News : Newsletters : Alliance Member Bulletin : October 2019

Executive Director Message

The Scary World of Petroleum

For the retail petroleum industry, the clock is ticking down to zero for being enabled for EMV at the pump.  It’s been more than seven years of petroleum retailers preparing for EMV, spending countless millions of dollars on development, testing, and installation of EMV readers, payments servers, and front court controllers. And now they are within one year of the date (October 2020) when the fraud liability shift will take effect at those outlets still using magnetic stripe readers instead of EMV chip readers.

This date has major ramifications for everyone involved in retail gasoline sales, including the major petroleum brands, the POS system vendors, the pump manufacturers, and the payments acquirers.   EMV at the pump has proven to be a vexing problem for the retail petroleum industry.  Lack of available hardware and software, complex testing and certification challenges, a shortage of trained and licensed installers, and inadequate education about the risks of not properly planning for EMV have contributed to a potential Halloween fright fest next year.

Consumers are already feeling the impact.  Criminal gangs are ramping up their activity to steal credit cards data using skimming devices at pumps so they can make as much money as they can before the swipe readers are replaced with more secure chip readers.  Data shows that when a gas customer gets their card skimmed, they blame the gas retailer. They then start paying inside the store, or switch to cash, or take their business to the other nearby superstations.   All of these choices are bad for business, and soon the local operator will be on the hook for bank chargebacks too.

The petroleum industry was given an extra three years from their original fraud liability shift date of 2017, which was already two years more than other retailers received. Yet with 120,000 retail stores in the U.S. and most of them (about two-thirds) single store operators and not chains, Linda Toth, director of standards for Conexxus, a C-store and petroleum industry standards organization, remarked in a recent C-store publication that 58% of petroleum retailers who have yet to upgrade believe they won’t make the liability shift deadline, and 25% of those said they have no idea when they’ll upgrade.  While that’s a frightening statistic, members of the Secure Technology alliance and the U.S. Payments Forum are working hard to assist the petroleum industry to increase the percentage of EMV-enabled pumps by October 2020.


2019 Honor Roll

The Secure Technology Alliance announced the 2019 Honor Roll members, recognizing the top individual contributors to Alliance activities and projects this year.

The 2019 Honor Roll included a total of 77 industry professionals, and was compiled based on council leadership, project leadership, and project participation from July 2018 to June 2019.

The top contributors on the honor roll for each industry council are:

  • Access Control Council. Chair Clay Estes, HID Global; Chair Adam Shane, LEIDOS; and top contributors Mark Dale, XTec, Inc.; Lars Suneborn, ID Technology Partners; and William Windsor, Department of Homeland Security
  • Identity Council. Chair Tom Lockwood, NextgenID, Inc.; and top contributors David Coley, Intercede; John Fessler, Exponent, Inc.; and David Kelts, GET Group North America
  • Internet of Things Security Council. Chair Sri Ramachandran, G+D Mobile Security; and top contributors Sandy Carielli, Entrust Datacard; Josh Jabs, Entrust Datacard; Andrew Jamieson, Underwriters Laboratories (UL); and John Neal, NXP Semiconductors
  • Mobile Council. Co-chairs Sadiq Mohammed, Mastercard; and Sridher Swaminathan, First Data, now Fiserv; and top contributors David Dekozan, Cubic Transportation Systems, Inc.; Jako Fritz, UL; and David Worthington, Rambus
  • Payments Council. Chair Oliver Manahan, Infineon Technologies; and top contributors Jose Correa, NXP Semiconductors; Gerry Glindro, IDEMIA; and Nick Pisarev, G+D Mobile Security
  • Transportation Council. Chair Jerry Kane, Southeastern Pennsylvania Transportation Authority (SEPTA); and top contributors Mike Dinning, U.S. Department of Transportation/Volpe Center; Jennifer Dogin, Mastercard; Amy Linden, Metropolitan Transportation Authority; Tina Morch-Pierre, Dallas Area Rapid Transit; Nick Pisarev, G+D Mobile Security; and David Weir, Metropolitan Transportation Commission

The full 2019 Honor Roll is available on the Alliance web site.


2019 Center of Excellence

The Secure Technology Alliance announced the organizations receiving the 2019 Secure Technology Alliance Center of Excellence (COE) designation. This program recognizes an elite mix of member organizations who, each year, reach the highest level of active participation in the Alliance by having made outstanding contributions in the form of organization-wide leadership of time, talent and resources across a wide mix of Alliance activities.

The 13 member companies that have been awarded the Center of Excellence recognition for 2019 are: American Express; CPI Card Group; Cubic Transportation Systems, Inc.; Department of Homeland Security; Discover Financial Services; First Data, now Fiserv; G+D Mobile Security; Gemalto, a Thales Company; IDEMIA; Infineon Technologies; Mastercard; UL and Visa.


Council Highlights

  • Council projects. A summary of all active Council projects is posted on the Secure Technology Alliance members-only site.
  • The Access Control Council is working on a new white paper on temporary identity credentials for Federal agencies.
  • The Identity Council mDL project team is continuing work on the mobile driver’s license (mDL) overview white paper.
  • The Payments Council currently has three active white paper projects: dynamic security code cards; wearables; and electric vehicle charging open payments framework.
  • The Transportation Council is continuing work on a vision document on payments integration for Mobility as a Service (MaaS) initiatives.

If you would like to participate in a Secure Technology Alliance Council, please contact Devon Rohrer, [email protected].  The full list of active Council projects is available on the Alliance members-only site.


New Forum Resources

The U.S. Payments Forum publishes industry resources that are of interest to Alliance members.

The Forum hosted a well-attended webinar, Contactless POS Experience Best Practices, on October 8th.  The webinar discussed best practices for consumer communications at the POS, consumer transaction prompting and flow, and cashier training.  Speakers included:  Berke Baydu, Mastercard; TJ Considine, Visa; Randy Vanderhoof, U.S. Payments Forum.  The webinar recording is available on the Forum web site.

The Forum Mobile and Contactless Payments Working Committee published a new white paper, How Emerging Data Elements Can Support Mobile Wallet Use Cases.  The white paper provides an educational resource on the emerging data elements – Wallet ID (WID), Token Requester ID (TRID) and Payment Account Reference (PAR) – and outlines their use in face-to-face transactions

The Forum Testing and Certification Working Committee published a new white paper, Options for Reducing Level 3 EMV Certification Time for Retailer Systems using Electronic Payment Servers.  The white paper discusses solutions to help reduce the implementation time and effort required for the automatic fuel dispenser (AFD) community to meet the October 2020 fraud liability shift deadline. It documents the “Redundancy Reduction Approach (RRA)” – an approach that may reduce the number of formal Level 3 (L3) certifications required, reduce time lags when a solution is being certified, and reduce wait time between submission, review and response.

The full list of active U.S. Payments Forum projects is available on the Alliance members-only site.


Have You Registered for the 2020 Payments Summit Yet?

We invite you to join us Feb. 24-27, 2020, at the Salt Lake Marriott Downtown at City Creek, Salt Lake City, UT. If you’ve not already done so, take a minute to mark your calendar for the 2020 Payments Summit and register today! The summit will again be held jointly with U.S. Payments Forum Member Meeting, so count on plenty of sessions and networking to go along with a terrific U.S. Payments Forum agenda. The end of February is also when skiing conditions in the surrounding Wasatch Mountains are at their prime; enjoy outdoor activities beforehand. We look forward to seeing you; the Summit is one of the only events that provides practical, actionable business and technical information that can be used to develop strategies and plans for implementing trending or new payments technologies.


Congratulations New Certificants

CSEIP

  • Joe Barbone, RedTop Group
  • Joseph Stinnett, Johnson Controls 

CSEIP Recertificants

  • Martin Hoffman, Johnson Controls
  • David Miller, Business Integra
  • Douglas Oelberg, Department of Homeland Security/Headquarters
  • William Windsor, Department of the Treasury

Upcoming Training and Exam Dates

Unless noted otherwise, CSCIP and CSEIP trainings will be held at The Training Center at Identification Technology Partners, Inc., 12 S Summit Ave #110, Gaithersburg, MD 20877.

CSCIP/G Training and Exam

  • Oct. 30-31, 2019

CSCIP Training and Exam

  • Nov. 7-9, 2019

CSEIP Training and Exam

  • Nov. 19-21, 2019

CSEIP Recertification Exam

Recertification extends the value of the CSEIP certification by demonstrating that the CSEIP certificant is current with new requirements and refreshes knowledge of the original information. This live, online, instructor-led review course is four hours, from 11 a.m. ET – 3 p.m. ET. The hour-long exam follows, from 3 p.m. – 4 p.m.

Upcoming recertification dates:

  • Nov. 15, 2019
  • Dec. 13, 2019

Follow the Alliance on Social Media

The Secure Technology Alliance has enhanced its presence on social media with robust platforms on Twitter and LinkedIn.  Here are some ways you can interact with the organization:

The Secure Technology Alliance is Hiring

X