Enhanced Cybersecurity for SNAP Act of 2026

1) **What happened**: Senator Wyden (D-OR) introduced S. 3949 on 2026-02-26, the Enhanced Cybersecurity for SNAP Act of 2026. The bill amends the Food and Nutrition Act of 2008 to require the USDA Secretary to promulgate cybersecurity and digital service regulations for EBT cards within 2 years. The regulations mandate chip-enabled technology (EMV-standard, cloning-resistant) and mobile-friendly capabilities, plus compliance with NIST PIN and password standards. A companion bill (HR 7658) has been introduced in the House. The bill is early-stage — read twice and referred to the Senate Committee on Agriculture, Nutrition, and Forestry. 2) **The money trail**: This is a mandate bill, not an appropriation. It sets a regulatory requirement but does not allocate any federal funding. The financial impact flows through state procurement budgets — each state's SNAP agency must fund the technology upgrades from its administrative budget or through USDA grant programs (not specified in this bill). This is a structural revenue driver for payment processors, not a direct federal check. Historical precedent: when the USDA mandated chip-enabled EBT in 2019 (a pilot program), some states spent $3-5 million per upgrade, and a national mandate could create a total addressable market of $100M-$300M over 3 years across all 50 states. 3) **Structural winners and losers**: Winners are pure-play payment processors with existing EBT contracts: FIS (Fidelity National Information Services) and GPN (Global Payments). Both have state government EBT processing relationships. Losers are legacy magnetic-stripe EBT card vendors that cannot offer chip or mobile solutions — these are mostly private companies. Diversified payment networks Visa (V) and Mastercard (MA) are structural beneficiaries of any EMV adoption, but the SNAP program is only ~$120B in annual benefits, a fraction of their total volumes. V and MA also face the headwind of being disintermediated by the mobile-friendly requirement — the bill does not mandate specific mobile wallet standards. 4) **Real market data analysis**: As of 2026-04-28, FIS trades at $46.30, down 3.22% in 7 days and down 1.26% in 30 days. The stock is near the bottom of its 52-week range ($43.30-$82.74). GPN trades at $67.89, down 5.21% in 7 days but up 3.02% in 30 days. The 7-day decline correlates with broad market weakness in payments, not a sector-specific event. Both stocks show selling pressure in the past week, creating a potential entry if legislative momentum builds. The bill was introduced 2 months ago with no recent action — the lack of legislative velocity explains the lack of a price catalyst. 5) **Timeline**: The bill requires the USDA to promulgate regulations within 2 years of enactment. Current status: referred to committee (early stage). Next steps: committee markup, then Senate floor vote, then House consideration of companion bill HR 7658, then conference committee, then presidential signature. Passage within the 119th Congress (2025-2027) is plausible but not guaranteed — similar bills (like the 2019 EBT Modernization Act) took 3-4 years to become law. The outcome is more likely if the Agriculture Committee marks up the bill in 2026, making 2027-2028 the earliest for actual contract awards.