March 2015 Monthly Member Bulletin
Executive Director’s Corner
Dear Members of the Smart Card Alliance,
It is hard to believe that Apple Pay has only been available to the public since October 2014. So much has been written and talked about Apple’s relative impact on the market that one might think that it has been the standard for the industry for years. Are the results over this very short time worthy of the position of importance it has assumed in the mobile payments market? Certainly other big names competing in this fickle market think so. Let me share some of what has transpired since the company went public with the announcement of Apple Pay.
There is no debate that the iPhone 6 and 6 Plus have been a huge win. Apple sold 10 million new phones the first week the phones were announced and nearly 40 million by year’s end. Apple also saw the biggest conversion of Android users to iPhone during that period. This was bad news for all the other mobile wallet providers who were building businesses around multiple smart phone manufacturers running Android and Windows OS with NFC and embedded secure elements or UICC chips inside.
Softcard (formerly Isis), the joint venture mobile platform led by AT&T, Verizon Wireless, and T-Mobile, saw their business model crumble as banks flocked to the brand appeal and upscale customer base commanded by Apple. Apple Pay also leveraged a slick onboarding process and new tokenization platform supported by American Express, MasterCard and Visa. Financial institutions traded the high upfront provisioning and maintenance costs charged by Softcard for Apple Pay’s more secure and lower cost tokenization model plus a small piece of each mobile transaction (.15 percent). In January, Softcard folded their tent and sold off the remains of the technology to Google. For years Google couldn’t gain traction with U.S. mobile network operators because their architecture did not require paying the MNOs high fees to rent space in secure elements, but had a design that hosted the funding account in the cloud. This approach wasn’t popular with merchants either, because of Google’s insistence on monetizing usage by capturing merchant data along with the payment data.
PayPal was the next big player to respond to Apple’s new found dominant position for mobile payments. PayPal has made several unsuccessful runs at the mobile market and in-store acceptance over the last few years but had slipped to the back of the pack. That changed, though, when they acquired Paydiant, a white-label mobile wallet platform provider, which most notably was selected for the forthcoming MCX mobile payments platform, called CurrentC, that will compete with Apple Pay and PayPal. Paydiant has been a leading provider of private label banking and merchant apps, including Subway. Like PayPal, Paydiant takes a technology-agnostic approach to how payments transact with mobile devices, supporting QR codes, bar codes, or NFC. However, with the much anticipated launch of MCX by more than 50 major retail chains later this year, it will be interesting to see how PayPal will leverage their Paydiant acquisition to launch a new PayPal payment solution to compete with CurrentC – or to find a new way to win favor with merchants and become part of the CurrentC solution. PayPal has had a long-term positive relationship with those merchants through their online channels, but getting a favorable position inside the stores has never been PayPal’s strength.
In another strategic move, Samsung has responded to Apple’s challenge by acquiring another start-up, called LoopPay. LoopPay’s differentiation is that its technology works using something called magnetic secure transmission to pass payment data to standard magnetic stripe terminals. Samsung Pay will also work with NFC if the terminal supports it. The company believes they can solve the critical Achilles heel of Apple Pay – merchant acceptance of NFC – with their solution. It will be a few months before Samsung brings this technology to market in the U.S., so for now we have to take them at their word that the technology actually works. There have already been concerns cited about what will happen when attempting a mobile payment at EMV terminals once merchants activate the POS acceptance software for chip cards.
It will be interesting see how these monster brands align and compete on the giant chessboard chasing after the consumer (the King). Will Samsung establish an Android equivalent to Apple Pay and energize consumers to use mobile payments as Apple has done? This will put tremendous pressure on merchants to begin accepting mobile payments if that happens. Will Google Wallet rise from the ashes of Softcard to be the favored choice for mobile wallets for AT&T, Verizon, T-Mobile and Sprint – Google’s original partner? How will these MNOs handle sales and support of Apple and Samsung handsets hosting competing technologies? And will MCX merchants change their strategy prior to launch? Will they open up the platform to support NFC and open bank cards through merchant-branded wallets and let customers decide if they want to choose the merchant-preferred CurrentC payment method or one of the other device-driven or Internet service provider-driven options? What about banking apps that surely could add payments as part of their private label efforts to keep their cards in the favored top-of-wallet position? We can expect change to be a constant for mobile payments for the foreseeable future, so your best bet is to be informed in order to participate in this evolving market.
Executive Director, Smart Card Alliance
In The Spotlight
First Data is a global technology leader in the financial services industry. With 24,000 employee-owners and operations in 35 countries, the company provides secure and innovative payment technology and services to more than six million merchants and financial institutions around the world, from small businesses to the world’s largest corporations. Today, businesses in nearly 70 countries trust First Data to secure and process more than 2,000 financial transactions per second, totaling $1.8 trillion a year.
What role does smart card technology play in your business?
Smart card technology spans the entire breadth of First Data. The company offers industry compliant POS devices supporting both contactless and contact chip cards. First Data personalizes and authorizes chip-enabled plastics for financial institutions. First Data also operates an industry certified Service Provider TSM to support Secure Element-based mobile wallets.
What trends do you see developing in your market?
Among the company’s focus is mobile payments in the U.S., with an eye on its peers in the international markets. The number of products and services based on smart card/chip technology in the US market is growing at an amazing pace, and there are several milestones and trends in this area. The recent introduction of a significant mobile wallet player was a watershed moment for Secure Element-based mobile wallets. Cloud-based payment methods, like HCE, will undoubtedly continue to grow, but the latest use of an SE in mobile payment products will quite likely breathe new life into the secure local storage methods.
It is good to see mobile devices enabled with NFC becoming the norm instead of the exception. And as expected, the looming deadline for EMV liability shift in the U.S. has accelerated the distribution of NFC and contact acceptance devices. In general, chip technology is evolving faster than ever. Not only is the volume of available chips growing, but the capabilities of those chips are getting more robust and more cost effective.
Large financial institutions are becoming surprisingly nimble with regard to mobile payments. They are leveraging existing consumer contact points, like mobile banking, to enable payments. The use of tokenized payment credentials will undoubtedly continue to grow. Aside from all the technology and product advancements, perhaps the most important trend is increased consumer adoption. Consumer knowledge about mobile payment functionality and security continues to grow.
What things must you overcome to leverage those trends?
A recurring challenge is the lack of industry cohesion, which makes the business case for mobile payments murky. For chip-based mobile payments it means tight control of critical components in the mobile payments ecosystem pushes a big chunk of value to new/different players. The traditional value recipients are left scrambling. First Data’s position as an issuer processor and as a payments processor will allow us to help reduce some of those economic complexities for its customers.
On the issuing side, First Data created a method for separating the financial account number from the payment account number in 2002; a precursor to the common tokenization term used today. TransArmor was introduced in 2010 to secure the merchant side of transaction data with encryption and tokenization. Industry and consumer expectations are growing around payment security. Perfect execution around security will be a must. The company will leverage its expertise in tokenization and encryption to ensure chip-based payments, whether they are initiated by plastic or mobile device, are incredibly reliable and secure.
Visit First Data at www.firstdata.com
Welcome New Members
- Athena – SCS Limited, Latin American Leadership Council
- Banco Central de Costa Rica, Latin America Associate
- NextGen ID, Inc., General
- Quadagno & Associates, Associate
- SPARC Security Solutions, General
- Tri County Metropolitan Transportation District of Oregon, Government
New CSCIP/Payments Recipients
- Laura Brandenburg, TSYS*
- Julie Minkanic, TSYS*
- Janet Nash, TSYS*
- Rodger Ransom, TSYS*
- VJ Roberts, TSYS*
- Jason Sheppard, TSYS*
- Roberto Cardenas, TSYS Acquiring Solutions*
- John Flood, TSYS Acquiring Solutions*
- Katherine Heck, TSYS Acquiring Solutions*
- Tucker Neely, TSYS Acquiring Solutions*
- Milind Bengeri, Discover Financial Services
- Sam Boutros, ACI Worldwide
- Rich Goodwin, LTK Engineering Services
- Antoine Kelman, OberthurTechnologies
- Patrick Marron, LTK Engineering Services
- Tony Sabetti, Softcard
- Terry Schindler, Q-Card Company
*Denotes corporate training class recipients
New CSEIP Recipients
- Mark Dale, XTec, Incorporated
- Ray Dickler, eMentum
- Derek Greenland, AMAG Technology, Inc.
- Matt Greer, Orion Management
- Mala Grover, Digitronics, Inc.
- Nathan Hott, Genesis Security Systems, LLC
- Joseph Verdi, Security & Energy Technology Corporation
- Joshua Wernick, Kratos Public Safety and Security
Councils have been active in completing in-process projects, planning new activities for 2015 and developing industry outreach efforts.
- The Access Control Council will be publishing the guide specification for architects and engineers for smart card-based PACS cards and readers later this month. The Council is also holding a full-day pre-conference workshop at ISC West on April 14
- The Health and Human Services Council is working on a patient identity brief and submitting speaking proposals to healthcare industry conferences
- The Identity Council has launched a new white paper project on the FIDO protocols and smart card technology
- The Mobile and NFC Council is currently developing plans for 2015 activities
- The Payments Council will be publishing a white paper on the true cost of data breaches later in March. The Council is also planning its 2015 activities
- The Transportation Council is planning a two-day Council meeting on June 9-10, 2015, at the Walter E. Washington Convention Center in Washington, DC, concurrent with the Smart Card Alliance Government Conference
Council participation is open to all Smart Card Alliance members; to participate, contact Cathy Medich.
Workshop Scheduled at ISC West
A day-long workshop designed specifically for systems integrators, corporate CIOs, CSOs, security directors, IT directors, and system manufacturers will be held at ISC West in Las Vegas on April 14. Developed by the Smart Card Alliance Access Control Council, the workshop will provide practical guidance for organizations looking to understand how PACS architectures are changing and how to implement standards-based credentials based on smart card technology for high assurance identity verification. Learn more about the day’s agenda and registration information.
2015 Government Conference
The 14th Annual Government Conference will now be held in the spring in Washington, DC! Register today and take advantage of discounted fees for the event, which is scheduled for June 9-10, 2015 at the Walter E. Washington Convention Center. The CSCIP/Government training and exam preparation course will also be held during the conference; sign up and reserve your spot today.
Upcoming CSEIP Training
Two CSEIP training sessions have been scheduled for March 24-27 in Gaitherburg, MD, and April 7-9 at the Courtyard Marriott Dallas DFW Airport North in Grapevine, TX. This GSA-approved training program will provides certification required for E-PACS engineers employed by commercial organizations that are looking to bid on GSA procurement agreements for access control systems. Classes fill up quickly so register now if you’re planning on taking the class; the website lists other dates and locations of the training.