October 2018 Monthly Member Bulletin

• From the Executive Director
• Council Highlights
• Transit Payments Workshop
• New Forum Resources
• Alliance and Social Media
• Congratulations New Certificants
• Registration – Digital Identity Event

---

Executive Director’s Corner

Is the Contactless Payments Surge Here Yet?

Contactless cards and contactless in-store payments are coming, right?  I’m not the only one raising this question in the payments industry circles where I spend my time.  It seems like everyone says it is coming; still I’m waiting.  It’s like when my favorite team is ahead by a touchdown with two minutes remaining, but I keep nervously watching the clock and reserving the sweet feeling of victory until I see the count down to zero.

I keep hearing that plans that are in the works at several major bank card issuers to begin rolling out dual-interface EMV chip cards with contactless capabilities – but where are the cards? There has been an uptick in advertisements on television from Visa and Mastercard featuring the fast, easy consumer check-out experience at a variety of merchants – from coffee shops to flea markets to sporting events – but there have been no major banks making announcements yet about when those cards are coming.

My personal and professional experience with anticipating when the next big industry-shifting payments change will happen has often been met with disappointment in the pace that the change actually occurs in a meaningful way.  I only have to think back to the end of 2014, when the EMV fraud liability shift date was less than one year away and the number of EMV cards in market were estimated at only 120 million cards issued, not meeting the much higher industry expectations.  But by the end of 2015 and just after the fraud liability date passed in October, that number climbed to more than 600 million, a 500% increase.

An important factor to consider about contactless card issuance is that many of the 120 million EMV cards issued by 2014 had four year expiration dates, which means those cards are due to be replaced this year.  100 million or so dual dual-interface cards issued in 2018 won’t create that much of a noticeable impact on consumers, but you can expect that next year, when that number could potentially reach 600 million cards, the real impact will be felt.

So I will be nervously watching the calendar and counting down the months, which is the speed of time in payments, until the time that people will be tapping more than inserting their cards at their favorite coffee shop, flea market, or sporting event.

---

Council Highlights

• Council projects. A summary of all active Council projects is posted on the Secure Technology Alliance members-only site
• The Access Control Council has two active projects: completing the enterprise PACS playbook and developing guidance to compliment the NIST SP 800-116 v2 publication
• The Identity Council continues work on the mobile identity landscape white paper and has additional webinars planned to review use cases and implementation considerations
• The IoT Security Council hosted a successful webinar, IoT Security: Mitigating Security Risks in Secure Connected Environments, on Thurs., Oct. 11. The webinar discussed the risks and risk mitigation approaches for IoT applications and specific vertical market use cases.  Speakers included:  Steve Hanna, Infineon Technologies; Josh Jabs, Entrust Datacard; John Neal, NXP Semiconductors; Sri Ramachandran, G+D Mobile Security; Randy Vanderhoof, Secure Technology Alliance.  The Council has also elected its first chair, Sri Ramachandran, G+D Mobile Security
• The Mobile Council held its first interactive web briefing to provide members with up-to-date education. The briefing, “Biometrics on Mobile Devices,” was presented by Andrew Jamieson, UL.  The second briefing, “Tokenization,” will be presented by David Worthington, Rambus, on Wed., Oct. 17^th at 1pm ET/10am PT.  The briefings are open to all Alliance members and recordings are posted on the Mobile Council’s members-only collaboration site. Please contact Cathy Medich, [email protected] if you would like additional information
• The Payments Council is working on a new white paper on biometric payment cards to provide a high-level description of biometric payment cards to educate issuers on functionality and benefits
• The Transportation Council has partnered with the U.S. Payments Forum’s Transit Contactless Open Payments Working Committee to develop the full-day Transit Payments Workshop, on Nov. 5^th, in Oak Brook, IL. The Council is currently working on one project: multimodal payments convergence white paper, part 2
• All councils elect new Steering Committees and officers every two years. Nominations for Steering Committee seats will be open in November, with elections held in December.  If you would like to be more active in driving the Alliance industry council strategies and activities, please consider nominating yourself or someone from your organization

If you would like to participate in a Secure Technology Alliance Council, please contact Devon Rohrer, [email protected]

---

Transit Payments Workshop

The Secure Technology Alliance and U.S. Payments Forum are hosting a full-day Transit Payments Workshop, on Nov. 5^th, in Oak Brook, IL.  The workshop will cover the Technical Framework for Transit Open Payments developed by the Forum’s Transit Contactless Open Payments Working Committee, transit agency perspectives on future acceptance technologies, and the latest developments in mobile ticketing and multimodal payments convergence.

Registration for the workshop is available at on the Forum meeting registration site.  There is no fee to attend the workshop.

The workshop is open to all Alliance and Forum members; one representative from non-member transit agencies, issuers and merchants are invited to attend at no charge.  Workshop attendees and speakers are also invited to extend their stay and attend the U.S. Payments Forum member meeting on Nov. 6-7 at the same location.

---

New Forum Resource: Transit Contactless Open Payments: Technical Solution for Pay As You Go

The Forum’s Transit Contactless Open Payments Working Committee published a major update to the technical framework for transit acceptance of contactless open payments, Transit Contactless Open Payments: Technical Solution for Pay As You Go.

The updated white paper identifies and provides guidance for technical solutions that could be used to implement contactless open payments in transit for two use cases: Use Case 1 – Pay As You Go/Card and Use Case 2 – Pay As You Go/Mobile Device.  Additional use cases based on other scenarios outlined in the white paper are expected to be addressed by the Working Committee in future projects.

Transportation Council members are welcome to participate as guests in the Forum’s Working Committee. Please contact Devon Rohrer, [email protected], if you’d like to join the group.

---

New Forum Resource: Canadian Card Technical Acceptance White Paper

The U.S. Payments Forum published a new white paper, Canadian Card Technical Acceptance, to provide guidance and clarification to merchants, acquirers, point-of-sale (POS) terminal vendors and POS solution integrators on application selection logic used by U.S. POS terminals to avoid certain interoperability issues when processing Canadian cards. This guidance was developed to help prevent transaction processing issues due to incorrect AID selection for Canadian cards resulting in failed transactions.

---

Follow the Alliance on Social Media

The Secure Technology Alliance has enhanced its presence on social media with robust platforms on Twitter and LinkedIn.  Here are some ways you can interact with the organization:

• Follow us on Twitter: @SecureTechOrg
• Connect with us on LinkedIn: https://www.linkedin.com/company/secure-technology-alliance
• Engage across platforms to help share news, insights and resources by liking and retweeting or sharing our posts
• Share our pages with colleagues

---

Welcome New Member

• scDataCom LLC

Congratulations New Recipients

CSCIP/G

• Paul Arsenault, Department of Homeland Security*
• Robert Mayes, Department of Homeland Security*
• David Walker, Department of Homeland Security*

CSCIP/P

• Gerry Glindro, IDEMIA
• Michael Johnson, LTK Engineering Services
• Kin Mak, IDEMIA
• Oscar Ortega, IDEMIA
• Artur Russ, IDEMIA
• Jim Sanchez, IDEMIA
• Shereena Sherafudeen, IDEMIA

CSEIP

• Gordon McGlone, Department of Homeland Security

*Denotes corporate exam. For more information, contact Randy Vanderhoof

---

Training, Exam, and Recertification Dates

CSEIP Training/Exam

• Oct. 23-25, National Center for Advanced Payments and Security
• Nov. 27-29, National Center for Advanced Payments and Security
• Dec. 11-13, National Center for Advanced Payments and Security

CSEIP Recertification

The online instructor-led review course is four hours, from 11 AM ET – 3 PM ET. The hour-long exam follows from 3 PM ET to 4 PM ET. Here are the dates for the remainder of the year:

• October 18
• November 15
• December 6

---

Don’t Miss Event: Securing Digital ID 2018 Conference

“Securing Digital ID 2018,” a new event from the Alliance, is scheduled for Dec. 4-5 in Alexandria, VA, just outside of Washington, DC. Make sure you’ve registered for this timely event.

The meeting will feature presentations and panel discussions on digital identity solutions and authentication technologies, business challenges balancing security and convenience, policies that help guide common practice, and interoperability standards. There will also be opportunities to network with security experts and cybersecurity integrators already using smart identity security solutions.

Register, and make your travel plans today to ensure your spot.