The President’s BuySecure Initiative: Protecting Americans from Credit Card Fraud and Identity Theft

President Barack Obama signs an Executive Order to provide consumers with more tools to secure their financial future by assisting victims of identity theft, improving the Government’s payment security as a customer and a provider, and accelerating the transition to stronger security technologies and the development of next-generation payment security tools, at the Consumer Financial Protection Bureau in Washington, D.C., Oct. 17, 2014. (Official White House Photo by Pete Souza)

On Friday, President Obama signed a new Executive Order — the first part of the new BuySecure initiative — that takes critical steps to protect consumers’ financial security and improve confidence in the marketplace.

The Executive Order itself will help by assisting victims of identity theft, improving the government’s payment security as a customer and a provider, and accelerating the transition to stronger security technologies and the development of next-generation payment security tools.

In remarks at the Consumer Financial Protection Bureau (CFPB) announcing the new BuySecure initiative, the President highlighted some of the specific steps that his Administration and the private sector are taking to improve Americans' financial security — and called on Congress again to enact overdue cybersecurity legislation that will protect Americans, particularly by clarifying companies' obligations when sensitive data is breached.

Millions of Americans suffer from credit card fraud and identity theft each year, and tens of millions have had their data breached in the last year alone. The President's Executive Order will be an important step in making Americans safer by securing their payments to and from the federal government through Chip and PIN technology. This new technology will apply to both new and existing credit cards issued by the General Services Administration to government employees, as well as debit cards issued as part of benefit programs like Direct Express. It will also upgrade retail payment card terminals at federal agency facilities to accept Chip and PIN-enabled cards.

With Chip and PIN technologies, credit, debit, and other payment cards will contain embedded microchips instead of magnetic strips, and face-to-face transactions will require consumers to type their personal identification number (PIN), similar to ATM cards.

We are being joined in this effort for more secure credit and debit cards by a number of private-sector leaders:

• Home Depot, Target, Walgreens, and Walmart will be rolling out secure Chip and PIN-compatible card terminals in all their stores — most by January 2015.
• In February, American Express will start a new program to support small businesses upgrading their point-of-sale terminals to more secure standards. 
• Finally, Visa will launch a new program to educate consumers and merchants on chip and other secure technologies, sending experts to 20 cities in a national public service campaign.

President Obama also announced additional steps that the government is taking to assist identity theft victims, as well as actions that private-sector companies are taking to help Americans stay on top of their financial health and security:

• New resources for identity theft victims: The Executive Order will support the Federal Trade Commission in its development of IdentityTheft.gov, a new one-stop resource for victims that streamlines the reporting and remediation process with credit bureaus.
• Expanded information sharing: The Executive Order directs expanded information sharing, ensuring Federal investigators are able to regularly report evidence of stolen financial and other information to companies whose customers are directly affected.
• Company assistance: MasterCard will provide its customers with free identity theft monitoring and resolution support.
• Increased access to credit scores: Citi, in partnership with FICO, will be making FICO credit scores - the same scores Citi Cards uses in lending decisions - available online for free every month to consumers with Citi-branded credit cards

President Barack Obama delivers remarks at the Consumer Financial Protection Bureau in Washington, D.C., Oct. 17, 2014. (Official White House Photo by Chuck Kennedy)

As the President said Friday:

I want to thank all the business leaders who are choosing to protect their companies and their customers from the kind of hacking that we saw too many times this past year. I want to encourage every retailer, every bank, and every credit card company to join them in this effort.

And we’ve already seen a number of companies join in this effort. Just over the past four days, there has been overwhelming support for this initiative from major corporations, our nation’s credit unions, banks, grocers, retailers, the technical and payment community, and the government’s consumer protection leaders.

Here is a small sample of the support the BuySecure initiative has received:

“More secure chip cards are beginning to arrive in mailboxes across the United States, with 575 million consumers expected to receive their cards by year-end 2015. When widely deployed, chip technology protects consumers and merchants by putting payment data in a form that, if stolen, can’t be used by criminals to make counterfeit cards. Whether the consumer signs for a purchase, enters a PIN or just pays and goes, chip technology enables a more secure payment experience for all.”

— Ellen Richey, Vice Chairman of Risk and Public Policy, Visa

“We applaud the administration for taking proactive and positive steps by adopting PIN and chip technology for government-issued debit and credit cards, among other things. As the world’s largest retail trade association, NRF continues to work with our members and other stakeholders on practical and comprehensive solutions that are less about process and more about progress toward how we collaboratively prevent and combat this criminal activity. This is not an issue about large retail versus small, or global financial institutions versus community banks and credit unions, or the federal government versus municipalities. We all stand together in seeking solutions to prevent criminals from accessing personal financial data regarding our customers, investors and citizens through preventable data breaches.”

— Matthew Shay, CEO and President of the National Retail Federation

“Payments companies upgraded the infrastructure for chip card processing in 2013, and merchants are making individual decisions to upgrade their own point of sale infrastructure to accept chip-enabled cards.  The decision of the U.S. government to support such cards will help drive further merchant upgrades. ETA applauds the Administration’s support for a uniform national data breach notification standard and for greater information sharing on cyber threats.  Going forward, we look forward to working with the Administration to ensure that our payments networks remain safe, reliable, and secure.”

— Jason Oxman, CEO, Electronic Transactions Association

“We were glad to be part of the “Buy Secure” White House event last Friday.  Walmart has long been a proponent of EMV chip technology and installed EMV hardware in its stores about eight years ago.  To help hasten the issuance of chip enabled cards, earlier this year, Walmart announced that all of its point of sale terminals at its US stores and Sam’s Clubs would be EMV-activated by the end of this year.  The company is accelerating that commitment and will have activated 100% of registers by the end of October.” 

— Mike Cook, Walmart Senior Vice President, Finance & Assistant Treasurer

“To effectively fight sophisticated and evolving cyber criminals the entire payments ecosystem must work together to deploy the best security technology available today and develop next-generation payment card technology. RILA is proud to co-chair the Merchant/Financial Services Cybersecurity Partnership. I believe deeply that today’s news regarding Chip-and–PIN, and the positive dialogue within the Partnership, present a great opportunity for card security innovation and collaboration in the U.S.”

— Sandy Kennedy, President, Retail Industry Leaders Association

“Protecting consumer data is a shared responsibility, and merchants must have the same tough data security standards as financial institutions to thwart hackers as well as the ability to accept chip-based cards. Many of CBA’s member institutions are accelerating the transition to chip technology, which can only be effective if merchants have the technology to accept the cards at the point of sale.”

— Richard Hunt, President, Consumer Bankers Association

While these are all steps in the right direction, as the President noted, there will continue to be a need for ongoing partnership and dialogue within the industry — to bring modern security features to every American consumer, and to develop and promote next-generation mobile and other payment security features. That's why the White House is convening a Summit on Cybersecurity and Consumer Protection later this year. The Summit will bring together major stakeholders on consumer financial protection issues to discuss ways to further protect Americans and their financial data.

You should also see:

• FACT SHEET: Safeguarding Consumers' Financial Security
• Remarks by the President on Protecting American Consumers