January 2015 Alliance Member Bulletin

• Executive Director’s Corner
• In The Spotlight
• New Members
• New CSCIP/CSEIP Recipients
• Council Highlights
• New EMV Resources
• Discount Registration on Workshops
• 2015 Payments Summit Registration Reminder
• CSCIP/Payments Training and Exam Reminder
• 2015 Training Dates for CSEIP
• 2014 Annual Review Publication

Executive Director’s Corner

Countdown Begins for EMV Shift

Dear Members and Friend s of the Alliance,

By now most of you have put away your holiday decorations, finished off the last of the cookies and candy, and have been jolted back into your professional working lives after two weeks of having extended family time, entertaining friends and not much working.  We welcome 2015 with both anticipation and trepidation, especially if your business interests are in the payments arena.

2015 is the start of the countdown to the EMV fraud liability shift in October.  Those of us who are deep into the card payments market are nervously watching the calendar while simultaneously looking for positive signs that the much anticipated, extremely complicated, and hugely expensive process of this EMV conversion is on track.  It is hard to know for sure, because most of the big changes are happening behind the scenes in the software development rooms, testing labs, and card production facilities across the country.  Only in the United States could there be 100 million new chip cards issued in a single year and nearly 5 million point of sale terminals replaced and no one would notice.  It was reported that 50,000 unique merchant terminal locations processed EMV transactions in 2014 which sounds like a lot unless you compare it to the estimated 12 million terminals that didn’t do a single EMV transaction.  It is really hard to get one’s mind wrapped around the prospect that another 500 million cards are going to be issued in the next 12 months, and an estimated 7 million EMV-capable terminals will start rejecting card swipes in favor of chip insertions by the start of the 2016.

Things are already getting very complicated with the media coverage on EMV.  The Wall Street Journal, USA Today, and even NPR have run stories in the last two weeks about the simmering controversy over U.S. banks favoring chip and signature instead of chip and PIN.  I have been put in the position of having to explain the complex issues involving PIN and signature with overly simplistic reasons like “consumers can’t remember a four digit number,” when the full explanation requires an advanced course in payments risk management and lessons about the complicated infrastructure involving ATMs and POS terminal scripts which the average guy has no interest in.  They may not even want to be bothered with a PIN but they want to know they are protected if they don’t have it.

We are already bracing for blame game reporting later in the year when the media will want to know why some people have chip cards and others don’t, why consumers can still swipe their card in one store and need to insert it to read the chip in the next store, and why another merchant’s data was breached even though they had replaced their terminals with chip-capable devices.  It is going to be a tough time to be a major bank, retailer, or payment brand for the next few years until the hysteria around all this change subsides and consumers and payments providers and acceptors get used to the technology.  I will be very much in the middle of all of this and reporting to you what I observe along the way – and I wouldn’t want it any other way.

On a final note, there is still time to register for the 2015 Payments Summit, February 3-5, in Salt Lake City.  This is our 8^th annual conference that brings together the best people in the industry from the EMV payments, mobile payments, and transportation payments markets, discussing how each market is evolving and changing in light of the newest technology trends.  The snow-capped mountains surrounding Salt Lake City are the perfect setting for this unique conference event and it is the highlight of the year for payments industry thought leadership and new ideas.  Don’t worry about the weather either – there is no such thing as a warm-weather city these days.  So if you are going to be cold, you might as well enjoy the great networking and educational value of this event.  Smart Card Alliance members should use their complimentary and discount pass member benefit and start 2015 off right.

Sincerely,

Randy Vanderhoof

Executive Director, Smart Card Alliance

 

In The Spotlight

Verifone

A 2013 Smart Card Alliance Center of Excellence (COE) recipient, Verifone is leading the commerce evolution, providing the most secure terminal, payment as a service, and commerce enablement solutions around the world.

What are your company’s business profile and its offerings?

For more than 30 years, Verifone has been at the forefront of secure payments innovation–first moving society from paper-based payments to electronic transactions, and now into a new and exciting world of commerce. Verifone is at the center of this new world, simplifying complexity of emerging payment methods and technologies for all in the payments ecosystem.

Verifone has an installed base of more than 20 million terminals with clients and partners in more than 150 countries. We are leveraging our substantial footprint at the physical point of sale to develop innovative products that meet clients’ needs for secure payment, enrich interactions with consumers at the point of sale, and bridge the online and offline worlds.

What role does smart card technology play in your business?

It’s no secret that smart cards are growing in popularity around the world, and certain applications – namely EMV– have become the preferred payment method in certain markets, while at the same time, migration toward EMV is underway in the U.S.

Our innovative hardware and software provides merchants and retailers the tools they need to need to securely accept all types of payments. In fact, more than70% of the terminals we are shipping in the U.S alone are now EMV ready, and the majority of these are also NFC compatible.

In addition to working with clients to upgrade their payment infrastructure to support smart card payments, adoption and acceptance of our mobile payment app for taxis – Way2ride – is gaining momentum. It’s accepted by all taxis operating in Philadelphia and more than half in New York City. Recently, we announced Way2ride’s upcoming expansion to taxi fleets in Istanbul and availability to fleets in Cancun and other areas throughout Mexico’s Mayan Riviera.

What trends do you see developing in your market?

A major trend we’re noticing is the increased focus on security among retailers and processors due to data breaches that have gained widespread attention in recent headlines. Many seem to think EMV and PCI compliance will protect them against such breaches. What they fail to realize is that, while both play important roles in the fight against fraud, they must be coupled with end-to-end encryption and tokenization to be truly effective.

We’re also noticing increasing demand from merchants and retailers for ways to leverage payments as an opportunity to acquire new customers and increase sales to existing customers.  They not only want to be able to accept payments–whether traditional magnetic stripe or EMV, NFC and mobile wallets–but also engage customers before, during and after the transaction through media, promotions and loyalty incentives.

What things must you overcome to leverage those trends?

Our creative problem solvers, focused hardware engineers, accomplished software developers and disciplined implementation specialists continue pushing the limits of technology to achieve breakthroughs in payments.

We are continually engaging clients at the white board to help them reduce their growing exposure to data breaches and cyber criminals, and more aggressively safeguarding consumer information. One of the ways we’re doing this is by providing secure point-of-sale terminals that are capable of accepting all types of payments–including EMV, NFC and mobile wallets, as well as traditional magnetic stripe cards –while also providing additional layers of data protection, such as end-to-end encryption and tokenization, which helps protect data at the point of sale and as it travels beyond the merchant environment through the payments cycle.

Additionally, we’re providing merchants and retailers with commerce-ready terminals that enable them to engage customers in more meaningful ways, such as making customers more aware of in-store products and suggesting additional items that go naturally with items a customer is purchasing. At the same time, we are increasing the number of clients whose terminals connect back to VeriFone through payment as a service (PAAS).  This connectivity not only helps us reduce payments complexity for clients, but also enables them to access customers’ purchase history and other useful information they can use to help drive sales and increase revenues.

Visit Verifone at http://www.verifone.com.

Welcome New Members

• E4 Security Consulting, LLC, Associate member
• Morpho (Safran), General member
• Tyco Integrated Security, General member

New CSCIP Recipients

CSCIP/Government

• John Moore, Intercede Limited
• Nicholas C. Wryter, XTec, Incorporated

CSCIP/Payments

• Muhammad Naumann Ahmed, TSYS
• Deborah Andreozzi, TSYS
• Ben Bruno, TSYS
• Natalie Bullard, TSYS
• Jessica Burch, TSYS
• Rico Cantrell, TSYS
• Audria Crain, TSYS
• Gus Damian, TSYS
• Abigail Floyd, TSYS
• Thomas Fluegel, TSYS
• Tom Griffith, TSYS
• Sandra Gunnels, TSYS
• Joseph Handschu, HQS International
• Megan Hoffer, TSYS
• Jenifer Kennedy,TSYS
• Alicia King, TSYS
• Stacey C. McCarthy, TSYS
• John Moore, Intercede Limited
• Andrew Patania, First Data
• Patrick Plazas, TSYS
• Lance Robinson, TSYS
• Chadrick Sine, SAIC
• Keith Stephan, TSYS
• Sean Stern, TSYS
• Tiffany Szabo, TSYS
• Kelly Urban, First Data
• Mario Urquilla,Xtrategies, LLC
• Michael J. VanBibber, TSYS
• Nicholas C. Wryter, XTec, Incorporated

New CSEIP Recipients

• Gunvir Baveja, eVigilant.com Inc.
• Kevin Beacom, HID Global
• Thirl Berry, Executive technologies Corp
• Christopher Byron, CertiPath Inc.
• Aldrich Camat, Department of Homeland Security
• Kathryn Captain, M.C. Dean, Inc.
• Joe Cunetta, Brivo Systems, LLC
• Forrest Davenport, ICF International
• Susan Doherty, Security Install Solutions, Inc.
• Steven Gray, Johnson Control Security Services
• David Harris, HID Global
• Nicholas Johnson, M.C. Dean, Inc.
• Dan Novak, Convergint Technologies
• Dwayne M. Pfeiffer, Northrop Grumman IT
• Brandy Sloan, Gallagher Group Limited
• Adam Somers, MC Dean
• Darryl Stringfellow, Chenega Managment
• Michael Taylor, M.C. DEAN, INC

Council Highlights

Smart Card Alliance industry councils planned and delivered multiple track sessions during the 2014 Member Meeting.  Presentations from the Member Meeting are available on the Alliance members-only web site.

All Councils have completed the election of their 2015-2016 Steering Committees and officers.  The Council public web pages include the list of the newly-elected Council leadership.  The 2014 Council Honor Roll and top contributors have also been posted on the Alliance web site.

• The Access Control Council is currently working on a guide specification for architects and engineers for smart card-based PACS cards and readers.  The Council is also developing a full-day pre-conference workshop for ISC West in April 2015.
• The Health and Human Services Council, Identity Council and Mobile and NFC Council are currently developing plans for 2015 activities.
• The Payments Council is working on two projects: a white paper on EMV and data breaches; a white paper on the true cost of data breaches.

• The Transportation Council held a half-day “Multimodal Payments Convergence Workshop,” on Jan. 15^th, during the Transportation Research Board’s annual conference.  The workshop had excellent attendance with cross-industry participation from other transportation-focused industry organizations.
• The Mobile and NFC, Payments and Transportation Councils will be holding in-person Council meetings at the 2015 Payments Summit in Salt Lake City, UT.

Member Discount for Data Privacy Workshops

The Smart Card Alliance is one of several non-profit organizations supporting a series of town halls and workshops scheduled later this month to promote data privacy and protection. The Online Trust Alliance (OTA), a non-profit organization whose mission is to enhance online trust and promote innovation, is offering the Sixth Annual OTA Data Privacy & Protection Town Hall and Breach Response Workshops in New York, San Francisco and Washington, DC from January 28 through February 5. Smart Card Alliance members will receive a 20% discount if they register by January 20 using the code “DpD2015”. For complete information on the event and to receive a discount, visit the OTA’s website.

New EMV Resources

The EMV Migration Forum completed two new educational resources for the payments industry in December.

• The new infographic, EMV Chip Cards: The Future of Payments, was designed to answer key questions surrounding the U.S. migration to EMV chip cards for payment. The infographic presents what the migration is and when it will happen; what security features chip cards support; what will change for the consumer; and how the payment process works with chip cards.
• The video, Contact Chip Card Online Authentication, provides a clear and concise overview of how an EMV transaction is secured. The presentation videouses animation, straightforward messaging, and commentary to help the viewer understand the concept of cryptogram creation and validation in an EMV transaction.

Both resources are available on the EMV Connection web site.

2015 Payments Summit

Make sure you are registered for the 8^th Annual Payments Summit, which will be held February 3-5 at the Grand America Hotel in Salt Lake City.

CSCIP/Payments Training and Exam

The next CSCIP/Payments training and exam preparation course will be held on Monday, February 2, with the exam scheduled for Tuesday, February 3 at the 2015 Payments Summit. If you are planning to take the training and/or exam, make sure to save the date and set up a reminder in your calendar to register. Visit the CSCIP portion of the website for more information

2015 CSEIP Training Dates

We have posted the dates of the CSEIP training and exams on our website. This GSA-approved training program will provides certification required for E-PACS engineers employed by commercial organizations that are looking to bid on GSA procurement agreements for access control systems.

Download the 2014 Annual Review Publication

The Annual Review is a comprehensive, year’s worth of Smart Card Alliance activities and news, and is available in PDF and e-reader versions. You can also pick up a hard cover, full color copy at our Payments Summit. This free member annual review details the complete year and serves as an excellent resource.