On May 5, Virginia Governor Terry McAuliffe signed Executive Directive 5 (2015), which requires the state’s technology and finance secretaries, treasurer and comptroller to update Virginia’s main purchasing card program to include advanced chip-and-pin technology by December. The Directive notes that many of Virginia’s political subdivisions and authorities have already converted purchase card programs to chip authentication technology.
In addition, the Directive requires the state’s Treasury Department to provide a plan to the governor’s office by October 1 of this year detailing its efforts to enhance the security features of merchant and prepaid debit card programs to include user authentication, confidentiality, cardholder reporting of unauthorized or fraudulent activities and data breach reporting and notification.
“I am keenly aware of the need for best practices and models to help spur states to advance their cybersecurity position and make it more difficult for hackers to gain access to our sensitive data,” McAuliffe said in a statement. “We must partner with the federal government, the private sector and other states to push innovation and adoption of enhanced electronic payment technologies — by our agencies, our merchants and our citizens — to help reduce credit card fraud. This directive will ensure the highest level of security for transactions conducted between citizens and state agencies.”
Virginia’s move mirrors action taken by the federal government in October of last year, when the President issued an executive order mandating that all federally issued credit and debit cards come with “chip and pin” technology and that federal law enforcement agencies share more information with banks and retailers when they discover identity theft rings.
It is not just the public sector that is moving toward microchip embedded credit cards. Visa, MasterCard and American Express have announced fraud liability shift policies that will transfer liability for certain types of fraudulent transactions away from the party that has the most secure form of EMV (chip card) technology beginning in October of 2015.