News : Newsletters : Alliance Member Bulletin : April 2019

Executive Director Message

The Answer to Digital Trust Is Already Here

How do you trust someone you don’t know, can’t see, and isn’t actually in front of you?

That was the question raised in an article I read recently on establishing a system for trust in the digital world.  It got me thinking about what’s missing from the modern marketplace that is challenging potential users like me to have a trusted relationship with service providers, such as my New York Times electronic-only subscription, when they don’t know me, can’t see me, and are not present when I make a transaction.

Most people of my generation remember when there was no internet.  When you wanted information, you went to the corner store to buy a newspaper (with cash) or to the library.  If you wanted to open a bank account, you walked into a local branch and presented multiple forms of ID, such as a paper Social Security card, a library card, and a utility bill with your address listed. Then you used a pen to sign some forms and got a carbon-copy receipt for proof of your transaction.

That might sound burdensome to younger readers, but consider that we’ve traded all of that manual access to information and money in the bank for online access based on our ability to manage hundreds of digital forms of identity and authentication – something which is also burdensome and unreliable. For me, these digital identification tools are in my possession only because I have the education and resources to have ubiquitous access to the internet and some tech-savvy people in my life to show me how things work.  There are millions of people on the other side of the digital divide who can’t buy a newspaper or lack transportation to the library or a bank branch, so don’t have the manual access that I had 40 years ago to these same resources.

So far, there’s no solution for how a user like me can establish trust with a service provider when that service (called a relying party) does not know me, can’t see me, and isn’t present when I’m trying to access the service.  What is missing is the connecting tissue to support that trust between two unknown (and untrusted) parties.

Someone who already has a relationship with me, and who knows something about me, could represent me to that service provider, if that service provider had some type of business relationship with that someone who knows me.  That someone is considered a trust provider because they are in a position to assert that I am who I claim to be. That trust provider can do this for many people like me.  A trust provider could be my bank, my employer, my local government or a Federal government entity like the U.S. Postal Service.  The trust provider could establish terms to satisfy the needs of the service provider so that the service provider has greater confidence doing business with me, an unknown user.  To automate the exchange of digital identity information about me, the trust provider could look for a digital identity service provider to bridge the information exchange between the user and the service provider.

A network is needed to enable this digital trust exchange between users and service providers on a larger scale.  A network like this already exists and handles trillions of payments transactions per day between consumers and retailers and banks – it is our global payments network.  Maybe we should begin by looking at this network and asking ourselves, why reinvent the wheel to solve this digital trust problem?


Securing Federal Identity 2019 – Register Today

We invite you to join us for Securing Federal Identity 2019, a comprehensive coverage of efforts toward strong authentication technology. This event is open to all individuals and organizations interested in learning about the role of secure identity and authentication in government programs, and will be held June 4-5 at the Hilton Crystal City in Arlington, VA. Early bird registration discounts are available until April 26, 2019 – take advantage today!  New at this year’s event will be an optional half-day add-on mobile identity workshop at the conclusion of the second day; the Mobile Identity Workshop will explore mobile drivers’ licenses and the federal government’s use of various mobile identity technologies solutions. Please note that this June 5th afternoon workshop is a separate event requiring separate registration; you can find all you need by visiting www.securingfederalidentity.com.

 

Planned are keynotes, roundtables and panels featuring a select group of government and industry speakers, and an exhibition area featuring security companies and their products and offerings in a casual, networking-conducive atmosphere. The first day will examine the current state of digital identity in the federal government, the risks to critical infrastructure, the security challenges the government is attempting to solve and highlights of some of the examples of digital identity in use today. Day two will look at the federal policies and security programs that are working to secure federal facilities and services and discuss the role mobile identity has in authentication and authorization activities. If you’re involved in federal identity credentialing or access security, you won’t want to miss this conference, as it will bring together the most important developments, innovations and experts in the space. Register today to take advantage of the early-bird discount!


Successful Payments Summit Explores Emerging Technologies

Last month, the Secure Technology Alliance hosted its 12th Annual Payments Summit in Phoenix, where industry experts discussed new ways to overcome challenges impacting the adoption, security and usability of emerging and developing payments technologies. Feedback from this year’s event was extremely positive, with many attendees praising the breadth and depth of agenda topics. Held jointly with the U.S. Payments Forum Member Meeting, attendees neared 550; the Payments Summit brought forth the following concepts and ideas over three days of panels, sessions and keynote presentations:

  • The U.S. market is rapidly migrating to contactless forms of payments
  • Transit is a likely driver for contactless payment adoption
  • Merchants are focusing on “choice” as they provide payments acceptance and check-out methods
  • Data sharing is essential for managing online fraud, mindful that it doesn’t add complexity for consumers
  • Ensuring that technology works consistently and securely is necessary for a successful consumer experience

Thank you to everyone who attended, and keep an eye out for upcoming Alliance events; we welcome your participation and contributions.


Upcoming Alliance Webinars: IoT Security

The IoT Security Council is holding two webinars in May to provide educational resources to the industry on key security topics for the IoT ecosystem.  Registration for both webinars is available at: https://register.gotowebinar.com/register/8885858649069566721.

  • May 16, 2pm ET/11am PT: The Role of PKI in IoT – Josh Jabs, Entrust Datacard. This webinar will describe the role of PKI in securing the IoT ecosystem and best practices for using PKI
  • May 22, 2pm ET/11am PT: Trusting Data at the Edge – Sri Ramachandran, G+D Mobile Security.  This webinar will describe the security requirements for trusting data collected and/or stored at the edge and discuss approaches for ensuring data integrity, privacy and authenticated access control and for managing data at the edge

Individuals who participate in both webinar sessions and complete short online assessment quizzes will receive a certificate of participation from the Secure Technology Alliance.

This is a public webinar series so please pass an invitation to your colleagues and contacts!


Council Highlights

If you would like to participate in a Secure Technology Alliance Council, please contact Devon Rohrer, [email protected].


Upcoming Forum Webinar: Contactless Open Payments for Transit

The U.S. Payments Forum is hosting a webinar on contactless open payments for transit on Wednesday, May 1, 2019, at 1pm ET/10am PT.

Registration is open at:  https://attendee.gotowebinar.com/register/3494504536854126081.

The webinar will provide attendees with the information necessary to understand, evaluate and accept contactless open payment cards for transit payments.  The webinar will discuss:

  • An overview of open- and closed-loop transit fare collection systems
  • The benefits and challenges of implementing contactless open payments in transit
  • A look at Transport for London’s (TfL) experience with contactless
  • The U.S. Payments Forum-developed approach for accepting contactless cards and devices in transit

Speakers include: Steve Cole, Worldpay; Itai Sela, B2 Payment Solutions; and Randy Vanderhoof, U.S. Payments Forum.


New Forum Resources

The U.S. Payments Forum published a number of industry resources that will be of interest to Alliance members.

  • The Forum has published a new guide, Debunking EMV Myths, to provide accurate information for all stakeholders communicating about contact and contactless chip technology. The goals of the guide are to correct misperceptions about EMV chip technology and to separate fact from fiction so that payments providers and reporters put forward the most accurate information to the public
  • The new com educational web site was developed to answer the most important questions merchants have about contactless payments, including: what are contactless payments? Why offer contactless payments? Are contactless payments as secure as contact chip card payments? Merchants can also find additional resources such as signage best practices on the website
  • The Forum completed its four-webinar series on mobile and digital wallets. Sessions covered the market landscape, security approaches, merchant considerations and issuer considerations. Recordings and presentation PDFs are available from the S. Payments Forum web site
  • The Forum hosted a well-attended webinar, EMV 3-D Secure Data Elements. The webinar provided an overview of EMV 3DS and presented detail about the new EMV 3DS data elements to provide an educational overview for merchants, issuers and other payments industry stakeholders.  The webinar recording and presentation are posted on the Forum web site

Welcome New Member

  • Metropolitan Transit System, San Diego

CSEIP

  • Glen Ballew, Security Install Solutions*
  • Dustin Mastay, Security Install Solutions*
  • Cameron Paul, Security Install Solutions*
  • Ryan Todd, Security Install Solutions*
  • Jared Wischkowsi, Security Install Solutions*
  • Richard Mofor, Condortech Services
  • Joseph Peltier, Johnson Controls
  • Russell Swartz, Security 101

CSEIP Recertifications

  • Brent Arnold, XTec
  • Richard Case, Systems Engineering
  • Troy Hall, Johnson Controls
  • Maniram Tiwari, Johnson Controls
  • Todd Soderstrom, Security Install Solutions

*Denotes corporate training. Please contact Randy Vanderhoof for more information or to schedule a corporate training class


CSEIP Training, Exam, and Recertification Dates

Unless otherwise noted, CSEIP training and exams will take place at The Training Center at Identification Technology Partners, located at 12 S Summit Ave in Gaithersburg, MD. Recertification is online-based only.

CSEIP Training/Exam

  • April 23-25, 2019, Identification and Technology Partners
  • May 21-23, 2019, Identification and Technology Partners
  • June 25-27, 2019, Identification and Technology Partners

To view the summer and fall CSEIP 2019 schedule, click here.

CSEIP Recertification

The online instructor-led review course is four hours, from 11 AM ET – 3 PM ET. The hour-long exam follows from 3 PM ET to 4 PM ET. Here are upcoming dates:

  • April 19, 2019
  • May 17, 2019
  • June 28, 2019

To view the summer and fall CSEIP 2019 Recertification schedule, click here.


Follow the Alliance on Social Media

The Secure Technology Alliance has enhanced its presence on social media with robust platforms on Twitter and LinkedIn.  Here are some ways you can interact with the organization:

The Secure Technology Alliance is Hiring

X