Obama orders cybersecurity changes and beefed-up identity theft protection

WASHINGTON – President Obama announced plans Friday to change all U.S. government-issued credit and debit cards to a new technology designed to foil cyber thieves, setting an example meant to inspire changes in the payment card and retail industries.

Using cards with computer chips and personal identification numbers — called chip and PIN — is supposed to help guard against hackers like the ones who a year ago stole the financial information of 70 million customers of Minneapolis-based Target Corp.

"With over 100 million Americans falling victim to data breaches over the last year, and millions suffering from credit card fraud and identity crimes, there is a need to act — and to move our economy toward stronger, more secure technologies that better secure transactions and safeguard sensitive data," the White House said in a statement.

The president signed a sweeping executive order that not only enhances the security of federal credit and debit cards, but also requires federal agencies to have payment terminals that accept them.

The president took aim at identity theft by expanding the ability of federal investigators to share evidence of stolen financial information with companies whose customers might be affected. He called for a "one-stop resource" called IdentityTheft.gov to help report identity theft and direct victims to services in the private and public sectors that may aid and protect them.

The White House added that MasterCard will offer free identity theft protection to its customers, and Citi will provide card customers free online access to credit scores that can alert them to possible identity theft.

The White House praised Target Corp., which now faces lawsuits over its data theft, among several retailers that have committed to accommodating chip and PIN cards.

"Earlier this year, we accelerated our $100 million investment in chip card technology," Target spokeswoman Molly Snyder said in an e-mail to the Star Tribune. "We completed installation of new payment terminals in all U.S. Target stores this September. Beginning early next year, Target will begin accepting all chip-enabled cards in our stores, while also reissuing our entire REDcard portfolio of credit and debit cards with MasterCard's chip-and-PIN solution."

Richfield-based Best Buy Inc., the state's other major retail company, declined to say when its computer system would be ready to handle chip and PIN cards.

Although the technology is standard in most of the world, it is not in the United States, and some retailers have resisted the expense of retooling their point-of-sale computers to accept it.

But the Target breach, because of its far-reaching implications, put technology changes in play. Several other computer breaches, including a recently announced one by Edina-based International Dairy Queen Inc., have been revealed in the 11 months since the November 2013 Target hack.

With cybertheft disclosures becoming increasingly common, the White House plans to convene a "Cybersecurity and Consumer Protection Summit" of government agencies, businesses and consumers by year's end.

Beyond administrative measures, Obama wants Congress to pass laws that standardize the reporting of data breaches to consumers. He also wants Congress to pass legislation that allows better protection of federal computer networks from cyberattacks, while balancing "the need for greater information sharing and strong protection for privacy and civil liberties."

Cyber security expert Chad Boeckmann, CEO of Secure Digital Solutions in Minneapolis, called the comprehensive approach "a step in the right direction.

"It seems like in the world of information security it takes a few adverse events to inspire action," he said. "Enough people have been affected now for the government and boards of directors to act. There is a lot of political motive here as we head into election season. But better late than never."

Jim Spencer • 1-202-383-6123