Leaders Share Visions for the Future of Secure Identity Infrastructures for Federal, Healthcare, Enterprise and Consumer Environments at 2013 Smart Card Alliance Government Conference
Princeton Junction, N.J., October 21, 2013–The 2013 Smart Card Alliance Government Conference, the leading event for ID security, and the new User-Centric ID Live Conference, a comprehensive forum addressing business challenges and commercial opportunities surrounding the new digital identity ecosystems, were held in Washington, D.C. last week. The events featured industry leaders speaking on PIV¹ credentials, developments in the NSTIC initiative, trusted ID on mobile devices, developments in state and international ID programs, advancements in health IT security and global trends in secure identification.
“What is clear from last week’s discussions is that identity is a top priority across federal, healthcare, enterprise and consumer environments, and these worlds are all converging, sharing standards and following the same trends especially the growth of smart mobile devices,” said Randy Vanderhoof, executive director of the Smart Card Alliance. “Both events presented opportunities for all identity stakeholders to discuss and debate the best practices for vetting, creating and authenticating identities in order to combat fraud and identity theft.”
Highlights from both events included:
NSTIC Ecosystem Continues to Progress
Attendees learned about the progress of the White House initiative, the National Strategy for Trusted Identities in Cyberspace (NSTIC), including pilots funded in 2012 and those recently awarded last month. For one of the newly-awarded smart card-based pilots, Exponent will be teaming with Gemalto and HID Global to help secure applications and networks for the U.S. Department of Defense, a social media company and a healthcare organization, by deploying ID verification using mobile devices and wearable devices (e.g., rings, bracelets). According to Exponent, the solutions will ensure an interoperable system that can be easily adopted by a wide variety of organizations and companies; additional details will be shared in the next six months.
Doug Glair, the manager of digital partnerships and alliances at the United States Postal Service (USPS) spoke on another NSTIC pilot, the Federal Cloud Credential Exchange (FCCX). The goal of the pilot is to streamline and reduce costs and complexities of digital authentication between individuals and government services; the pilot will demonstrate that citizens will not need a separate username and password for every government service they access. The USPS is working with SecureKey Technologies to provide the infrastructure to allow trusted third parties to participate.
Leading Organizations Take on Identity
Other sessions focused on the need for more secure online identity credentials for consumers beyond usernames and passwords, and several top enterprises are taking the lead.
“Doing identity well is not trivial,” George Fletcher, the chief architect of identity services at AOL told attendees, speaking on AOL’s experiences as a relying party. According to Fletcher, identity federation for authentication works, uses open standards and can be implemented requiring re-authentication (challenge/response) before users make purchases. Some of the challenges that relying parties, such as AOL, face when consumers use federated credentials to establish their identity is a lack of control over the user experience, customer service and account recovery.
Speaking to attendees at User-Centric ID Live, Verizon’s Chief Identity Strategist Tracy Hulver told attendees about Verizon’s next-generation cloud-based identity platform to combat the problems with passwords, saying that infrastructures based on usernames and passwords “will fail,” and weak or stolen passwords and credentials account for 76 percent of data breaches. The Verizon platform enables users to use the device they already have–their smartphone–for multi-factor authentication along with a one-time password (OTP) or QR code for access to networks, financial and social media sites.
Enterprises Leveraging Federal Standards for Employee Access
Enterprises are taking the lead from the government and are implementing standards-based, secure and interoperable credentials for logical and physical access. Wells Fargo, for example, is issuing Commercial Identity Verification (CIV) credentials (which leverage the PIV-I specifications, technology and data model without cross-certifying to the Federal infrastructure) to employees to “interoperate from building to building in a very secure way.” The benefit of using the CIV model, according to Brian Keltner of Wells Fargo, is that it requires compliance with technical standards but allows for local policies, provides a secure, unified and interoperable platform across multiple locations, and gives them the option to use the many already-certified products in the marketplace.
Overcoming Healthcare Identity Challenges
Conference healthcare track presenters discussed the lack of streamlined and secure processes to accurately verify patient identities and match them to correct medical records, often cited as a major reason for the growth of medical identity theft and fraud in the U.S. Medical identity theft and fraud “accounts for $75 billion in excess costs annually,” according to Bill Barr of the Medical Identity Fraud Alliance (MIFA), although “only 15 percent of people are aware of medical identity fraud.” Kelli Emerick, executive director of the SecureID Coalition, pointed to the fact that while the U.S. “has been a leader in identity management” with programs such as PIV and ePassport, it “lags behind the rest of the world in government to citizen credentialing.” According to Emerick, the “government can’t afford to administer public programs without knowing who people are and if they are eligible to participate” and said the U.S. needs education for policy makers about the benefits to consumers and privacy protection that strong identity management provides.
The U.S. government is currently taking a step toward stronger identity management in the Medicare program through the Medicare Common Access Card Act of 2013 (H.R. 3024), which would establish a pilot program to develop a secure Medicare card using smart card technology to protect seniors’ personal information, prevent fraud and speed payment to doctors and hospitals.
News from the Smart Card Alliance
Two new members have joined the Smart Card Alliance Board of Directors: Frazier Evans, Booz Allen Hamilton, and Brian Stein, CH2M HILL. In addition, the board elected the Executive Committee that includes: Willy Dommen, Accenture, as Chair; Garfield Smith, Oberthur Technologies, as Vice Chair; Brian Russell, Giesecke & Devrient, as Treasurer; Brian Stein, CH2M HILL, as Assistant Treasurer; Greg Garback, Washington Metropolitan Area Transit Authority (WMATA), as Secretary; Michael Nash, Xerox, as Assistant Secretary; and Neville Pattinson, Gemalto, as Technology Vice Chair. Bob Gilson, Defense Manpower Data Center, and Greg Garback, WMATA, were also re-elected to the observing government and transportation industry member Board seats.
The Smart Card Alliance’s next event is the 2013 Member Meeting, Dec. 8-10 at the Biltmore Hotel in Coral Gables, Fla. Designed for Smart Card Alliance members from across all markets, the event will include plenary keynote speakers and panels covering key industry trends and activities, several concurrent Council-organized breakout sessions on topics affecting specific market segments and cross-industry market trends, SCALA’s Latin American–focused sessions, networking opportunities and other social activities. More information is available at http://www.cvent.com/events/smart-card-alliance-2013-member-meeting/event-summary-d833c9aeca26410eb27fadcbff1a47a4.aspx.
About the Smart Card Alliance
The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology.
Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. and Latin America. For more information please visit http://www.securetechalliance.org.
¹ Personal Identity Verification (PIV)
² National Strategy for Trusted Identities in Cyberspace (NSTIC)