Executive summary because the bosses who wear stars on their camouflage at the office like those, too. There's a bit of utter stupidity to being a government employee. In my job I am required to hold a government travel card and government passport. That's right, I am required to increase my attack footprint [pdf] to have my job.
Extra CreditThe points against the credit card are simple and straightforward enough for even a Treasury Department employee to understand. Even though this card is For Official Use Only [pdf], the government has no financial risk in this credit card. Externalities, they call it. It's open credit on my report, not theirs.
It isn't common, but if the government doesn't settle travel expenses in a timely manner, it hurts my credit. Just having it as an open account hurts my credit. And not just the temptation for me to use or misuse the account as that linked article is concerned about. It is yet another valid account for an attacker to break into and use for fraud. The card itself, that stupid chit of plastic, is an identity document which can be counterfeit. Speaking of misuse, done by me or anyone, it hurts my credit not my employer. If some waiter skims the card I have to dispute the fraud or it's my credit rating that gets destroyed. And yes, cards can and are misused in that very way even though they are clearly marked, "For Official Government Travel Only."
The entire program is adds vulnerability to me and I am required to assume all of the risk. I've voiced this to management as an employee and a security professional but the program and the requirement for employment remain unchanged.