Security breaches at major retailers have become a trend over the past year, with big-name brands such as Home Depot, Target, Kmart, Sears and Neiman Marcus all suffering attacks to their point-of-sale systems that have resulted in the theft of credit and debit card numbers as well as the personal information of millions of customers. Many of these sellers were compliant with industry security standards, such as the Payment Card Industry Data Security Standard (PCI-DSS), but it has quickly become apparent that alone is not enough.
The issue has become so severe that President Obama recently signed an executive order to strengthen security on federally issued credit cards and payment systems, The New York Times reported. The order will require all government agencies and offices to upgrade their POS solutions in order to better protect customer data.
Several government agencies utilize payment terminals on a regular basis. For example, the Department of Motor Vehicles may utilize POS systems to process payments for new licenses. As the news source noted, the government also issues credit cards to federal employees to help them pay for work-related expenses and items. Some agencies also used debit cards to distribute federal benefits such as Social Security or veteran payments.
The executive order signed by President Obama will require upgrades to the technology used to protect consumer data as well as strengthening the payment processing function. The National Security Council and the Office of Management and Budget are slated to present a plan to other agencies that will help them implement multiple layers of identify authentication and other technologies to bolster information protection.
“You should be able to buy the things that you need without risking your identity, your credit score or your savings,” the newspaper quoted President Obama as saying. “No one security measure, no matter how powerful, can stop fraud on its own.”
Ramifications on the private sector
While Obama’s order only affects federal payment cards and technologies, it may still leave a lasting mark on the private sector.
As part of the decree, he directed federal law enforcement officials to work closely with the private sector to help discover and identify identity theft rings. President Obama also urged the Federal Trade Commission to do a better job of adding features to its Identity Theft website to help resolve identify theft issues. Finally, Obama suggested that Congress push for a new national standard for data security laws that “brings certainty to businesses and keeps consumers safe.” Currently, the standards are set on a state-by-state level, which makes it difficult to unify all of the different payment standards.
The fact that the federal government is taking such reactive action to the rash of security breaches over the past year also sets an example for businesses in the private sector. Retailers need to rethink the way they approach payment security as well and engage their POS reseller/consultant to deploy POS system updates that utilize encryption and tokenization to secure data. This will help take the target off their backs when it comes to dissuading security breaches and will also go a long way in providing greater security to their customers.
For POS developers, it is crucial they also have an eye on security and encryption. Many businesses are looking to update their POS technology after the recent string of breaches, and incorporating modern security updates will result in more sales opportunities.