Feds Strengthen Identity Protection

5 Early Cloud Adopters In Federal Government

Have you heard the one about the President's credit card being rejected?

No, that's not a joke. President Obama told an audience of employees at the Consumer Financial Protection Bureau that when he went out to dinner with his wife in New York, his credit card was declined because of potential fraud activity, because he uses it so infrequently. (He used Michelle Obama's card to pay the bill instead.)

[Voice of experience? Read Federal Inaction Breeds ID Theft, Says Frank Abagnale.]

The president was at CFPB to speak about an executive order he signed Oct. 17. Obama told the story because the order, "Improving the Security of Consumer Financial Transactions," calls on the US government to strengthen security measures for federal debit, credit, and other payment card programs, in order to protect citizens' privacy and guard against identity theft.

The order directs federal agencies to move as quickly as possible to implement enhanced security measures, including chip-and-PIN technology currently used throughout Europe and generally considered far more secure than passwords, still the most dominant form of security procedure in the US.

For instance, the Secretary of the Treasury is required to ensure that by Jan. 1, 2015 -- barely two months away -- all new payment processing terminals are equipped to handle these enhanced security measures. The Treasury Department also must have a plan in place by Jan. 1 for replacing Direct Express prepaid debit cards without the enhancements, and the General Services Administration must begin replacing "unenhanced" credit, debit, and other payment cards.

For greater consumer protection, the order directs the departments of Justice and Commerce and the Social Security Administration to identify publicly available agency resources for victims of identity theft. This information will go to the Federal Trade Commission to be consolidated as much as possible at the FTC's IdentityTheft.gov website. The Office of Management and Budget and GSA are to work with the FTC to streamline reporting of identity theft and remediation processes, including working with credit bureau systems. The revamped IdentityTheft.gov is supposed to be ready by May 15, 2015.

The National Security Council, Office of Science and Technology Policy, and OMB have 90 days to create a plan for all agencies that accept digital applications from citizens to move to multiple-factor authentication process and proof of identity, with an 18-month deadline to implement the plan.

You've done all the right things to defend your organization against cybercrime. Is it time to go on the offensive? Active response must be carefully thought through and even more carefully conducted. This Dark Reading report examines the rising interest in active response and recommends ways to determine whether it's right for your organization. Get the new Identifying And Discouraging Determined Hackers report today (free registration required).