March 2016 Monthly Member Bulletin
Executive Director’s Corner
Dear Members of the Smart Card Alliance,
We’re less than one month away from our 2016 Payments Summit scheduled for April 4-7th, which for the first time is being held outside of Salt Lake City and moving to Orlando, FL. What makes this particularly important is that we are approaching a critical time for many issuers, merchants, processors and providers of EMV hardware and software to assess the impact of the recent EMV fraud liability shift. It’s time to see how their planning or lack of planning leading up to the October 2015 liability shift and their results in the months immediately after the liability shift have impacted their businesses. It’s been a long journey for the complex U.S. payments ecosystem as it worked out all of the obstacles to getting chip cards and readers in place and operational and educated consumers about their use. It is also time to look forward, beyond the focus on EMV, for what lies ahead in payments. The Payments Summit provides the opportunity to hear about where we are and where we are heading. It will offer a look into the future of payments beyond EMV, with featured content on the next generation in transportation payments, mobile payments, and FinTech.
At the recent EMV Migration Forum quarterly meeting in La Jolla, CA, we heard a mix of positive news and some concerns about the current market conditions nearly six months after the October 2015 liability shift. On the positive side, card issuance continues to climb and the U.S. now has the largest number of EMV chip cards issued in any country in the world. Chip debit card issuance, which got off to a slow start, is growing and the cross-border use of chip cards is nearly 50 percent. The merchant acceptance numbers are climbing, and many national brands who put off enabling their systems until after the holiday rush are coming online. It was reported that over one million merchant locations are accepting chip cards now and that rate has been increasing around 10 percent each month. ATMs are also accepting EMV transactions in increasing numbers, and Square recently started shipping backordered chip readers to over 350,000 micro-merchants.
For those merchants who were unable or chose not to enable their stores for EMV prior to the October liability shift date, the impact the fraud liability shift is having on them is the most troubling news we heard at the recent gathering of 300 Forum members. There have been numerous reports of a significant increase in chargebacks that are taking place between financial institutions and retailers. Determining the root causes of these chargebacks requires much deeper analysis. It is certainly true that banks with chip cards in the market are exercising their rights under the liability shift rules to chargeback counterfeit fraud to merchants who are not EMV enabled; yet merchants who have enabled their stores for EMV are seeing increased chargebacks as well.
Part of the challenge is in training and developing better chargeback verification tools so both merchants and issuers can determine legitimate chargebacks from inaccurate chargebacks, such as when data elements in the transactions contain bad records which lead to suspect risk management decisions. Issuers went on to explain that while much of the chargeback volume may be new to merchants, fraud had always existed but had been absorbed by the banks so the merchant never saw the chargebacks. Issuers have also reported seeing overall counterfeit fraud rates on the rise, because fraudsters know that stolen card data has a much shorter shelf life as the market moves to EMV. Merchants who never were targets of fraud in the past are starting to see more fraud activity while other merchants who have protected themselves with EMV have had their fraud rates decline. However, even merchants who are EMV-enabled are not satisfied with the chargeback process.
Unfortunately, until more merchants get their systems EMV-enabled, and until the systems in place to manage chargebacks are clearly understood and best practices better defined, there are going to be a lot more complaints about how fraud risk is being distributed. What has become clear is that there is a lot of work remaining for the U.S. market, and fortunately, the Smart Card Alliance and the EMV Migration Forum are needed more than ever to bring the right parties together.
Somewhat lost in all the focus on EMV are the important developments happening in the mobile wallet front. Now that we have Apple Pay, Samsung Pay, and Android Pay spreading their payments services across a widening array of mobile devices, hundreds of financial institutions and more than a million merchant acceptance locations in place, we are awaiting news on further entrants into the mobile wallet space.
Soon, we will have new entrants into the mobile wallet space with be the likes of Chase Pay, CurrentC, Walmart Pay and new PayPal joining the market to further engage the mobile consumer with options for how they transact payments using mobile devices that go beyond the insertion or tapping of EMV chip cards. In parallel, major transit agencies are embracing mobile ticketing options that blend together the mobile wallet experience with apps designed to provide real-time information and ticketless and cardless access to buses, subways, and trains. Major transit operators in places like Chicago, Dallas, Washington DC, New York City, New Jersey, and Philadelphia have active mobile ticketing projects underway.
There is a lot to cover across the payments landscape and the 2016 Payments Summit next month will be the place to learn about it all – the current state of the market and future of payments beyond EMV. I hope everyone will have an opportunity to be there. Bring your sunscreen, leave your ski equipment at home, and join in what will be an educational and lively event.
In the Spotlight
A 2015 Smart Card Alliance Company of Excellence (COE) recipient, Consult Hyperion helps clients bridge the gap between business and technology by providing practical and impartial advice at all stages in a project life cycle, from the conceptual phase through to completion. Clients range from global payment brands to national governments, regulators, financial institutions, telecoms operators, NGOs and their suppliers, across the globe, and choose the company for their combination of domain knowledge, practical experience, innovative thinking, in-house specialist development skills and value for money.
Please describe your company’s business profile and its offerings
Consult Hyperion, with 30 years experience, are recognized thought leaders in the field of secure Digital Financial Services (DFS) with a strong record of delivering high value projects to blue chip clients around the world. Our clients range from global payment brands to national governments, regulators, financial institutions, telecoms operators, NGOs and their suppliers, across the globe. The products and services we have delivered are used by hundreds of millions of people across every continent, every day.
What role does smart card technology play in your business?
Consult Hyperion are experts in every step of the retail payments value chain, from authentication, access control and networks, to transactional systems, clearing and settlement, scheme and regulatory compliance and emerging trends at the Point of Sale. Our consultants are currently:
- Writing technical and security specifications to support the operation of payment card and mobile payment applications around the world
- Designing and testing innovative customer identification processes at the POS, using biometrics, mobile phones, mPOS and tablets
- Supporting the implementation of national identity systems and their integration into national and local transport ticketing services
- Defining new methods of Automatic Fare Collection systems for operators of city and country wide public transport networks
- Using global best practice to design and deliver low cost closed loop payment services designed for use in the refugee camps of Northern Syria;
- Working with the International Governments to design innovative solutions for customer registration and authentication (CDD/KYC) and transaction monitoring (AML) in Somalia, an environment with limited regulatory supervision and limited identity documentation
What trends do you see developing in your market?
In all cases Consult Hyperion supports the deployment of practical solutions using the most appropriate technologies (Mobile technology, NFC, Tokenization, RFID, Barcodes and Biometrics)centered on our deep knowledge of smartcards and smart systems. We have designed operating systems; defined cryptographic services and authored smartcard applications to secure the world’s leading retail and mobile payment services; developing our own in-house test laboratory and test tools to support the design and functional testing of the applications we develop.
Consult Hyperion has a tradition of excellence with client relationships that date back well over a decade. Clients value us as a trusted partner, who provides them with access to a cross section of globally recognized experts knowledgeable in the regulatory, commercial and technical aspects of Digital Financial Services and how these change across the world. Our consultants are recognized thought leaders which our clients find them both challenging and stimulating, recognizing at all times that they are able to learn from them and work with them to deliver innovative market leading services.
All Consult Hyperion consultants are strategic thinkers, ideally placed to help our clients develop a shared narrative and vision. Their practical experience developing roadmaps, working through scenario planning, evaluating new technologies, designing and delivering new systems and processes provides our clients with an appropriate toolkit to develop their product or service strategy. Their knowledge, gained from delivering systems in every continent apart from Antarctica, ensures that all services they are associated with make extensive use of global best practice with respect to the management of personal information and the security of the data stored within the system.
What things must you overcome to leverage those trends?
The overwhelming trend Consult Hyperion is experiencing is the migration of the payment card from the “Front of the Wallet” to the “Back of the Mobile Application”. Mobile phones offer a low cost route to market for financial services, whilst providing the account holder with more information and a better experience at the point of service. However the traditional EMV value chains and business opportunities are now under threat and the winners will be those organizations who understand and take advantage of the opportunities presented by such change. Experience suggests that the most successful organizations will have worked with a respected consultancy which understands how to exploit technological change to the benefit of their clients. If you would like to be one of them, please get in touch via [email protected].
Learn more by visiting http://www.chyp.com
Councils completed two white papers, submitted industry comments to NIST, and elected new Council officers. The Councils also completed their 2016 plans and now have nine projects in process.
- The Access Control Council submitted comments on the NIST SP 800-116 Rev. 1 Draft A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
- The Health and Human Services Council published a new white paper, Healthcare Identity Authentication and Payments Convergence: A Vision for the Healthcare Industry. The white paper outlines a vision for convergence and provides insight into the opportunities and challenges afforded to the healthcare community as the U.S. migrates to EMV. The Council is currently working on an infographic on the future of healthcare identity management
- The Identity Council elected a new chair, Frazier Evans from Booz Allen Hamilton, and is working on a white paper on the FIDO protocol and smart card technology
- The Mobile and NFC Council is working on a newwhite paper on mobile authentication of identity and the use of the authenticated identity in applications
- The Payments Council is working on three white papers: use cases for the EMVCo Payment Account Reference (PAR); blockchain and smart card technology; and contactless 2.0 value propositions for issuers and merchants. Council members will also be presenting in the Payments Summit pre-conference workshop, The Changing Payments Landscape in the U.S.: Strategic Considerations for Issuers and Merchants, on April 4th, in Orlando
- The Transportation Council has elected a new tolling vice chair, Carol Kuester from the Metropolitan Transportation Commission (MTC) and Bay Area Toll Authority (BATA) in the San Francisco Bay Area. The Council also completed the white paper, Reference Enterprise Architecture for Transit Open Payment System. This white paper describes a framework for specifying, developing, integrating and managing the lifecycle and evolution of transit open payment systems. The Council is currently working on two white papers: multimodal payments convergence and an update to the EMV and parking white paper published in 2015
If you would like to participate in a Smart Card Alliance Council, please contact Mike Strock, [email protected].
New EMV Resources
The EMV Migration Forum and Smart Card Alliance recently completed three EMV resources. These EMV resources are available on the EMV Connection web site and the Smart Card Alliance web site.
- The EMV Migration Forum published the new white paper, PIN Bypass in the U.S. Market. The white paper provides provide an educational resource on the EMV function of PIN Entry Bypass, how it can be implemented in the U.S. market, other actions that may process transactions allowing selection of cardholder verification method, and how those actions differ from PIN Entry Bypass. The white paper is available on EMV Connection web site.
- The Smart Card Alliance Health and Human Services Council published the new white paper, Healthcare Identity Authentication and Payments Convergence: A Vision for the Healthcare Industry. The white paper describes four scenarios for convergence of healthcare identity authentication and payments, with each discussing integration requirements and benefits and risks of the approach. The white paper is available on the Smart Card Alliance web site.
New Log-In for Member Resources
Did you know that the member resource of the Smart Card Alliance section was recently updated? If you already have a unique user name and password, and your company is an active, paid member of the Alliance, you needn’t change anything. Not sure if your company is active? Click here to find out. If you did not recently update your information, here’s how to do so:
- Enter your email address using your company’s extension/domain
- Select a password
- Click submit
- Go to your email client and look for an message sent to the email address provided with the subject line “Smart Card Alliance Member Site: Confirm Your Email” from [email protected]
- Click the link in the email to complete the registration
Registration Reminder – Payments Summit
If you haven’t yet registered for the Smart Card Alliance Payments Summit scheduled for April 4-7, 2016, at the Loews Royal Pacific in Orlando, Florida, make it a priority today! The event, co-located for the first time with the International Card Manufacturers Association (ICMA), will provide attendees with more workshops and sessions and the opportunity to meet new contacts. This is a not-to-be-missed event that will give attendees a broader perspective from the core manufacturing and personalization of a card to the rapid evolution in secure payments.
Save the Date for Security of Things (SoT) Conference
Details are forthcoming, but mark your calendar to attend a two day conference at the Hilton Rosemont Chicago O’Hare Hotel in Chicago Oct. 18-19, 2016 on the Security of Things. Registration information will be available later, so look for more information on this exciting new meeting.
Upcoming CSEIP Training
Two training sessions for the CSEIP course have been scheduled for the end of this month and in April at the new National Center for Advanced Payments and Identity Security in Crystal City, just outside of Washington D.C, located at 2900 Crystal Drive, Arlington, VA. The training dates are March 29-31 and April 26-28. Classes fill up quickly so register now to reserve your spot.
Welcome New Member
- EXP-Electronic Payment Exchange
- Mario Egoavil, PS2U, CSCIP recipient
- Medge Canseco, Secure Mission Solutions, Inc., CSCIP/G recipient
- Jose M. Arroyo, ICC Solutions Limited, CSCIP/P recipient
- Devesh Pandit, E4 Security Consulting, LLC, CSCIP/P recipient