Enhanced Cybersecurity for SNAP Act of 2026
- Bill Number
- H.R. 7658
- Origin Chamber
- House
- Congress
- 119th Congress, Session 2
- Policy Area
- Agriculture and Food
- Status
- Introduced
- Latest Action
- 2026-02-24: Referred to the House Committee on Agriculture.
- Last Updated
- 2026-05-22T08:08:50Z
AI-Generated Summary
Purpose of the Legislation
The Enhanced Cybersecurity for SNAP Act of 2026 aims to strengthen the security of Electronic Benefit Transfer (EBT) cards used in the Supplemental Nutrition Assistance Program (SNAP), a federal program that provides food assistance to low-income households. It focuses on preventing fraud, such as card cloning (making unauthorized copies of cards) and theft, by updating regulations for cybersecurity, digital services, and card technology to match private-sector standards.
Key Provisions
- Cybersecurity Regulations for EBT Cards and Digital Services (Section 2):
- Requires the Secretary of Agriculture (through the Food and Nutrition Service) to issue regulations within 2 years of enactment, with reviews every 5 years, covering EBT cards and mobile technologies.
- Defines key terms: "Chip-enabled" means cards using secure, industry-standard technology resistant to cloning (potentially including contact or contactless payments); "mobile friendly" refers to accessible digital designs; "NIST PIN and password standards" are federal guidelines for secure personal identification numbers (PINs) and passwords.
- Mandates states to offer user interfaces (e.g., web portals, mobile apps) for managing EBT accounts, including multilingual support, 99% uptime, and features like transaction notifications, 12-month history access, fraud reporting, and enrollment status checks.
- Requires opt-in electronic alerts for transactions (including details like amount, merchant, and location) without mandatory responses.
- Transitions EBT cards: States must issue chip-enabled cards within 2 years, stop new magnetic stripe cards within 4 years, and replace existing ones within 5 years (with a 60-day activation window).
- Prohibits states from requiring periodic PIN/password changes or complex passwords that violate federal standards, starting 60 days after enactment.
- Provides reimbursements to states for upgrade costs (e.g., vendor fees, postage).
- Establishes a grant program for "administering entities" to help small or rural retailers (e.g., food stores in low-access areas) upgrade to chip-compatible payment terminals supporting contactless payments.
- Requires data collection on system downtime and state cybersecurity measures, published online and updated annually.
- Mandates biennial public reports to Congress on benefit theft trends, regulation effectiveness, state efforts, and usability issues, with possible nonpublic annexes for sensitive information.
- Online Transaction Security (Section 3):
- Integrates into cybersecurity regulations requirements for secure online EBT use, including measures to detect/prevent data theft from merchants and standardize state reporting on stolen benefits.
- Considers costs and feasibility for states; consults with federal agencies, states, retailers, and contractors to identify theft methods.
- Requires biennial reports to Congress starting 3 years after enactment, covering theft frequency, measures developed, and prevention recommendations, with possible confidential annexes.
- Access to Benefits During Card Issues (Section 4):
- States must provide replacement EBT cards (by mail or in-person, per household choice) within 3 business days if a card is damaged, stolen, or frozen due to fraud.
- In-person pickup is optional, not required.
- No Fees for Certain Replacements (Section 5):
- Starting 60 days after enactment, states cannot charge for replacements due to card malfunction, external fraud, expiration, or required upgrades.
- Retailer Requirements (Section 6):
- Starting 180 days after regulations are final, SNAP-authorized retailers must have chip-enabled payment terminals at each location to participate or renew.
- Puerto Rico-Specific Report (Section 7):
- Within 1 year, the Secretary must report to Congress on EBT card security in Puerto Rico, including cloning resistance and improvement recommendations, with a possible restricted annex.
- Conforming Amendments (Section 8):
- Updates and repeals parts of prior 2023 appropriations law to align with new cybersecurity rules, removing outdated provisions on EBT security.
Significant Changes to Existing Law
- Amends the Food and Nutrition Act of 2008 (7 U.S.C. 2016) by adding detailed cybersecurity paragraphs, superseding 2023 rules on EBT protections.
- Shifts from optional or minimal security (e.g., magnetic stripe cards) to mandatory chip technology and digital interfaces, eliminating fees for fraud-related replacements and requiring faster access to benefits.
- Introduces federal oversight of state digital tools and retailer hardware, with reimbursements and grants to ease transitions, unlike previous laws that lacked such timelines or support.
Potential Impacts
- Government Agencies: The U.S. Department of Agriculture (USDA) will face administrative burdens in issuing regulations, collecting data, and providing reimbursements/grants, but this could reduce long-term fraud losses (estimated in billions annually). State agencies must upgrade systems and interfaces, potentially increasing short-term costs but improving efficiency.
- Citizens: SNAP recipients (over 40 million low-income households) gain better fraud protection, easier account management (e.g., mobile alerts, no response mandates), and uninterrupted benefit access without fees in common scenarios, reducing vulnerability to theft. Multilingual and accessible tools may help underserved groups.
- Retailers and Vendors: Small stores in rural or low-access areas benefit from grants for upgrades; larger retailers must comply with terminal requirements, possibly raising initial costs but enabling secure SNAP transactions.
- International Relations: No direct impacts; the bill is domestic-focused on U.S. territories like Puerto Rico.
Main Stakeholders Affected
- SNAP Recipients: Primary beneficiaries through enhanced security and usability.
- State SNAP Agencies: Responsible for implementation, upgrades, and user support.
- USDA Food and Nutrition Service: Oversees regulations, reimbursements, grants, and reporting.
- Retail Food Stores and Wholesalers: Must adopt chip terminals to continue SNAP participation.
- EBT Card Vendors and Contractors: Gain from state upgrades but must meet new standards.
- Federal Partners: Includes Treasury, NIST (National Institute of Standards and Technology for security guidelines), and Justice Department for consultations.
Notable Legal, Constitutional, or Political Implications
- Legal: Establishes enforceable federal minimums for state-administered programs, potentially leading to lawsuits if states delay compliance; emphasizes data privacy via NIST standards, aligning with broader federal cybersecurity laws (e.g., no inconsistent PIN rules prevent overreach).
- Constitutional: Supports equal protection by ensuring accessible, fraud-resistant benefits without barriers (e.g., fees or delays), but requires careful handling of personal data to avoid Fourth Amendment privacy concerns in transaction tracking.
- Political: Bipartisan (sponsored by Republicans from New York, Washington, etc.), addresses public concerns over SNAP fraud amid rising digital threats; could set precedents for securing other welfare tech, influencing future appropriations and anti-fraud debates without partisan divides evident in the text.
This summary was generated by AI and may contain inaccuracies. Refer to the official source document for the authoritative text.
Sponsor
Rep. Goldman, Daniel S. [D-NY-10]
Cosponsors (6)
Rep. Lawler, Michael [R-NY-17], Rep. Smith, Adam [D-WA-9], Rep. Fitzpatrick, Brian K. [R-PA-1], Rep. Riley, Josh [D-NY-19], Rep. Van Drew, Jefferson [R-NJ-2], Rep. Vindman, Eugene Simon [D-VA-7]
Recent Actions
- 2026-02-24: Referred to the House Committee on Agriculture.
- 2026-02-24: Introduced in House
- 2026-02-24: Introduced in House
Bill Versions
- Enhanced Cybersecurity for SNAP Act of 2026 — issued 2026-02-24 — PDF (25 pages)