the new BuySecure initiative will provide consumers with more tools to secure their financial future by assisting victims of identity theft and improving the government’s payment security. This is in addition to accelerating the transition to stronger security technologies and the development of next-generation payment security tools.

Obama told the Consumer Financial Protection Bureau (CFPB) the federal government will apply chip-and-PIN technology to newly-issued and existing government credit and debit cards.

“The goal is not just to ensure the security of doing retail business with the government, but also – through this increased demand – to help drive the market towards swifter adoption of stronger security standards,” the White House said. 

Institutions like the US Postal Service have already made this transition at tens of thousands of retail facilities across the country.

The White House said all payment terminals at federal agencies will also soon be able to accept payment cards with embedded chips.

White House summit on cyber security and consumer protection 

Obama also announced a White House summit on cyber security and consumer protection in late 2014 to promote partnership and innovation. 

The summit will bring together major stakeholders on consumer financial protection issues to discuss how all members of the US financial system can work together to further protect US consumers and their financial data.

General manager of the PCI SSC Stephen Orfei said the security council commend the White House for highlighting the importance of payment card security.

“The PCI SSC has long been a supporter of EMV chip technology and we view it as a critical layer in any payment-security strategy,” he said.

According to Orfei, EMV chip technology will button down security at the point of sale. However, he said it is not by itself a solution for data protection. 

“EMV chip technology does not protect against malware attacks like those we have been reading about in the news, nor does it prevent card-not-present attacks,” he said.

Orfei added no single technology is the answer, and it is important for retailers to keep an eye on both the sales and IT systems.

“We encourage businesses to prioritise the strong security principles found in PCI standards, and maintain a multilayered security approach that involves people, process and technology working together to protect consumers,” he said.

Read more on Hackers and cybercrime prevention