Smart Card Talk : February 2011 : Executive Director’s Letter

Executive Director’s Letter

Dear members and friends of the Alliance,

The expression “the whole is greater than the sum of its parts” was evident this month in Salt Lake City at the 2011 Mobile & Transit Payments Summit. This mid-winter conference event always draws a modest, but very committed group of attendees who understand how open standard, contactless bank card payments draw energy from the transportation industry, and vice versa, creating a sum effect greater than the parts alone. I’ve heard attendees also like the beautiful snow-capped vistas and the world-class skiing that is less than 40 minutes away. It was not a big surprise that this year’s focus on mobile payments and transit was well received by our regular attendees, given the collective energy around mobile payments in the U.S. and European markets. Major announcements involving the arrival of NFC mobile devices and new commercial rollouts for banks, mobile operators, alternate payments providers and some merchants have definitely re-energized the “regulars.” But we also saw excellent turnout of new attendees to our conference, most of whom were first time attendees to a Smart Card Alliance conference. This resulted in our attendance growing by 50% from 2010, to a room-busting 362 people for the medium-sized Marriott Salt Lake City Center hotel. Those who attended from the mobile payments markets benefited greatly from the frank discussions and interactive panels led by the transit operators and integrators; and, likewise, the transit-oriented crowd learned a great deal about the mobile market, NFC mobile payments ecosystem, and mobile payments business model. As a result, the “whole” got a whole lot bigger. I wish to thank all of our speakers for providing a great educational program and our sponsors, exhibitors, and conference attendees for making this event a big success–and let’s keep the momentum going into May for the upcoming 2011 Annual Conference: Roadmap to EMV Payments and Secure ID, May 3-5, 2011 in Chicago.

One unpleasant distraction during this time of positive reports of expanded growth and market acceptance for contactless payments has been the persistent media attention given to one individual’s campaign to market his products by using convincing videos of innocent people on the street having the contactless credit cards in their wallets or purses surreptitiously read by an RFID scanner device. Unfortunately, the unsuspecting people on the street who agree to this on-camera demonstration and the countless more watching the TV report are being led to believe that this type of scanning will lead to their credit card being copied and used to commit payment fraud, or worse to compromise their identity–that is, unless they protect themselves with the paper sleeve that the person behind the video is trying to sell. Those of us who have been around the contactless payments industry for many years know that contactless payment cards are secure, and that there have been no reports of anyone being “victimized” in this way. The contactless chip does not store the cardholder’s name, any address information, or the 3- or 4-digit security code that are needed to commit fraud. In fact, the added security features that the chip provides for credit or debit card payments–including the one-time code the chip generates to uniquely identity each transaction, the encryption used to protect the secret “keys” used to generate the one-time code, and the dynamic transaction data generated by contactless cards that devalues the stored data in retail systems and processing networks–are never reported in these stories.

Recently, the Smart Card Alliance has taken action with an aggressive media education campaign. With assistance from American Express, Discover, MasterCard and Visa, we have revised and re-released the Contactless Payments Security Q&A. In addition, we have solicited supporting “RFID” security statements related to contactless payments cards from Marc Roberti, editor of RFID Journal; Jay Foley, from the Identity Theft Resource Center; and the U.S. Secret Service, who is responsible for investigating payments fraud. All of these industry experts confirm that there have been no reports or any active investigations into fraud resulting from contactless credit cards being scanned by thieves. We have produced a video that includes these security statements, directly countering the claims about consumer safety issues with carrying or using contactless cards. While it is likely that this news cycle has already passed, we will continue to monitor the broadcast and print media and respond to provide accurate information for consumers to view and read. It is unfortunate that the Alliance and payments industry have to be painted in a negative light in order to satisfy news ratings during the quarterly ratings period known as “sweeps week,” but that is the nature of the industry today.

On a happier note, congratulations to Jeremy Grant, a well-known security industry insider in Washington, DC, who has been a frequent contributor to the Smart Card Alliance during his career, on being named a senior executive advisor to NIST to manage the establishment of a National Program Office for the National Strategy for Trusted Identities in Cyberspace (NSTIC). The press release announcing Jeremy’s position explains that NSTIC is to be a new initiative created as a result of the Obama Administration’s Cyberspace Policy Review, which called for building “a cybersecurity-based identity management vision and strategy that addresses privacy and civil-liberties interests, leveraging privacy-enhancing technologies for the nation” as of one of ten near-term action items. NSTIC will be focused on establishing identity solutions and privacy-enhancing technologies to improve the security and convenience of sensitive online transactions through the process of authenticating individuals, organizations, and underlying infrastructure. The National Program Office, to be established within the Department of Commerce, will be responsible for bringing the public and private sectors together to meet this challenge. On behalf of all your friends and colleagues in the Smart Card Alliance, we wish Jeremy success in the new position, and we are confident that Jeremy will make a positive contribution to the national cybersecurity effort.

Randy Vanderhoof
Executive Director