Enhanced Cybersecurity for SNAP Act of 2026
- Bill Number
- S. 3949
- Origin Chamber
- Senate
- Congress
- 119th Congress, Session 2
- Policy Area
- Agriculture and Food
- Status
- Introduced
- Latest Action
- 2026-02-26: Read twice and referred to the Committee on Agriculture, Nutrition, and Forestry.
- Last Updated
- 2026-06-25T12:18:24Z
AI-Generated Summary
Purpose
The Enhanced Cybersecurity for SNAP Act of 2026 aims to strengthen the security of Electronic Benefit Transfer (EBT) cards used in the Supplemental Nutrition Assistance Program (SNAP, formerly known as food stamps). It requires the U.S. Department of Agriculture (USDA) to create and update regulations that protect against fraud, such as card cloning (making unauthorized copies) and skimming (stealing data from cards), while improving digital access to benefits. The goal is to align SNAP's security with private-sector standards for payment cards and ensure users do not lose access to benefits due to technical issues or theft.
Key Provisions
- Cybersecurity Regulations for EBT Cards (Section 2):
- Defines terms like "chip-enabled" (cards using secure, anti-cloning technology, potentially including contact or contactless chips) and "mobile friendly" (accessible on smartphones per federal guidelines).
- Requires USDA to issue regulations within 2 years of enactment (and review every 5 years) covering EBT cards and mobile tools, matching private-sector and federal payment security standards.
- Mandates states to provide user interfaces (e.g., web portals, mobile apps, text messaging, voice services, and non-digital options) for managing EBT accounts, including multilingual support, 99% uptime, transaction notifications, 12-month history access, fraud reporting, and enrollment status checks.
- Phases in chip-enabled EBT cards: issuance starts within 2 years, no new magnetic stripe cards after 4 years, full replacement of existing ones within 5 years (with a sunset after another 5 years, except for disaster aid).
- Prohibits states from requiring periodic PIN (personal identification number) or password changes that violate federal standards from the National Institute of Standards and Technology (NIST).
- Provides federal reimbursements to states for upgrade costs (e.g., vendor fees, postage).
- Establishes a grant program for "administering entities" (e.g., nonprofits) to help small retailers in low-access areas upgrade to chip-compatible payment terminals.
- Requires USDA to collect and publish data on system downtime and state cybersecurity measures, and issue biennial public reports on benefit theft trends, regulation effectiveness, state efforts, and usability issues (with optional confidential sections).
- Online Transaction Security (Section 3):
- Integrates into the above regulations requirements for secure online EBT use, including fraud detection, data protection for merchants, and standardized reporting of theft.
- USDA must consult with federal agencies, states, retailers, and contractors to assess theft methods.
- Biennial reports to Congress on online theft frequency, measures taken, and prevention recommendations (with optional confidential annexes).
- Access to Benefits Without Loss (Section 4):
- States must replace damaged, lost, stolen, or fraud-frozen EBT cards within 3 business days (by mail or in-person, per household choice), with in-person pickup as an option but not required.
- No Replacement Fees (Section 5):
- Bans states from charging fees for replacements due to card malfunction, external fraud, expiration, or required upgrades (effective 60 days after enactment).
- Retailer Requirements (Section 6):
- Starting 180 days after regulations are final, SNAP-authorized retailers must have chip-enabled payment terminals at each location to participate in the program.
- Puerto Rico-Specific Report (Section 7):
- USDA must report within 1 year on EBT card security in Puerto Rico, including cloning resistance and fraud prevention recommendations (with optional confidential annex).
- Conforming Amendments (Section 8):
- Updates prior laws to remove conflicting rules on chip technology, ensuring the new regulations take precedence.
Significant Changes to Existing Law
- Amends the Food and Nutrition Act of 2008 (7 U.S.C. 2016 et seq.) by adding detailed cybersecurity mandates, shifting from optional to required chip technology and digital interfaces.
- Supersedes 2023 appropriations act provisions on EBT security, eliminating outdated magnetic stripe allowances and inconsistent standards.
- Introduces timelines for phasing out magnetic stripes entirely (except in limited cases) and bans certain replacement fees, which were previously permissible.
- Adds reporting and data-sharing requirements not previously mandated, along with grants for retailer upgrades.
Potential Impacts
- Government Agencies: USDA faces increased responsibilities for regulation, reimbursements, data collection, and reporting, potentially raising administrative costs but improving program integrity. States must upgrade systems and interfaces, with federal funding to offset expenses.
- Citizens: SNAP recipients (about 42 million low-income households) gain better fraud protection, faster card replacements, fee-free access in fraud cases, and easier digital tools, reducing benefit theft (estimated at hundreds of millions annually) and ensuring no hunger gaps from technical failures. Non-digital options maintain accessibility for those without tech.
- Retailers and Vendors: Small grocers in underserved areas benefit from grants for terminal upgrades, but all SNAP retailers must comply or risk losing authorization, possibly increasing short-term costs.
- International Relations: No direct impacts; the bill focuses on domestic U.S. territories like Puerto Rico.
Main Stakeholders Affected
- SNAP Recipients: Primary beneficiaries, protected from fraud and given better account management tools.
- State SNAP Agencies: Responsible for implementation, upgrades, and user support, with reimbursements to ease burdens.
- USDA (Food and Nutrition Service): Leads regulation, funding, and oversight.
- Retail Food Stores and Wholesalers: Must adopt chip terminals; small ones in low-access areas get grant aid.
- EBT Contractors and Vendors: Involved in card production and system maintenance, facing new security standards.
- Nonprofits and Community Entities: Eligible as grant administrators to aid retailers.
- Federal Partners: Treasury, NIST, and Justice Department provide input on standards and fraud.
Notable Legal, Constitutional, or Political Implications
- Legal: Strengthens federal oversight of state-administered programs by mandating uniform security standards, potentially reducing litigation over fraud reimbursements. Ensures compliance with existing NIST guidelines, avoiding conflicts with broader federal cybersecurity laws.
- Constitutional: No apparent issues; enhances due process for benefit access without infringing on privacy (e.g., opt-in notifications and no mandatory responses). Supports equal protection by aiding vulnerable populations.
- Political: Bipartisan sponsorship (Democrats Wyden and Fetterman, Republican Cassidy) signals broad support for anti-fraud measures in social welfare. Could influence future appropriations for SNAP (annual budget ~$120 billion) by emphasizing efficiency and theft prevention, though implementation timelines may strain state budgets if funding lags.
This summary was generated by AI and may contain inaccuracies. Refer to the official source document for the authoritative text.
Sponsor
Cosponsors (10)
Sen. Fetterman, John [D-PA], Sen. Cassidy, Bill [R-LA], Sen. Britt, Katie Boyd [R-AL], Sen. Kim, Andy [D-NJ], Sen. McCormick, David [R-PA], Sen. Gillibrand, Kirsten E. [D-NY], Sen. Justice, James C. [R-WV], Sen. Booker, Cory A. [D-NJ], Sen. Scott, Tim [R-SC], Sen. Luján, Ben Ray [D-NM]
Recent Actions
- 2026-02-26: Read twice and referred to the Committee on Agriculture, Nutrition, and Forestry.
- 2026-02-26: Introduced in Senate
Bill Versions
- Enhanced Cybersecurity for SNAP Act of 2026 — issued 2026-02-26