January 2018 Monthly Member Bulletin

• From the Executive Director
• March Payments Summit
• Council Highlights
• New EMV Resources
• Congratulations New Certificants
• Training and Certification Dates

Executive Director’s Corner

A Secure Commitment

Now that 2017 is behind us, I would like to share some insights into what the Secure Technology Alliance hopes to contribute to the security industry to help protect our nation’s payments, mobile, transportation fare payments, healthcare privacy and security, government identity and access security, and emerging Internet of Things (IoT) markets.

In March 2017, the Alliance followed our already-evolving membership activities and shed its name and legacy mission as the Smart Card Alliance.  The organization’s member-supported contributions to the security industry had moved beyond smart cards years earlier.  This evolution was evident in our Council activities with the establishment of the new IoT Security Council in early 2016 and the numerous projects completed in 2017 by the Mobile Council and Payments Council members involving digital security technologies like tokenization, encryption, embedded secure elements, two-factor authentication and blockchain.  By the time we officially adopted our new name, we were already following our new mission, which is to stimulate understanding, adoption and widespread application of connected digital solutions based on secure chip and other technologies and systems needed to protect data, enable secure authentication and facilitate commerce.

Even our affiliated U.S. Payments Forum organization has moved beyond its focus on EMV cards. The Forum is helping issuers, merchants, and processors tackle the challenges of an increasingly large and complex retail banking and consumer spending environment. This environment is one where cards are no longer present, having been replaced by digital tokens delivered by mobile phones, watches, and connected home electronics or stored on file whenever consumers visit their favorite online shopping site or use a mobile retailer app.

This year, I expect there will be more fallout from the Equifax data breach involving stolen user names and passwords, Social Security numbers, and personal information.  Synthetic identities and account takeovers will be a bigger problem than lost and stolen credentials and counterfeiting.  The Alliance will put identity management and online authentication at the forefront of its digital security projects.  The U.S. Payments Forum will continue to lead payments industry adoption of advanced risk-based data analytics solutions such as EMVCo 3DS for online payments and mobile browser and in-app payments.  IoT device manufacturers will continue to discover that insecure connected devices lacking basic end-point security features are a liability, and that secure chip and security technology vendors within the Alliance have the solutions with a proven track record against such tampering.

Looking forward into 2018 and beyond, I am encouraged and confident that the Secure Technology Alliance is establishing a reputation of its own as the digital security industry’s premier association.

Thank you for your support of the organization.

2018 Payments Summit to Present the Future of Payments

Thought leaders from all sectors of the payments industry will convene at the Secure Technology Alliance’s 2018 Payments Summit March 26-29 in Orlando to discuss and analyze all the latest industry trends. Session topics include new developments involving EMV chip technology, contactless payments, e-commerce, faster payments, mobile wallets, wearables and emerging IoT payments, blockchain, the future of transit contactless payment systems.

The 11th Annual Payments Summit will be held at the Omni Orlando Resort at ChampionsGate in Orlando, Florida. Early registration discounts are available now through January 19. All other discounts are available through March 9. To register, visit www.stapayments.com.

This year will mark the first time the U.S. Payments Forum will jointly hold its All-Member Meeting at the Payments Summit, bringing over 250 payments industry leaders from more than 150 member organizations including global brands, financial institutions, retailers, processors, mobile wallets providers, and payments industry technology and service providers.

It will also be the third time that the Secure Technology Alliance and the International Card Manufacturing Association (ICMA) are co-locating events, giving attendees a broader perspective from the core manufacturing and personalization of a card to the rapid evolution in secure payments. These three organizations coming together creates the most comprehensive gathering of card and payments professionals ever.

To see the full agenda of topics that will be covered, visit: https://www.stapayments.com/#agenda. The ICMA Expo conference agenda will include additional educational topics centering on core manufacturing and card personalization techniques and advances that all attendees can attend.

Registration includes access to Payments Summit and ICMA EXPO sessions, the combined exhibition hall and a number of networking events. Members may register through the Secure Technology Alliance or the ICMA to receive member discounts and other benefits. Details regarding the agenda and registration can be found at www.stapayments.com or www.icmaexpo.com.

U.S. Payments Forum members will register through the Forum member registration website and will be able to use their U.S. Payments Forum registration codes for registration to the full conference. Details regarding the registration for Forum members can be found at http://www.uspaymentsforum.org/upcoming-events/.

Council Highlights

• Council projects. A summary of all active Council projects is posted on the Secure Technology Alliance members-only site
• The Secure Technology Alliance Educational Institute and Access Control Council have now held three well-attended webinars in the education series “How to Plan, Procure and Deploy a PIV-Enabled PACS.”  The second webinar, “Facility Characterization and Risk Management,” was held on November 30 and featured Michael Kelley (Parsons), Lars Suneborn (Secure Technology Alliance), Randy Vanderhoof (Secure Technology Alliance), and William Windsor (DHS) as speakers.  The third webinar, “Establishing the Project Scope,” was held on January 11, with Lars Suneborn, Michael Kelley, Mark Steffler (Quantum Secure) and Randy Vanderhoof presenting. Recordings of all webinars are available on the Alliance web site.  The next webinar in the series, “Developing the Procurement Strategy,” will be held on February 22
• The Internet of Things (IoT) Security Council published the new white paper, “IoT and Payments: Current Market Landscape,” in collaboration with the Payments Council.  The white paper provides a resource for the industry that outlines the current market landscape for implementing payments with IoT devices and provides guidance for developing IoT applications that will include payment
• The Payments Council published the new white paper, “Contactless Payments: Proposed Implementation Recommendations.”  The white paper discusses the challenges of issuing, accepting and processing ISO/IEC 14443/Near Field Communication (NFC) contactless transactions and provides best practices and guidance to help the market work through pre-EMV and post-EMV challenges and to promote contactless issuance and acceptance

If you would like to participate in a Secure Technology Alliance Council, please contact Mike Strock, [email protected].

New EMV Resources

• The U.S. Payments Forum ATM Working Committee published the white paper, “EMV Troubleshooting Guide for ATM Owners and Operators.” The white paper provides recommendations to help ATM owners/operators prevent some common transaction problems, and offers suggestions for troubleshooting problems when they do occur
• The Forum’s Testing and Certification Working Committee published an update to the white paper, “EMV Testing and Certification White Paper: Current Global Payment Network Requirements for the U.S. Acquiring Community.” The white paper discusses most up-to-date requirements and processes from the global payment networks, includes testing and certification requirements for Quick Chip and M/Chip Fast implementations, and includes information on contactless EMV certification and testing processes

Congratulations New Recipients

CSCIP

• Crisanto Cafirma, American Express
• Benedict Pang, American Express

CSCIP/P

• Durwood Graddy, TSYS

CSEIP

• Rich Anderson, PSG Global
• Jeffrey Drill, Communications Resource
• Clinton Eppler, Cam-Dex Security
• Stephen Kellar, Defense Contract Management
• Jorge Medina, Tyco
• Collin Smith, Communications Resource

Upcoming Training and Exams

Unless otherwise noted, all trainings and exams will be held at the National Center for Advanced Payments and Identity Security in Arlington, VA

CSCIP

• March 27 – 28, 2018

CSCIP/G

• February 6-7, 2018
• May 15 – 16, 2018

CSCIP/P

• March 27-28, 2018, 2018 Payments Summit Conference, Orlando, FL

CSEIP

• January 23-25, 2018
• February 13-15, 2018
• March 20-22, 2018

CSEIP Recertification

The online instructor-led review course is four hours, from 11 AM ET – 3 PM ET. The hour-long exam follows from 3 PM ET to 4 PM ET. Register for one of these upcoming certification dates:

• January 19, 2018
• February 9, 2018
• March 8, 2018