Have you noticed the new chip-enabled credit cards sent out recently? After being used in other countries for years, the security-focused technology known as EMV has finally become the accepted standard by many major banks and retailers in the United States. Cybersecurity has been increasing in importance for a long while, so while it's encouraging to see the nation finally focusing on collaborating and implementing best practices, much more still needs to be done.
Not all banks and retailers are working with this new security standard yet, though most of them have made the switch because banks and retailers that don't assume increased financial liability after the October 1, 2015 deadline. This date marks a "liability shift" so that any retailers that choose to accept payments made via a chip card’s old-school magnetic strip can continue doing so, however they’ll accept liability for any fraudulent purchases. Similarly, any credit card issuers that don’t issue EMV credit cards will be responsible for any fraudulent purchases. This serves as a clever way to internalize previously unaccounted-for risk.
Internalizing the costs of risk one way or another is the best route to align incentives and advance the shared interests of government agencies, businesses, and individuals. While this may sound like bad news for would-be identity thieves and hackers, such magnetic strip based "carding" has been around for decades. More advanced hackers are always using new techniques, so while this is a victory of sorts, there is plenty more room for America to improve defenses on the technological front.
On the local level today, the Colorado Association of Commerce and Industry (CACI) is bringing in experts to discuss the issue with local businesses. The focus is on explaining their role in addressing cybersecurity. They'll also go into the dynamic and ever-evolving security environment. The main point is to raise awareness and to convince businesses of why they should care more about cybersecurity.
On the national level this week, Beth Cobert, the acting director of the Office of Personnel Management (OPM), will be facing a Senate nomination hearing in order to fully approve her for the position. She's likely to face many questions about the major breach her department faced before she was tapped to take over. She's also likely to face questioning about her handling of the situation after the fact. The implications of such a hack poses major national security risks when unfriendly countries and other bad actors have a database of dossiers on 21.5 million US Government employees including personal identity information such as social security numbers and fingerprints, as well as their weaknesses to potential blackmail such as sexual orientation and extra-marital relationships.
Also on the national level, Wall Street banks are being encouraged by the executive branch to increase their defense against cyber-attacks. The Treasury Department's Sarah Raskin is telling bankers they need to update systems and implement multi-step identity checks. Deputy Secretary Raskin is calling the U.S. finance industry a “treasure trove” for high-tech criminals.
“Virtually every process you engage in needs to be reviewed and updated, enterprise-wide, from a cyber-resiliency perspective,” Deputy Treasury Secretary Sarah Bloom Raskin said in remarks prepared for a banking conference on Tuesday. Companies should require multi-step identity checks for anyone accessing their networks or data, she said.
Raskin’s speech at the annual meeting of the Clearing House, a financial-industry trade group, comes a week after U.S. prosecutors detailed a vast, multi-year criminal enterprise focusing on hacks of at least nine big financial and publishing companies. Suspects were tied to previously reported hacks of News Corp.’s Dow Jones & Co., JPMorgan Chase & Co., E*Trade Financial Corp., and Scottrade Financial Services Inc.