recommended reading

600 Military Travelers Handed ‘Chip and PIN’ Hack-Resistant Credit Cards

Valeri Potapova/Shutterstock.com

About 600 Defense Department travel cardholders are trying out new cards embedded with hack-resistant chips that require users to enter a passcode for purchases. The pilot program is part of a governmentwide effort to stanch rampant credit card theft. 

By the end of summer 2015, all military travelers will have the so-called chip and PIN credit cards, DOD officials announced Tuesday. The current trial began in February and is slated to finish in December.

Similar to using an ATM card, the purchaser inserts the card into a machine at the register and enters a four-digit PIN, rather than scribbling a signature.

Beginning January 2015, military travelers will be able to request replacements if going to locations where chip and PIN cards are widely accepted, such as European countries. 

But there might be a waiting list. Harvey Johnson, director of the Defense Travel Management Office, said with about 1.3 million government travel card users, "if everybody wants it in January, we probably can't get there. So there needs to be a methodical deployment."

The first wave of travel cardholders to receive the new technology will be people whose cards are about to expire. Employees new to the department also will receive a chip and PIN card, followed by individuals who travel frequently. 

"It used to be that we considered it frequent travel if you travel three times a year," Johnson told Defense personnel, "but now we're sort of moving away from that, and if you travel [at all], we're going to recommend that you use a chip and PIN card and that you get a [government travel] card."

Chip and PIN payment cards are intended to be more secure than traditional cards with magnetic strips, which are easier to clone. President Barack Obama earlier this month issued an executive order requiring all federal agencies to distribute purchase cards embedded with the new technology, starting with 1 million in 2015.

Government purchase cards, issued by Citibank, JPMorgan and U.S. Bank, cover work expenses, such as office supplies and meals. Home Depot, Target, Walgreens and Walmart will soon be deploying chip and PIN-compatible credit card readers in all their stores.

The U.S. Secret Service estimates that payment systems at more than 1,000 businesses are infected with a type of malicious software that cribs data off credit card magnetic strips. The "Backoff" malware is to blame for high-profile breaches at Target, Neiman Marcus and Dairy Queen. Last week, security firm Damballa detected a striking 57 percent jump in Backoff infections from August to September.

While chip and PIN cards are aimed at stopping this fraud, their security protections can be foiled through a newly identified type of attack, according to Brian Krebs, author of blog KrebsOnSecurity. Krebs, who broke the Target story, reported Monday that a scheme originating in Brazil and targeting U.S. financial institutions could cost banks that are just starting to issue the two-step cards.

Basically, the criminals make magnetic strip transactions look like chip and PIN purchases on transaction lists. Unlike with some fraudulent strip transactions, banks are responsible for fraudulent chip transactions. Thieves might have pulled off the "replay" attack by manipulating payment systems that weren’t properly configured, Krebs reported.

(Image via Valeri Potapova/Shutterstock.com)

Threatwatch Alert

Stolen laptop

Wireless Heart Monitor Maker to Pay $2.5M Settlement to HHS After Laptop Stolen

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.