The USA is to adopt the Chip and PIN model after President Barack Obama signed an executive order to add security measures for federal credit cards.
The order will see microchips and PIN numbers added to Government credit cards and debit cards starting in January, with Obama also announcing that several major companies will take steps to make their own systems more secure and offer more customer protections.
He said: “The idea that somebody halfway around the world could run up thousands of dollars in charges in your name just because they stole your number, or because you swiped your card at the wrong place in the wrong time, that’s infuriating,” reported Reuters.
Both the American Bankers Association and the National Retail Federation each said they supported the measures.
Speaking to IT Security Guru, payment security consultant Neira Jones said that the decision was interesting as it is an “opportunity to do things that they have not done before but always been inclined to and it is a good thing”.
She said that Obama and the White House have been keen to do this for some time, and that the balance will be tricky. “I read that half of the US will accept chip cards by the end of 2015, so there is a long way to go and to accelerate it,” she said.
“Organisations will firstly look at what is in it for me, and it is very difficult to look at the return on investment of security generally. It is easier to look at fraud prevention and monitoring solutions as we have metrics of fraud, and it has always been my take that whether organisations deal with cyber crime or fraud, if you deploy cyber security you have a liability shift.”
Mark Bower, VP of product management and solutions architecture for Voltage Security, also welcomed the move for comprehensive data security across vulnerable systems.
“However, data security for transactions and payments cannot stop with EMV or traditional data-at-rest encryption which only solves a fraction of the problem of data theft,” he said.
“Without additional data-centric security, EMV still leaves card numbers vulnerable to theft and cross-channel fraud against e-commerce systems, which is exactly what happened in the UK after chip and PIN was introduced – e-commerce fraud soared.”
Neira said that there will “undeniably” be a reduction in card crime as a result of this order, but fraudsters are indiscriminate with geographies and industries and if you squeeze fraud in one place, it bulges in another.
