News : Newsletters : Alliance Member Bulletin : September 2018

Executive Director’s Corner

Medicare Smart Card Bill Passes House Vote – Finally!

Last week, something happened in Washington, D.C. that was more than 10 years in the planning.  The House of Representatives passed the Medicare Common Access Card Act, now known as Fighting Fraud to Protect Care for Seniors – HR.6099.  The bill calls for the Centers for Medicare & Medicaid Services (CMS) to conduct three regional pilot programs to evaluate the use of smart cards in Medicare to prevent fraud.

Back in 2010, Peter Roskam, a Republican congressman from Illinois, offered a smart solution to a huge fraud problem. Roskam, a former personal injury lawyer who sits on the House Ways and Means Health Subcommittee, believed Medicare should follow the lead of another industry that had a strong record of rooting out fraud – the credit card industry.  Ironically, this was two years before the credit card industry announced its plans to fight fraud by issuing nearly 1 billion smart cards in the U.S.

This bill had been hanging around since 2011, with neither political party willing to challenge CMS, which opposed any new Medicare ID technology. Waste, fraud and abuse in Medicare and Medicaid depletes our treasury, and also forces federal and state authorities to spend tens of millions of dollars every year in law enforcement and prosecution costs by dealing with the crime after the fact rather than preventing it.

Smart cards provide the ability to stop the fraud before it happens by verifying and authenticating valid Medicare and Medicaid users at the time of the transaction. They’re not only a globally recognized tool to help eliminate medical and financial fraud, but a trusted tool of the federal government in assuring identity across a number of critical applications.  If CMS were to implement a smart card technology solution – such as described in this bill – it would have the potential to save American taxpayers over half of the estimated $60 billion per year cost of fraud.  With over 59 million Medicare beneficiaries, that comes out to approximately $1,000 of fraud per recipient per year. Meanwhile, thanks to a large increase in production volume and other cost factors affecting the smart card industry, the cost of a smart Medicare card is down by at least 50% from 2011.

Authentication of the cardholder as the insured party reduces medical fraud by eliminating card swapping, tampering, and cloning.  It can support verification of benefits eligibility at the point of service, ensuring that treatment is restricted to covered services and prescriptions.  Smart healthcare cards can also address provider fraud by providing strong authentication of the healthcare provider identity when submitting a claim and by linking treatments with verified patient encounters.  This process of verification – authenticating providers authorized to deliver services and bill Medicare, ensuring beneficiaries are authorized to receive those services, and verifying medical suppliers and vendors – will effectively remove much of the fraud that’s been happening.

The path to seeing this bill becoming law is not guaranteed since it must pass the Senate and be signed by the president. For now, we celebrate and hope that common sense and the urgent need to address waste, fraud, and abuse in our Medicare and Medicaid system will prevail.

Council Highlights

  • Council projects. A summary of all active Council projects is posted on the Secure Technology Alliance members-only site
  • The Access Control Council led a member group to develop the agenda and content for the September 17th GSA Physical Access Control (PACS) Reverse Industry Training. Council members presenting at the event included:  Tony Damalas, Signet/Convergint Federal Solutions; Roy Hayes, Systems Engineering, Inc.; Mike Kelley, Parsons; Stafford Mahfouz, Software House; Roger Roehr, Integrated Security Technologies; Lars Suneborn, Secure Technology Alliance; Rob Zivney, Identification Technology Partners. The Council has two active projects: completing the enterprise PACS playbook and developing guidance to compliment the NIST SP 800-116 v2 publication
  • The Identity Council is hosting a webinar, Identity on a Mobile Device: Healthcare, Banking and Transportation Use Cases, on Thurs., Sept. 20, at 2pm ET/11am PT. The webinar will review the use of mobile identity credentials for healthcare, banking and transportation use cases.  The Council also continues work on the mobile identity landscape white paper and has additional webinars planned to review other use cases
  • The IoT Security Council is hosting a webinar, IoT Security: Mitigating Security Risks in Secure Connected Environments, on Thurs., Oct. 11, at 2pm ET/11am PT. The webinar will discuss the risks and risk mitigation approaches for IoT applications and discuss specific vertical market use cases.  The Council has also launched a members-only LinkedIn Group, IoT, to facilitate group discussion
  • The Mobile Council has scheduled two interactive web briefings to provide members with up-to-date education. The first briefing, “Biometrics on Mobile Devices,” will be presented by Andrew Jamieson, UL, on Wed., Sept 19th, at 2pm ET/11am PT.  The second briefing, “Tokenization,” will be presented by David Worthington, Rambus, on Wed., Oct. 17th at 1pm ET/10am PT.  The briefings are open to all Alliance members. Please contact Cathy Medich, [email protected] if you would like additional information
  • The Payments Council is working on a new white paper on biometric payment cards to provide a high-level description of biometric payment cards to educate issuers on functionality and benefits
  • The Transportation Council currently has two active projects: a webinar on mobile ticketing and Near Field Communications (NFC); part two of the payments convergence white paper, focusing on potential barriers to implementation of multimodal payment strategies and suggesting ways of addressing these challenges.  The Council is also working with the U.S. Payments Forum’s Transit Contactless Open Payments Working Committee to develop a full-day transit payments workshop in November

If you would like to participate in a Secure Technology Alliance Council, please contact Devon Rohrer, [email protected].

Webinar This Week: Identity on a Mobile Device – Healthcare, Banking and Transportation Use Cases

The Identity Council is hosting a webinar, Identity on a Mobile Device: Healthcare, Banking and Transportation Use Cases, on Thurs., Sept. 20, at 2pm ET/11am PT.  The webinar is the third in the Council’s series reviewing how mobile identity credentials are used in a variety of use cases.

The webinar will discuss:

  • The Secure Technology Alliance’s mobile identity assessment initiative
  • Challenges with patient identity in healthcare and the use of mobile identity to help streamline patient experiences and benefit the healthcare provider by reducing duplicate records, increasing patient payments and ensuring patient data availability
  • Use of mobile devices to help the transit industry improve customer experience and service efficiency and prevent fraud by enabling travelers to plan, book and pay for service seamlessly via mobile device
  • The Canadian digital identity network, Verified.Me, that was formed to provide security, convenience and speed to consumers when verifying information to services that require a high level of trust in identity verification and authentication

Speakers include:  Jeffrey Fountaine, Ingenico Group; Jerry Kane, Southeastern Pennsylvania Transportation Authority (SEPTA); Judy Keator, SecureKey Technologies; Tom Lockwood, NextgenID; Randy Vanderhoof, Secure Technology Alliance.

Upcoming October 11th Webinar: IoT Security – Mitigating Security Risks in Secure Connected Environments

The IoT Security Council is hosting a webinar, IoT Security: Mitigating Security Risks in Secure Connected Environments, on Thurs., Oct. 11, at 2pm ET/11am PT.

The webinar will discuss:

  • The biggest security risks facing IoT implementations today
  • Security considerations for each stage in the IoT device life cycle
  • Practical mitigation approaches and technologies to improve security and privacy
  • Use cases that describe how these approaches are being adopted in the industrial, financial and automotive industries

Webinar speakers include:  Steve Hanna, Infineon Technologies; Josh Jabs, Entrust Datacard; John Neal, NXP Semiconductors; Sri Ramachandran, G+D Mobile Security; Randy Vanderhoof, Secure Technology Alliance.

Follow the Alliance on Social Media

The Secure Technology Alliance has enhanced its presence on social media with robust platforms on Twitter and LinkedIn.  Here are some ways you can interact with the organization:

Welcome New Members

  • Conduent (Leadership Council level)
  • Secure Element Solutions, LLC

Congratulations New Recipients


  • Brian O’Rourke, XTec


  • Michael Johnson, LTK Engineering Services
  • Gerry Glindro, IDEMIA
  • Artur Russ, IDEMIA
  • Kin Mak, IDEMIA
  • Oscar Ortega, IDEMIA
  • Jim Sanchez, IDEMIA
  • Shereena Sherafudeen, IDEMIA 


  • Chad Black, Blackhawk Security
  • Stephen Clare, Orion Management
  • Thomas Horgan, AMAG Technology
  • Richard Krehbiel, Kastle Systems
  • Raine Lactaoen, Integrated Security Technologies
  • Rafael Molinari, Kastle Systems
  • Fred Nathan, GC&E Systems Group
  • Richard Orr, Secure Install Solutions
  • Reigional D. Smith, Johnson Controls

Training, Exam, and Recertification Dates

CSCIP/G Training/Exam

  • Oct. 16-17, The National Center for Advanced Payments and Identity Security

CSEIP Training/Exam

  • Oct. 23-25, National Center for Advanced Payments and Security
  • Nov. 27-29, National Center for Advanced Payments and Security
  • Dec. 11-13, National Center for Advanced Payments and Security

CSCIP/P Training/Exam

  • Nov. 13-14, National Center for Advanced Payments and Security 

CSEIP Recertification

The online instructor-led review course is four hours, from 11 AM ET – 3 PM ET. The hour-long exam follows from 3 PM ET to 4 PM ET. Register for one of these upcoming certification dates:

  • October 18
  • November 15
  • December 6

Don’t Miss Event: Securing Digital ID 2018 Conference

“Securing Digital ID 2018,” a new event from the Alliance, is scheduled for Dec. 4-5 in Alexandria, VA, just outside of Washington, DC. Make sure you’ve registered for this timely event.

The meeting will feature presentations and panel discussions on digital identity solutions and authentication technologies, business challenges balancing security and convenience, policies that help guide common practice, and interoperability standards. There will also be opportunities to network with security experts and cybersecurity integrators already using smart identity security solutions.

Register, and make your travel plans today to ensure your spot.