April 2014 Alliance Member Bulletin
Executive Director’s Corner
A Warming Up for EMV Migration
The phrase “March comes in like a lion, and goes out like a lamb” is not just a metaphor about the weather in March in most northern climates. I think this phrase also describes the rapid changes to the payments industry climate regarding the progress in the U.S. adoption of EMV in March.
The chill that hung over the EMV migration over the winter, much like the weather, could best be described as unpredictable and somewhat frozen in place due to regulatory uncertainty and debit routing solution gridlock. Then, an unexpected storm blew through in the form of multiple massive data breaches of retail systems affecting up to 100 million consumer accounts, which triggered an avalanche of responses by industry groups, analysts, regulators, and government committees. A national debate ensued on the television news, on radio, and in publications like the Wall Street Journal, New York Times, and USA Today about how far behind in payments security the U.S. is, and what EMV chip could do to fix it. Despite the news fervor, in the months that followed, other than MasterCard and Visa recommitting to theirOctober 2015 fraud liability shift dates and Target announcing it was investing $100 million to upgrade its stores to EMV before the deadline, there wasn’t much of a change, at least on the surface. The endless winter chill held the industry in its grasp, and then March came and everything began changing at once.
First came the announcement by Visa and First Data that the STAR debit network would license the Visa Common AID to process EMV debit card transactions, the first of the national PIN debit networks to join one of the global signature debit networks using a brand’s chip application. EMV card issuers had a pathway to issuing debit cards that complied with the then court-challenged Fed rulemaking interpretation of the Durbin regulations for debit routing choices. A second agreement between MasterCard and Fiserv’s Accel debit network closely followed. During the EMV Migration Forum meeting in Boston, the debit technical work groupwas putting the finishing touches on a document that would provide technical guidance to a framework managing two debit application identifierson one card to supportmultiple verification methods for routing purposes. During that March meeting, the merchants, regional debit networks, issuers and ATM stakeholders held reviews of the debit routing framework as it was being drafted so that all stakeholderinput was considered. The dark cloud hanging over EMV was dissipating and Forum members were warming up to the realization that unpredictable headwinds slowing down the EMV migration were weakening.
More good news followed. On March 21st, Visa added the PULSE debit network to the growing list of the major debit brands to agree on a shared Visa chip AID. Then, a most unexpected breath of fresh air came over the industry. The U.S. Circuit Court of Appeals in Washington upheld on appeal the Federal Reserve rule on debit card routing that had been overturned by Judge Leon’s polarizing July 2013 decision. That decision had stirred up a myriad of problems that led us into the deep funk that later became the chill that gripped the payments market until the Lion became the Lamb. With that distraction behind us, more good news followed on April 1st with Visa and FIS NYCE agreeing to a similar technology sharing agreement, joining STAR, PULSE, Accel, and Maestro.
So, Spring has officially arrived in more ways than one. With it comes the renewed optimism that the challenges for the U.S. EMV migration can be overcome with cooperation and coordination among its industry leaders, fostered by the Smart Card Alliance and the EMV Migration Forum. Let’s enjoy it, and hope it lasts.
In The Spotlight
A 2013 Smart Card Alliance Company of Excellence (COE) recipient, HID Global is a trusted leader in solutions for the delivery of secure identity solutions for millions of customers around the world.
What are your company’s business profile and product offerings?
HID Global, an ASSA ABLOY Group brand, is a worldwide leader in technology related to the creation, management and use of secure identities and serves markets including physical and logical access control including strong authentication and credential management; card printing and personalization; visitor management systems; highly secure government and citizen ID; and identification RFID technologies used in animal ID and industry and logistics applications. Products are sold through OEMs, developers, systems integrators and distributors. End-users include Fortune 1000 customers as well as businesses and organizations in virtually all industry sectors, including government, healthcare, retail, industrial, commercial, transportation, finance and education.
What role does smart card technology play in your business?
HID Global led the transition to smart card technology in the physical access control industry. The introduction of the iCLASS platform in 1998 brought increased security and functionality to physical access control applications, through the use of high frequency smart cards. Today, HID Global continues to lead the industry with the introduction of its Seos technology for microprocessor-based credentials. Seos is an ecosystem of interoperable products and services for issuing, delivering and revoking digital keys on smart phones so that they can be used to open doors to homes, hotels, offices, hospitals, universities, industries and commercial buildings. It enables secure and seamless management of credentials on cards and continues to elevate smart technologies for use on mobile devices.
What trends do you see developing in your market?
- More Secure, Open and Adaptable Solutions: The industry is moving beyond static, proprietary access control architectures to more secure, open and adaptable high-frequency smart card solutions.
- Adoption of Mobile Access Control: Mobile access control will continue to roll out in stages
- Move to IP Architectures: The migration of intelligence to the door will continue with the further adoption of IP architectures.
- Growing Proliferation of Visitor Management Solutions: Visitor management systems will continue to move beyond businesses to schools, federal agencies, hospitals and other institutions.
What things must you overcome to leverage those trends?
- For More Secure Solutions: The hurdle here is complacency. In an HID Global survey of integrators and users, more than half hadn’t upgraded in three years. Respondents that recognized the importance of industry best practices generally weren’t implementing them well–or at all. HID Global is helping to simplify the process of embracing–rather than avoiding–change and its benefits. The company’s products are designed to optimize the transition to more secure and capable solutions, today and well into the future.
- For Adopting Mobile Access Control: The industry must first establish the necessary deployment ecosystem, including devices with short-range wireless connectivity technology, as well as Trusted Service Managers (TSMs) who will deliver and manage applets in the mobile device’s secure element (SE) and facilitate key and credential management and identity provisioning/de-provisioning and sharing. We anticipate first deployment phases during 2014.
- For IP Architectures: There previously were concerns about security, but the industry is realizing that IP-based access control actually improves security. It is easier to deploy and maintain, it facilitates PACS integration with other network systems, it frees users from proprietary protocols and software, it moves intelligence to the door for streamlined system monitoring, management and reporting via standard web browsers, and it simplifies introduction of wireless intelligent locksets into the infrastructure.
- For Visitor Management Solutions: Many dealers and integrators overlook visitor management, perhaps because it doesn’t often carry the high system sales cost of other systems. HID Global is helping customers understand that a modern, professional visitor management system can add value in improved security, operational efficiency and professionalism.
Visit HID Global at http://www.hidglobal.com.
Smart Card Alliance Councils are quite active with well-attended in-person meetings at the 2014 Payments Summit and six new projects launched in March.
- The Access Control Council and Identity Council are collaborating on two new projects. The Councils are reviewing two draft NIST documents, NIST SP 800-157, ”DRAFT Guidelines for Derived Personal Identity Verification (PIV) Credentials,” and NISTIR 7981, ”DRAFT Mobile, PIV, and Authentication,” and will be submitting consolidated industry comments to NIST in April. The Councils are also launching a joint project to develop a white paper on converging physical and logical access with smart card technology. The white paper will discuss the benefits and use cases for converged credentials and tokens.
- The Payments Council completed a project priority survey in March and has launched two projects: a white paper on EMV, tokenization and encryption, and a white paper on the true cost of data breaches. Both project statements of work are currently being defined.
- The Mobile and NFC Council has two new white papers underway to provide educational resources on Host Card Emulation (HCE) and Bluetooth Low Energy (BLE). The Council has set an aggressive schedule and is targeting to complete the white papers for the NFC Solutions Summit 2014 in June.
Council participation is open to all Smart Card Alliance members; to participate, contact Cathy Medich.
Randy Vanderhoof testified before the Subcommittee on Oversight and Subcommittee on Research and Technology Joint Hearing on the increasing instances of cybercrime against retail systems in the U.S. that have highlighted the need for EMV chip cards. Watch the full testimony or read his written testimony.
NFC Solutions Summit
Registration is open for the NFC Solutions Summit to be held June 3-4 at the Renaissance Arboretum Hotel in Austin, TX. The Summit is co-presented with NFC Forum and NFC World Congress.
Welcome New Members
- AT&T Mobility Solutions, General member
- Discover Financial Services, Latin America General member
CSCIP Training and Exam
The next CSCIP training and Exam Preparation Course will be held June 2 and June 3 at the NFC Solutions Summit. If you are planning to take the training and/or exam, make sure to save the date and set up a reminder in your calendar to register. Visit the CSCIP portion of the website for more information.
New CSCIP/P Recipient
- Allen Friedman, Ingenico North America
Save the Date
The 2015 Payments Summit will be held Feb 3-5 at The Grand America Hotel, Salt Lake City. Registration information will be forthcoming.