Obama's Cybersecurity Law Alone Won't Stop E-Payments Crime

Register now

President Obama is urging Congress to pass “The Personal Data Notification & Protection Act” as one of a handful of new initiatives to better secure personal information from cybercriminals.

It’s clear the United States must make aggressive changes as recent breaches only highlight the scale of this growing problem. The Act is just one measure in a much needed multi-layered approach to security that is necessary to protect consumers, merchants and card issuers. It’s important to understand what the Act does and what else is necessary.

Unveiled earlier this month to the Federal Trade Commission (FTC), the Act would set a national standard for how companies respond to cyber security breaches. As written, the Act requires any business involved in interstate commerce that collects personally identifiable information of more than 10,000 people to notify both the individuals and the media within 30 days of discovering a data breach. Violations of the 30-day notification requirement would be subject to penalties as unfair or deceptive acts or practices in violation of FTC regulations.

The Act is an excellent reactive measure, but in order to truly protect card holder data, the US must also employ proactive technologies like EMV enabled cards and cards with dynamic CVVs are designed to reduce the impact of data breaches before they occur. That’s important, as we’ve seen the fallout from the data breaches that have occurred at retailers like Target, Neiman Marcus and Home Depot.

EMV-enabled cards help to reduce fraud for card-present transactions by utilizing a chip that stores the cardholder’s information and creates a unique encrypted code for each transaction that cannot be reused or replicated, making the data useless to thieves. Therefore, even if a company’s data is breached, the information gathered would be of no use to a criminal.

Card-not-present transactions-ie online- can be avoided as well, with the use of Dynamic CVV, a new technology that enables the current static 3 or 4 digit security code on a card to change at a pre-selected time interval, diminishing the value of stolen debit and credit card. 

Both of these technological tools devalue the data fraudsters are seeking. Through the layering of these initiatives the cardholder is better protected. 

President Obama's proposed act plays a helpful role in informing consumers after a breach. But the key is to take away the value of the information stolen, by offering consumers additional security tools, like EMV cards and Dynamic CVV cards,  to make the information stolen useless both at the point of sale and online.

Martin Ferenczi is President of North America for Oberthur Technologies

For reprint and licensing requests for this article, click here.