recommended reading

600 Military Travelers Handed ‘Chip and PIN’ Hack-Resistant Credit Cards

Valeri Potapova/Shutterstock.com

About 600 Defense Department travel cardholders are trying out new cards embedded with hack-resistant chips that require users to enter a passcode for purchases. The pilot program is part of a governmentwide effort to stanch rampant credit card theft. 

By the end of summer 2015, all military travelers will have the so-called chip and PIN credit cards, DOD officials announced Tuesday. The current trial began in February and is slated to finish in December.

Similar to using an ATM card, the purchaser inserts the card into a machine at the register and enters a four-digit PIN, rather than scribbling a signature.

Beginning January 2015, military travelers will be able to request replacements if going to locations where chip and PIN cards are widely accepted, such as European countries. 

But there might be a waiting list. Harvey Johnson, director of the Defense Travel Management Office, said with about 1.3 million government travel card users, "if everybody wants it in January, we probably can't get there. So there needs to be a methodical deployment."

The first wave of travel cardholders to receive the new technology will be people whose cards are about to expire. Employees new to the department also will receive a chip and PIN card, followed by individuals who travel frequently. 

"It used to be that we considered it frequent travel if you travel three times a year," Johnson told Defense personnel, "but now we're sort of moving away from that, and if you travel [at all], we're going to recommend that you use a chip and PIN card and that you get a [government travel] card."

Chip and PIN payment cards are intended to be more secure than traditional cards with magnetic strips, which are easier to clone. President Barack Obama earlier this month issued an executive order requiring all federal agencies to distribute purchase cards embedded with the new technology, starting with 1 million in 2015.

Government purchase cards, issued by Citibank, JPMorgan and U.S. Bank, cover work expenses, such as office supplies and meals. Home Depot, Target, Walgreens and Walmart will soon be deploying chip and PIN-compatible credit card readers in all their stores.

The U.S. Secret Service estimates that payment systems at more than 1,000 businesses are infected with a type of malicious software that cribs data off credit card magnetic strips. The "Backoff" malware is to blame for high-profile breaches at Target, Neiman Marcus and Dairy Queen. Last week, security firm Damballa detected a striking 57 percent jump in Backoff infections from August to September.

While chip and PIN cards are aimed at stopping this fraud, their security protections can be foiled through a newly identified type of attack, according to Brian Krebs, author of blog KrebsOnSecurity. Krebs, who broke the Target story, reported Monday that a scheme originating in Brazil and targeting U.S. financial institutions could cost banks that are just starting to issue the two-step cards.

Basically, the criminals make magnetic strip transactions look like chip and PIN purchases on transaction lists. Unlike with some fraudulent strip transactions, banks are responsible for fraudulent chip transactions. Thieves might have pulled off the "replay" attack by manipulating payment systems that weren’t properly configured, Krebs reported.

(Image via Valeri Potapova/Shutterstock.com)

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.