September 2015 Monthly Member Bulletin
- Executive Director’s Corner
- In the Spotlight – CPI Card Group
- Council Highlights
- Welcome New Member
- CSEIP Recipients
- Council Recognition
- NFC Solutions Summit
Executive Director’s Corner
Dear Members of the Smart Card Alliance,
What does going to the doctor have in common with EMV? If your answer is EMV can be a direct cause for needing a doctor, then you must be a payments professional like me. Actually, there is another connection between seeing a doctor and EMV that doesn’t involve your health. It has to do with doctors and most other healthcare services providers such as hospitals, pharmacies, and medical equipment supply stores who are also merchants and who will be affected by the October liability shift. In healthcare, providers and health systems need to consider how chip technology can impact their business. Migrating to chip is a choice, not a mandate, so to make an informed decision they need to understand what chip technology is, how the fraud liability shift will impact them, and how to prepare to migrate to chip once they’ve made that decision. The Smart Card Alliance released a new white paper this month called EMV 101 for the Healthcare Industry that will benefit the healthcare segment and help them understand how to prepare.
Patients who visit their doctor often have a co-payment, and if they receive medicine or supplies at a medical facility, they have to pay some portion of it. The growth of high deductible healthcare plans has led to increases in the amount consumers pay for services and the need for providers to be consumer-focused beyond delivering superior patient care. Superior care must be extended to patient payments, as well as the patient’s health needs.
The fraud liability shift scheduled to occur in October 2015 represents a major change for U.S. businesses. The liability for counterfeit card-present credit or debit card fraud will be borne by whichever party does not support EMV chip card transactions. That means that doctor’s offices, walk-in clinics, and medical supply stores will have the same risks that retail stores have if they have not upgraded their payments acceptance systems for EMV.
Many healthcare providers have recently invested in new computer systems to manage their electronic health records and the new mandatory treatment codes. The payments acceptance component of these networks are often semi-integrated or fully integrated into the software in ways that will add complexity for them to change out the readers to accept EMV chip cards after the October liability shift, so careful planning and preparation are critical.
However, there is a much bigger opportunity that can come from healthcare providers investing in chip-enabled payments terminals. This relates to verifying patient identity, fighting insurance fraud, and securing sensitive patient files to prevent data breaches. Just in the klast couple of weeks, another insurance provider, Excellus BlueCross and BlueShield in New York, revealed a breach that may have affected 10 million people, the third largest data breach on record, behind the Anthem breach (80 million) and Prenera (11 million). A recent KPMG survey estimates that 81% of healthcare companies have been hacked at least once, with many of them unaware of it. Stolen personal health information is the new currency being traded on the web black market, much like the credit card data from retailer breaches that are sold to criminals to make fake credit cards.
What has prevented a more aggressive response by government regulators, insurance companies, and healthcare security vendors is the lack of infrastructure for strong authentication. Smart cards could provide strong two factor authentication that would make it harder for hackers to use stolen user names and passwords to access critical systems, and stop people from duplicating paper or plastic patient identification cards to steal healthcare services.
Soon, hundreds of thousands of doctors’ offices and hospitals will choose to add chip readers to accept EMV-enabled payment cards. With some advanced planning and communications with their IT vendors and payments partners, these devices could also be used as patient identity verification terminals and protect the data through the system. It would not only make healthcare more secure, but it would add immeasurable healthcare data management process efficiencies and reduce the cost and time for filing claims for reimbursement for treatment.
Over the next five years, this convergence of payments security and healthcare identity management security can be accelerated beyond anyone’s prior expectations if stakeholders are smart and leverage the investment they are making. The smart card-enabled infrastructure will reduce payments and health identity fraud, streamline processing and claims management, and make healthcare safer for everyone.
Thank you for support of the Smart Card Alliance.
Sincerely,
Randy Vanderhoof
Executive Director, Smart Card Alliance
In The Spotlight
CPI Card Group
A 2014 Smart Card Alliance Company of Excellence (COE) recipient, CPI Card Group is a global leader in financial card production and related services under the VISA, MasterCard, American Express and Discover payment brands. The company offers a single source for cards and other form factors, from financial and prepaid debit to EMV chip and mobile, instant issuance, and personalization and fulfillment services. With over 20 years of experience in the payments market and as a trusted partner to financial institutions, CPI Card Group’s solid reputation of product consistency, quality and outstanding customer service supports their position as a leader in the market.
Please describe your company’s business profile and its offerings
CPI is a leading provider of comprehensive financial payment card solutions in North America and serves a diverse set of over 4,000 direct and indirect customers, including many of the largest North American issuers of debit and credit cards, the largest global managers of prepaid debit card programs, and thousands of independent community banks, credit unions, group service providers and card processors.
We continue to develop our existing capabilities and introduce new technologies to provide integrated solutions that are relevant to our customers and keep pace with developments in the market.
What role does smart card technology play in your business?
We have made significant investments during the last three years to support our customers in the U.S. market migration to EMV. We have invested in our physical infrastructure and equipment platform including opening a dedicated EMV technology center in Colorado for EMV production and personalization, and significant information technology, human capital and equipment upgrades across our network of facilities. We have grown our business significantly over the past decade, both organically and through market relevant acquisitions, increasing our geographic and market coverage, solutions offerings, and capacity.
A recent acquisition in 2014 was that of EFT Source, a recognized leader in the financial technology industry, and was named American Banker and BAI’s FinTech Forward 100 in both 2013 and 2014. Acquiring EFT Source enhanced our card services offering, added [email protected]® instant issuance, and expanded our end-to-end financial payment card solutions. CPI is supporting many of its existing financial card customers through the migration, and has manufactured millions of EMV chip cards for the U.S. market.
Regardless of market segment or size, CPI’s broad range of solutions is tailored to individual customers’ needs and provides the security and quality they expect. For large financial institutions we provide the scale and support they demand. For small to mid-size financial institutions we have developed Chip Complete™, a turnkey solution offering all of the elements needed to launch an EMV chip card program including a step-by-step guide, providing everything from product training to card issuance.
We provide the largest EMV production capacity and redundancy in North America through seven, PCI-compliant, high-security facilities that are each certified by one or more of the Payment Card Brands Visa, MasterCard, American Express and Discover and Interac in Canada.
What trends do you see developing in your market?
Two of the more notable trends in the payments industry are the focus on increased security and the expansion of mobile. The introduction of EMV cards and tokenization techniques to protect consumer accounts are two areas we see as highly important. CPI was a first mover in the EMV migration in the U.S. market. Our capacity increase provided our issuing customers with the needed card volumes to help retain their customers, as consumers grow more aware of the risks of data breaches.
The increasing interest from early adopters of mobile technology is apparent.. Card issuers are leveraging tools to connect with their consumers through their mobile phones. The introduction of HCE has empowered these issuers to engage their consumers and manage card credentials more directly. With HCE comes the need for tokenization and for the payments industry and merchants to develop best practices for managing this challenging but important evolution away from PAN data.
The excitement in mobile is spurring a renewed interest in contactless and therefore dual interface cards. The value here is that issuers receive the benefit of the EMV liability shift, while consumers enjoy the ease of tap and pay without the need for a mobile wallet.
What things must you overcome to leverage those trends?
We continue to develop our existing capabilities and introduce new technologies to provide integrated solutions that are relevant to our customers and keep pace with developments in the market.
In 2014, we launched cpiMobile™ allowing issuers to payment-enable their existing Android, Windows or Blackberry mobile applications. This hosted service allows issuers to manage card security (including tokenization), metadata (e.g. card art, expiration date), and provides card life cycle management (provision, activation, suspension, deletion, etc.).
The brand issuer or merchant maintains control of the user experience, and consumers stay in the issuer or merchant app for the entire shopping and payment process. Brands can customize promotional messages and recommend the best payment card at check-out. Issuers can also allow partners to enable payment with the issuer’s cards from within multiple apps.
For more information visit http://www.cpicardgroup.com/
Council Highlights
Councils completed one white paper, submitted comments on two government documents and have seven other projects in process. In addition, Council chairs have been actively planning the Council breakout sessions for the 2015 Member Meeting, with each Council hosting one or two sessions on topics of interest to members.
- The Access Control Councilsubmitted a response to the NIST request for comments on NISTIR 8055, “Derived Personal Identity Verification (PIV) Credentials Proof of Concept Research,” and comments to GSA on the FIPS 201 Evaluation Program FRTC 2.0.0.
- The Health and Human Services Councilpublished the white paper, EMV 101 for the Healthcare Industry. The white paper provides a high level overview of EMV and its impact on healthcare providers and hospital systems. The Council is currently completing its comments on the GAO report, Medicare: Potential Uses of Electronically Readable Cards for Beneficiaries and Providers.
- The Identity Council is working on a white paper on the FIDO protocol and smart card technology.
- The Mobile and NFC Council is working on two new projects: a white paper on EMV and NFC (in collaboration with the Payments Council); a white paper on “NFC non-payments use cases.” The Council Steering Committee also developed the agenda for the NFC Solutions Summit pre-conference workshop, Implementation Considerations for NFC and other Mobile Technologies: Payments and Beyond, with members presenting educational sessions.
- The Payments Council is working on a white paper on EMV and NFC (in collaboration with the Mobile and NFC Council).
- TheTransportation CouncilI s working on two white papers on: EMV and transit; reference enterprise architecture for transit open payments system.
The Mobile and NFC Council and Payments Council will be holding in-person meetings during the 2015 NFC Solutions Summit to discuss ideas for new projects.
If you would like to participate in a Smart Card Alliance Council, please contact Mike Strock, [email protected].
Welcome New Member
- Nxt-ID, Inc., General member
New CSEIP Recipients
- DeWayne Somers, Orion Management LLC
- Aric Ament, Stanlty Security Solutions
- Bill Thomas, Department of Justice/Executive Office
Council Recognition
The Smart Card Alliance will recognize outstanding members of its six councils during the Member Meeting scheduled for Oct. 4-6 at the Arizona Grand Resort. Top Contributors, Honor Roll recipients, and Council chairs will be acknowledged at a special awards dinner on Monday, Oct. 5. Make sure you are registered toattend the meeting; the awards dinner is complementary for attendees.
NFC Solutions Summit
The NFC Solutions Summit, presented by the Smart Card Alliance and NFC Forum, will be held Oct. 7-8 at the Arizona Grand Resort in Phoenix. Do not miss this high-level meeting featuring speakers and presentations ranging from carriers, application developers and technology providers to end-users.
End-of-Year Publication – Showcase Your Company
A variety of enhanced sponsorship opportunities are available to member companies in the popular “Annual Review,” a comprehensive, full-color publication produced by the Smart Card Alliance and available in print and online in December. Please contact [email protected] about the different sponsorship opportunities.