More than 100 million Americans have fallen victim to data breaches over the last year, and a cursory glance through our own blog archive from the last couple months highlights data breaches at Staples, Kmart, Dairy Queen, JPMorgan Chase, AT&T, Home Depot, SuperValu, Jimmy John’s, Goodwill Industries, and UPS, among others.
This recent spate of high-profile data security incidents has now prompted action from the White House. On October 17, President Obama signed a new Executive Order directing the government to tighten security for federal credit cards. As well as establishing new nationwide security measures, the order will see government credit and debit cards switch to EMV or ‘smart’ cards – also known as Chip and PIN – from January.
The United States lags behind the rest of the world as far as payment card security is concerned: Chip and PIN cards, which require two-factor authentication, are already widely used in Europe, Latin America, Africa, and the Middle East, and have been for over a decade.
Even the President himself has been affected by credit card issues: after he’d signed the Executive Order, he revealed that his own credit card was declined at a New York restaurant last month. Fortunately, the First Lady was able to pick up the check.
“The idea that somebody halfway around the world could run up thousands of dollars in charges in your name just because they stole your number, or because you swiped your card at the wrong place in the wrong time, that’s infuriating,” the President said as he launched the BuySecure Initiative at the Consumer Financial Protection Bureau (CFPB).
The White House hopes that the new Executive Order will provide greater payment security when doing retail business with the government, and encourage other organizations to follow the government’s example, increasing the nation’s cyber security as a whole. Many large institutions are already transitioning to the new payment system, and the National Retail Federation and the American Bankers Association have each released a statement in support of the new measures.
The President has also called on Congress to enact federal cybersecurity legislation to protect the country from attack. At present, there is only a complicated patchwork of legislation based on state data breach notification laws and industry-specific data security legislation such as FISMA, HIPAA, and SOX. Many organizations operating across the US have great difficulty complying with their many legal and regulatory obligations, which is why IT Governance recommends implementing an information management system (ISMS) as set out in the international standard ISO 27001.
Cybersecurity is a business-critical issue that affects all US organizations. If you want to prove your security credentials, then you need ISO 27001. Download our free green paper, Cybersecurity – A Critical Business Issue, for more information on this important subject.