July 2020 Monthly Member Bulletin

• Executive Director Message
• Securing Federal Identity 2020 Conference Cancelled
• New Resource: Dynamic Security Code Cards – A Primer
• Council Highlights
• New Forum Resources
• Congratulations New Certificants
• Update on Training and Exam Dates
• Follow the Alliance on Social Media

---

Executive Director Message

What Does Adapting Mean During this COVID Era?

So far, 2020 has proven that whatever payments behavior you felt normal about for yourself and others before this pandemic – about what shopping behaviors you would shift to if forced to, and what payments methods you would be willing to use if required to – have been rewritten.  It seems like the more hard-pressed we are, the more adaptable we become.  Adapting has been the key to restoring some balance in our business lives and our personal lives, keeping us entertained and staying productive in our jobs.  Adapting how we shop is allowing us to keep food in the house and keep up with purchasing life’s everyday needs like medicine, batteries, and even a new smart TV with digital streaming features.

Adapting is also how security is being maintained as consumers limit their face-to-face interactions in physical stores.  EMV and dual -interface payment cards were a tremendous force for change for retailers and payments networks, introducing a new generation of POS technologies and online payments services for retailers.  Contactless commerce no longer just means paying in person with a contactless card or mobile device.  As major retailers were closing stores and consumers had to forego dining out and limit their store visits, consumers were able to adapt to using more digital channels and take advantage of new home delivery, curbside pick-up, or drive thru/take-out meals options.

Where people started returning to physical retailers and restaurants, new mobile and contactless check-out options greeted them at the same time.  Fears of touching anything inside a store have driven consumers and merchants alike to avoid cash and use contactless payment options more often.  Contactless payments are increasing worldwide – not only as a result of the pandemic. In a recent keynote address at a virtual U.S. Payments Forum event, a Visa executive reported that nearly 60% of all face-to-face transactions globally are tapped, rather than inserted or swiped.   Contactless acceptance has real COVID-era benefits as well.  Another recent publication by the Forum provided tips to cleaner payments that included encouraging the use of contactless forms of payments, eliminating signatures on receipts, and reducing unnecessary touches from prompts at the POS.

What will be the long-term effects of these sudden shifts in personal shopping behavior and the introduction of new enabling technologies for order ahead and pickup/delivery services?  I believe some of these shopping trends will become less popular as time passes.  Habits don’t change overnight and anyone who has sat at home waiting for a food order to be delivered and cringing at the 25 – 50% cost increase for service charges, delivery fees, and tips will be happy to be able to go back to how it was.  Other habits will be broken more quickly and will spread more broadly.  Wearing a mask inside a store reminds us that this virus is not going to disappear anytime soon.  Being able to tap a card or pay with a mobile wallet and walk away rather than handing the card to the cashier or inserting it into the reader and grabbing the pen or stylus to sign a receipt will forever change this behavior for many who never knew there was another option.  Adapting will be a constant part of everyone’s lives for the foreseeable future.

Sincerely,
Randy Vanderhoof
Executive Director, Secure Technology Alliance

---

Update: Securing Federal Identity 2020 Conference Cancelled

Due to the safety concerns about holding in-person events and uncertainty of how the COVID-19 virus will continue to impact government and industry, we have cancelled the Securing Federal Identity Conference that was rescheduled for September 16-17, 2020.

The health and safety of our sponsors, speakers and attendees are our top priorities.  We will post any information about new dates for 2021 when they are available.  For any questions, please contact Randy Vanderhoof at [email protected] or call 609-587-4208.

---

New Resource: Dynamic Security Code Cards – A Primer

The Secure Technology Alliance Payments Council published a new white paper, Dynamic Security Code Cards: A Primer.

With the widespread implementation of EMV in the U.S., fraudsters have shifted their focus to card-not-present (CNP) fraud, highlighting static card security codes as a critical weakness. This new white paper provides a primer on cards with dynamic security code features as a layered defense to this CNP vulnerability.

The white paper:

• Introduces the impact of CNP fraud on merchants and issuers
• Provides a high-level description of a dynamic security code card solution (card and server/service) to educate stakeholders on functionality and benefits
• Outlines the benefits of dynamic security code cards for issuers, merchants and cardholders
• Outlines manufacturing, personalization and implementation considerations
• Describes real world deployed use cases

Francine Dubois, IDEMIA, led this project.  Council members involved in the development of this white paper included: ABCorp; Ellipse; IDEMIA; Infineon Technologies; MULTOS International; Thales; Visa; Worldpay.  The Council is nearing completion of its wearables white paper update.

---

Council Highlights

• Council projects. A summary of all active Council projects is posted on the Secure Technology Alliance members-only site.
• The Access Control Council is working on a new project on access control with mobile devices (in collaboration with the Identity Council).
• The Identity Council held a successful third webinar, Privacy and Trust in the mDL Ecosystem, on Thursday, June 25, 2020. Speakers included:  Arjan Geluk, UL; Ted Sobel, DHS; Matt Thompson, IDEMIA; Randy Vanderhoof, Secure Technology Alliance; Christopher Williams, Exponent; John Wunderlich, Kantara Initiative.  The webinar PDF can be found at: https://www.securetechalliance.org/the-mobile-drivers-license-and-ecosystem-webinar-series/privacy-and-trust-in-the-mdl-ecosystem/.  The fourth webinar in the series will be held in September.  The Council is also starting two new projects: a webinar on understanding other states’ policies for mDL; response to the NIST request for comments on SP 800-63 (in collaboration with the Access Control Council).
• The Payments Council published the new white paper, Dynamic Security Code Cards: A Primer. Council members involved in the development of this white paper included: ABCorp; Ellipse; IDEMIA; Infineon Technologies; MULTOS International; Thales; Visa; Worldpay.  The Council is nearing completion of its wearables white paper update.
• The Transportation Council is completing work on a vision document on the Mobility as a Service (MaaS) ecosystem. Nominations are open for Council officers and steering committee

If you would like to participate in a Secure Technology Alliance Council, please contact Devon Rohrer, [email protected].  The full list of active Council projects is available on the Alliance members-only site.

---

New Forum Resources

The U.S. Payments Forum publishes industry resources that will be of interest to Alliance members.

• The Forum CNP Fraud Working Committee published a new resource, CNP Fraud Mitigation Techniques. The white paper provides a high-level document that directs readers to relevant fraud mitigation techniques while providing easy access to details about the solutions.
• The Forum published a new resource, S. Automated Fuel Dispenser (AFD) Chip Fallback Transaction Processing Best Practices. The white paper defines fallback and covers processing magnetic stripe transactions for card programs that are not supported on the contact EMV interface of automatic fuel dispenser (AFD) terminals.

The full list of active U.S. Payments Forum projects is available on the Alliance members-only site.

---

Congratulations New Certificants

CSEIP

• Jonathan Baker, Tusco Inc.
• Matthew Butler, TUSCO INC
• Wayne Fanning, eVigilant
• Jamal Hennani, Parsons Corporation
• Richard Huey, Tyto Athene, LLC
• Markus Leogrande, M3T Corporation
• Ross Nelson, Securityhunter
• Jonathan Phillips, System One Alarm Services, Inc.
• William Sepulveda, Virsig LLC
• Taronn Sullivan, BruckEdwards, Inc.

CSEIP-Recertified

• Henry Leahy, LS3 Inc.
• Omar Lopez, LS3 Inc.
• Sean Harrison, LS3 Inc.
• Fred Nathan, GC&E Systems Group
• Steven Peltier, Johnson Controls
• Daniel Stafford, General Services Administration

---

Update on Training and Exam Dates

The following dates have been announced for CSEIP and TSCIP Training.  Class sizes have been reduced to 6 people per class due to COVID-19 health guidelines and safety concerns.  As a result, classes are selling out faster than they have in the past, so we are advising organizations to make their reservations in advance of future security system contracts and installations.

• New : CSEIP Certification Course, September 22-24
• Rescheduled: CSEIP Certification Course, November 17-18 (rescheduled from Dec. 1-3)
• Rescheduled: CSEIP Re-Certification Course, November 24 (rescheduled from Dec. 4)
• Rescheduled: TSCIP Course, November 19

CSEIP Recertification is ongoing, as the recertification class is presented online. Learn more by visiting the CSEIP Recertification site.

---

Follow the Alliance on Social Media

The Secure Technology Alliance has enhanced its presence on social media with robust platforms on Twitter and LinkedIn.  Here are some ways you can interact with the organization:

• Follow us on Twitter: @SecureTechOrg
• Connect with us on LinkedIn: https://www.linkedin.com/company/secure-technology-alliance
• Engage across platforms to help share news, insights and resources by liking and retweeting or sharing our posts
• Share our pages with colleagues