September 2016 Monthly Member Bulletin
Executive Director’s Corner
Dear Members of the Smart Card Alliance,
I have become increasing aware that aligning the Smart Card Alliance organization to support its members and followers to get in front of changing technology trends seems more difficult than in the past. Perhaps it is the accelerating rate at which business and technology trends seem to shift in comparison to the smart card advances we were facing years ago. Or it could mean technology migration that was directly tied to the smart card form factor has gone the way of the phone booth, the corner book store, and the daily print newspaper, and has been replaced by a new ecosystem with new business drivers and economic models. Adapting to the changing pace of innovation and the new role for secure chip technology in emerging markets is not just a choice, it is a necessity.
There have been some major achievements in smart card adoption in the U.S. over the last 15 years, such as the federal government selection of chip technology for its government-wide ID and electronic passport programs, the adoption of 4G mobile SIM technology in smart phones, and the banking industry’s shift to contactless cards and EMV chip cards. As a result, the U.S. smart card market grew from less than 100 million units to over 1 billion units in the last decade, a rate of growth far exceeding the growth that Europe and Asia experienced in the prior decade.
For the Smart Card Alliance to keep the momentum of the past 10 years, we need to adapt to the accelerating technology adoption rates and the changing of the form factor of the secure chip technology industry. Our future is about applying the security principles from the smart card markets of the past to the security demands of a new generation of chip-enabled devices and applications that require built-in and embedded security, along with other hardware and software components.
We first experienced this phenomenon with the introduction of NFC-enabled smart phones for mobile payments. Our traditional smart card customers, the financial institutions and mobile operators, invested heavily in NFC mobile technologies and UICC chips to perform the same transactional functions as the cards and SIMs of the past, but in a new combined chip that added the security features that mobile wallets required. That technology quickly evolved into embedded secure elements replacing the UICC chips, and some devices relying on software and the cloud to replace the embedded security chips. The Smart Card Alliance adjusted its activities and began embracing the future of embedded chips, the cloud, and the use of tokenization for security in the mobile payments ecosystem.
That helped pave the way for the Smart Card Alliance world to include the Internet of Things (IoT), a vast new market of connected devices talking to each other and sharing data over a range of devices. This spans a wide variety of applications — from an individual personal fitness app talking to a mobile app to smart cities where thousands of sensors and networked devices funnel information to huge central databases to detect and potentially control patterns of use. The Alliance is in the early days of IoT, with a newly formed IoT Security Council for member collaboration, a new IOT web portal (www.iotsecurityconnect.com) to keep the industry informed about IoT security trends, and our new event, the Security of Things 2016 Conference, in Chicago on October 18-19. Check out the limited time offer to members to get extra complimentary passes to the conference if you register by October 3rd.
All of this change is part of a new approach by the Smart Card Alliance to keep our members in front of the changing technology trends shaping the smart card industry. Our members, and the organization itself, have an important role to play in the future of secure embedded chip technology that will be as or more critical to securing applications and ecosystems as smart cards have been for the past 15 years.
New Contactless Payments Webinar
The Smart Card Alliance Payments Council is hosting two webinars for merchants and issuers to provide a fresh look at contactless payments benefits and implementation considerations. The first webinar, scheduled for Thursday, Oct. 6 at 1 p.m. ET, will focus on merchant opportunities for contactless EMV payments. Register here; presenters are Jose Correa, NXP Semiconductors; Allen Friedman, Ingenico; Oliver Manahan, Infineon Technologies; Michele Quinn, First Data; Randy Vanderhoof, Smart Card Alliance.
In the Spotlight
Please describe your company’s business profile and its offerings
OT is strategically positioned in high growth markets and offers embedded security software solutions for “end-point” devices as well as associated remote management solutions to a huge portfolio of international clients, including banks and financial institutions, mobile operators, authorities and governments, as well as manufacturers of connected objects and equipment. OT constantly monitors the market and makes the most of technological innovations to respond to new needs and behaviors, from online payment to mobile payment, NFC, biometrics, etc.
OT’s MOTION CODETM product, for example, aims to revolutionize online payment. The first deployed payment card incorporating a dynamic security code, it ensures the security of transactions carried out via the Internet. At a time when 65% of fraud relates to online payments, MOTION CODE™ reduces online fraud and is completely transparent to the cardholders and e-retailers.
Additionally, to address the needs of our clients in the identity market (governments and companies), OT is the first company in the world able to offer unfalsifiable identity documents allowing authorities to immediately and easily control their authenticity with LASINK™ technology. LASINK™ allows the document holder’s picture to be engraved directly into the card while, for the first time, combining the robustness of a polycarbonate card and the quality of a color picture.
What role does smart card technology play in your business?
The digital and connected world we know is experiencing an increasing number of attacks which calls for greater security in our digital lives. Thus, OT’s focus is to design security solutions embedded in the objects and equipment used by hundreds of millions of people every day.
To be effective, we need to incorporate security systems within the connected objects and equipment themselves by leveraging the power of the integrated circuit. The security effort must no longer be simply in the cloud, but also in our identity documents, our bank cards, our smart phones, our vehicles and all the other everyday connected objects with a secure element to provide a foundation for assurance of identity, security of connections and the facilitation of payments.
What trends do you see developing in your market?
With the growing trends of smart phones being used as payment devices, storing and processing sensitive biometric data, or improving transport ticketing experience, increasing concerns regarding users’ authentication, data protection and privacy are rising.
Tomorrow we will use wearables such as watches for keyless access to corporate facilities, homes or vehicles. We will also purchase and pay fuel, road map updates, video content and a lot of other services directly from car dashboards. And very soon, autonomous vehicles will also need to be able to check the integrity of data received from the road infrastructures and other cars and protect data they exchange in order not be hacked.
What things must you overcome to leverage those trends?
OT believes that security will be the critical enabler of IoT deployments, the largest growth opportunity for the smart card industry, as concerns about privacy remain high across the world. Based on this, there will not be a massive scale up of IoT usage unless consumers are fully secure and privacy is fully ensured.
At OT, we have expertise in a range of complementary areas (Embedded Secure Elements or eSEs, references in the automotive sector, etc.) which allows us to develop comprehensive and personalized solutions for our clients. These ensure objects’ permanent authentication and connectivity to different networks, even remotely. Our solutions also ensure the security of the confidential data exchanged, as well as its storage and analysis in compliance with applicable regulations.
Learn more by visiting www.oberthur.com
Councils published one position paper, continued work on eight white papers and launched one new project. The Councils are also developing three webinars, new infographics and additional educational resources.
- The Access Control Council published a position paper, Smart Card Alliance Commentary: OMB Circular A-130 – Management of Federal Information Resource. The position paper highlights the impact of the OMB Circular A-130 2016 update on the access control industry and on government agencies procuring and implementing access control systems
- The Health and Human Services Council will be featuring invited guest speakers on upcoming Council calls. Michael Magrath, VASCO Data Security, will be joining the Council call on October 14 to discuss the HIMSS Identity Management Council, their goals and current activities, and potential synergies between the two councils
- The Internet of Things (IoT) Security Council is working on a white paper on embedded hardware security for IoT applications. The October 11th Council call will feature a guest speaker, Sandra Baer, from Personal Cities, to discuss the impact of IoT on smart city initiatives
- The Mobile Council is currently working on four projects: mobile identity authentication white paper; mobile profiles and provisioning white paper; tokenization webinar; Trusted Execution Environment (TEE) 101 white paper
- The Payments Council is working on five projects – merchant and issuer contactless payments infographics; contactless payments educational webinars for merchants and issuers; contactless payments security Q&A update; EMVCo Payment Account Reference (PAR) use cases white paper; blockchain and smart card technology white paper
- The Transportation Council is currently working on the multimodal payments convergence white paper, updating the reference architecture white paper, and developing the statement of work for a webinar on mobile ticketing and NFC
- All councils will be electing their 2017/2018 steering committees and officers by the end of this year. If you would like to participate in a leadership role for any of the councils, please contact Cathy Medich, [email protected]
If you would like to participate in a Smart Card Alliance Council, please contact Mike Strock, [email protected].
New EMV Resources
The Smart Card Alliance and the U.S. Payments Forum (formerly the EMV Migration Forum) have produced a number of EMV resources.
Congratulations New Recipients
- Megan Bledsoe, XTec Incorporated
- Morgan Richard, XTec Incorporated
- Srinivasa Chigurupati, CapitalOne Bank*
- Ximena Azcuy, Discover Financial Services*
- Leigh Garner, Discover Financial Services*
- Tracey Harrington, Discover Financial Services*
- Kenny Lage, Discover Financial Services*
- Krishna Mohan, Discover Financial Services*
- Iniyan Seerangapattan Sampath, Discover Financial Services*
- Itzamma Vilchis, Discover Financial Services*
- Daniel Willis, Discover Financial Services*
- Vijay Kumar Soni, Discover Financial Services*
- Lawrence Sutton, CH2M
- Nic Pavel, Interac
- James Burke, SynchroCyber Corporation
- Richard Childree, Department of Homeland Security/FEMA
- David Fogle, Star Asset Security, LLC
- Deon Ford, Prism International, LLC
- David Harjo, Bureau of ATF
- Philip Hosack, LVW Electronics
- Norman Kadnar, NIH Contractor
- Michael McKinnon, The Coleman Group, Inc.
- Paul Wojdynski, Controlled Key Systems, Inc.
*Denotes Corporate Exam
Security of Things (SoT) Conference
Have you registered for the Security of Things Conference scheduled next month? This exciting new meeting from the Smart Card Alliance will be held at the Hilton Rosemont Chicago O’Hare Hotel in Chicago Oct. 19-20, 2016. Learn how industries are collaborating on standards, why secure IoT architecture is necessary, and best practices for secure IoT frameworks.
Upcoming Training Sessions
CSEIP, Oct. 11-13, 2016, National Center for Advanced Payment and Security, Arlington, VA; register now! The CSCIP/G training and exam will be held November 17-18, 2016 at the National Center for Advanced Payments and Identity Security, Arlington, VA, and the CSCIP/P training and exam will be held December 7-8, 2016, at the Biltmore Hotel in Coral Gables, Florida. Classes fill up quickly so register soon.