Smart Card Talk May 2013
•
a Smart Card Alliance ePublication
• Volume 18 : Issue 5
In This Issue: Dear Members and Friends of the Alliance, One of the most valuable insights about the many applications and uses for NFC I received from listening to the experts at this month’s NFC Solution Summit 2013 Conference in San Francisco was simply this: we need to listen to and focus on the consumer experience first. Whether it has to do with a mobile payments transaction, a coupon offer, a gaming experience, or some other interaction with an expected half billion NFCenabled portable devices to hit the market next year, focusing and listening to the needs of the consumer is critical. My letter in this month’s issue of Smart Card Talk recaps the event and the interesting insights conveyed by speakers and panelists. If you have feedback, please feel free to contact me. Thank you for your support of the Smart Card Alliance. Sincerely,
② Executive Director Letter >> ③ Latin America Letter >> ④ Member Profile >> ⑥ Feature Article >> ⑩ Council Reports >>
On the Web: Members in the News >> Alliance in the News >>
Randy Vanderhoof Executive Director, Smart Card Alliance Acting Director, EMV Migration Forum
Event Calendar
Click Here to Read Letter ...
2013 Government ID Security Conference
Oct. 15-16, 2013 Walter E. Washington Convention Center, Washington, DC
Smart Card Alliance Member Meeting (new!) Feature Article: Smart Healthcare Cards: Facilitating Compliance with Meaningful Use Smart card and patient identity technologies can provide a modular electronic health record solution and meet HITECH and meaningful use requirements. This month’s article provides an overview of eight areas in which smart card technology can assist healthcare organizations with meaningful use compliance. Click to Read More …
December 8-10, 2013 Biltmore Hotel, Coral Gables, FL
Member Profile: XTec This month Smart Card Talk spoke with Kevin Kozlowski of XTec Incorporated. As Vice President with responsibilities for establishing XTec as a premier security provider for the federal government and commercial arenas, Kozlowski has been instrumental in overseeing cabinet-level smart card systems deployments, contributing to federal smart card publications and providing security and authentication guidance to numerous federal agencies. Click to Read More …
executive director’s corner
Considering the Consumer Dear Members and Friends of the Alliance, One of the basic tenets of marketing is to listen to what the customer wants. What emerged from the recent NFC Solutions Summit 2013 is that every use case has to be envisioned from the consumer’s perspective, not from the perspective of what is best for the service provider. This critical point was communicated effectively by Lynne Barton, VP of Marketing for Jamba Juice, and one of several merchant experience speakers who joined a panel led by Geoffrey Dunkle of Isis. She described how NFC creates “more meaningful and personal conversations with customers.” She added that it was the coupons, not just another method of payment, that was “the gateway” to get consumers using the technology. Mohamed Awad of Broadcom and vice chairman of the NFC Forum described how marketing NFC to consumers needs to “create, communicate and deliver value to customers.” He pointed to several examples -- like the new smart phone advertising campaigns that never mention the technology behind the NFC devices but show simple acts like sharing photos with a simple touch of two phones, or the magazine ad for a luxury car with an embedded NFC tag that invites the reader to extend his experience with more details about the features on the car just by touching an NFC phone to the page. He also described the reaction of his son when he brought home a new Skylanders toy for his son’s video game, and the magical experience of seeing the character come to life on the screen using a simple NFC tap. A third example came from Mikhail Damiani, CEO of Blue Bite, while talking about building an interactive “out of home” marketing channel for movies and music using NFC-enabled displays to invite consumers to experience exclusive content at public locations, such as a shopping mall, airport, or outdoor square. In developing marketing campaigns with major entertainment firms, he never mentions the underlying technology, only the unique experience for the consumer when they interact with the display. Although Blue Bite supports QR codes and Bluetooth in addition to NFC in these displays, Damiani reported that consumers favor the ease and convenience of NFC. The only thing holding it back, for now, is the availability of the handsets. At the conference, the Smart Card Alliance teamed with ITN, the registration badge and lead tracking supplier, and created its own version of the NFC consumer experience. With a free mobile app from Play Store, exhibitors and attendees could tap any NFC phone to the attendee badges and instantly view that badge holder’s contact information right on their mobile screen, without a single keystroke other than unlocking their phone. Also, the NFC 2
Smart Card Talk
Forum provided smart tags on point of display posters and agenda signs throughout the conference registration area so attendees could capture the sign information and agenda details quickly and reduce the amount of printed material to take home. As I mentioned in my letter last month, making NFC payments with my mobile phone has already lost its “wow factor” for me, but seeing the ease with which I could tap a badge or tagged poster and see what I captured was definitely cool. Another concept I came to appreciate in listening to the presentations at the NFC Solutions Summit was the power of the networking effect. The networking effect happens when a small but critical mass of devices is reached which enables an increase in value in a different but related device. For example, when a few hundred mobile phones with NFC are in a market, it creates demand for perhaps a few thousand inexpensive NFC tags, which enables a few dozen merchants with a few hundred stores to join a marketing promotion that is NFC-enabled which causes a few thousand mobile offers to be redeemed, which influences a few hundred more consumers to try NFC. This cycle continues to grow and expand geographically and include new uses and applications. In a short time, those few hundred phones have evolved into a mini NFC ecosystem of users and suppliers each eager to do more with what they have. This network effect is why, in about 10 years, Bluetooth grew from a few high-end mobile handset models to headsets and laptops and automobiles, and is now a standard in about 90 percent of the 6 billion handsets in the world. NFC is expected to be in more than 500 million handsets by next year, so it is easy to see many similarities to the growth of Bluetooth, not just in handsets, but in the myriad of electronic devices, game consoles, automobiles, medical instruments, and interactive displays and signs. We will remember our humble beginnings with NFC in 2010 to 2020 - and even in 2013, when Todd Ablowitz of Double Diamond Group, moderating a panel discussion comparing NFC with mobile payments in the cloud, asked the legitimate question to panelist Allen Weinberg of Glenbrook Partners, “Is NFC dead?” Allen rightfully replied “heck, neither one has even been born yet!” We are witnessing that early networking effect that will ultimately reshape the consumer experience for billions of people in the years ahead. I am glad so many of you have decided to share your knowledge and experience with us. Sincerely,
Randy Vanderhoof Executive Director, Smart Card Alliance rvanderhoof@smartcardalliance.org
Dear Members and Friends of the Smart Card Alliance Latino America – SCALA: Throughout history, change has consistently been met with resistance. This resistance is usually due to a fear of the unknown, along with the pervasive thought that the status quo is not that bad (even if it is really is). But as difficult and challenging as change can be, it is the engine that propels the world to continue moving forward, and the smart card industry is a prime example of that. Perhaps the most comprehensive change taking place in our industry now is the migration to EMV in the Americas. Already a reality in many countries in Europe and several in Latin America, EMV has already proven to be a more secure option for payments than magnetic stripe cards; the level of security provided by EMV prevents counterfeit and lost and stolen card fraud, and represents a polar opposite when compared to magnetic stripe cards. Smart Card Alliance Latino America (SCALA) is committed to the successful implementation of EMV across each and every market in a region as large and diverse as Latin America and the Caribbean. It is because of this very reason that the EMVTour was developed together with PaymentMedia. Three hugely successful stops of the EMVTour have already been completed: our missions to Quito, Ecuador; Buenos Aires, Argentina; and Santiago, Chile have been met with joy and excitement, transforming some of that natural adverse reaction to change to confidence and optimism in a better future for the payment industry and cardholders alike. The next stop will be the EMVTour-CAC 2013 on June 26th at the Paradisus Palma Real Resort in Punta Cana, Dominican Republic. SCALA, along with PaymentMedia, will continue to create a venue to share knowledge regarding EMV at an event that will address not only EMV as a whole, but focus on its implementation in the Caribbean and Central American region. We are also excited to present specific cases and possible scenarios they relate to the area. Thank you to the members of the Organizing Committee -- American Express, Evertek, First Data, MasterCard, Payment
Media and Visa -- who have put together an outstanding program for the Tour. We plan to present a diversity of topics regarding the challenges, infrastructure requirements, and the advantages and realities of EMV implementation. Copa Airlines has offered customers traveling to Punta Cana for the EMVTour-CAC 2013 a special discounted airfare through a special reservation code. Please visit the EMVTour page for more information. Smart Card Alliance Latino America – SCALA is the only industry-recognized association whose mission is to promote the use, understanding and widespread application of smart card technology in Latin America and the Caribbean. As such, the EMVTourCAC 2013 is an exciting addition to the region. This event will be the perfect opportunity to gather the information necessary to develop best-in-class solutions regarding EMV implementation for all parties involved on the payment chain, including issuers, acquirers and end users. The EMVTour-CAC 2013 will also offer valuable deliverables for attendees, available only for SCALA members, including the new and updated EMV Roadmap White Paper for Latin America and the Caribbean. Much like our focused approach in Buenos Aires, Santiago and Quito, the EMVTour will continue to be the tool of change that uses the past to shine a light into the future, through the education, exchange of information, and an overall experience that only an impartial association like SCALA can offer. We hope to see you all in Punta Cana at the EMVTour-CAC 2013.
Sincerely,
Edgar Betts Associate Director, Smart Card Alliance Latin America (SCALA) ebetts@smartcardalliance.org www.sca-la.org
Smart Card Talk
3
latin america corner
EMV in Central America and the Caribbean
member profile
Authentication differentiates our AuthentX™ products and services, which provide identity management capabilities and access control for an array of government customers. In fact, we are one of the largest HSPD-12 infrastructure providers in the U.S. government; XTec supports more than 70 federal agencies.
This month Smart Card Talk spoke with Kevin Kozlowski of XTec Incorporated. As Vice President with responsibilities for establishing XTec as a premier security provider for the federal government and commercial arenas, Kozlowski has been instrumental in overseeing cabinet-level smart card systems deployments, contributing to federal smart card publications and providing security and authentication guidance to numerous federal agencies. A member of the Smart Card Alliance Access Control Council, he has more than 20 years of experience in the information technology industry, as well as a wide range of experience in sales, marketing, engineering, and business leadership. Prior to joining XTec, Kozlowski was a Senior Manager with Northrop Grumman Information Technology, where he provided oversight and management of the combined Logicon and Litton-PRC smart card practice. Kozlowski holds a Bachelor’s degree in Finance and Economics from James Madison University and is a Certified Smart Card Industry Professional in Government (CSCIP/G).
1. What is XTec’s main business profile and offerings? At XTec, our focus is authentication – strong, cryptographic authentication. It’s essential for securing facilities and data and essential for fighting fraud. Everything else is peripheral. Our solutions support rapid, electronic authentication, which deters fraudulent credentials and allows organizations to maintain the tempo of regular operations.
4
Smart Card Talk
Our solutions also reach beyond the federal arena. State and local governments, the financial industry, and the health care industry now look to XTec to help them achieve interoperability and combat fraud.
2. What role does smart card technology play in your business? For the past several years, XTec and the larger smart card market have grown in tandem. And while we both pre-date HSPD-12, we have been similarly energized by the directive. That’s because it articulates a clear, post-September 11 conclusion about security in America and America’s government: sound, interoperable credentialing is essential, and the smart card is our best bet. Granted, many competitors and colleagues in the industry can track their growth to the expansion of smart card use after HSPD12’s issuance. XTec is not unique in that respect. What is unique, however, is XTec’s dynamic combination of smart card technology and authentication. For XTec, smart cards provide the ideal vehicle for quickly conducting electronic authentication for access to a facility or application. For that very reason, we engineered our solutions based upon smart card use and for cryptographic operations. The smart-card based design also offers assurance to our customers. We didn’t contort our solutions to meet HSPD-12; the two were compatible from the start, largely because of their incorporation of smart card technology. And as a result, we do not struggle to adapt to new standards. Our technology evolves seamlessly along with the smart card industry itself and with the changing standards that shape it. Our customers can depend on that.
3. What trends do you see developing in your market? We see two main trends taking shape: the demand for PIV-I and growing interest in cloud-based solutions.
PIV-I - After completing the PIV-I certification process, we knew the technology had significant potential. But last year alone, we saw interest in PIV-I capabilities explode. Many companies and non-federal governments are lured by proven, open-standards PIV technology. And I think the primary reason is security. These are enterprises that understand more every day: “Hey, the old username-password method just isn’t viable in today’s world.” They want high-assurance credentials. Some want to interoperate with the federal government, but others – such as those in the health care and financial services sectors – simply want technology that offers federal governmentlevels of security. And PIV-I is where these needs intersect. Cloud - More customers are expressing interest in the benefits of cloud applications and infrastructure. They want the cost savings, and they like the idea of offloading responsibility for server maintenance. We support those goals; having a secure, hosted infrastructure is more efficient, cost-effective, and reliable. We just remind these customers that authentication should remain a core part of their access control process, regardless of where it’s hosted. After all, reducing costs at the expense of security is not a trade-off we or our customers are willing to make.
4. What do you see are the key factors driving smart card technology in government and commercial markets in the U.S.? The very nature of electronic transactions will shape smart card technology in today’s markets. What I mean is this: with electronic transactions you see a competition between the advances our technology offers and the savvy of those who want to undermine or harness that technology for their gain. We see this everywhere today – whether you yourself have been a victim of identity theft or an unauthorized person has penetrated a government application or a critical infrastructure component. It’s widespread. And the solutions we develop must be stronger than the abilities of the criminals we face. We have several ways to approach these problems; not all involve a smart card. But we must recognize that a username-password approach isn’t viable, not with such high stakes. Because no matter how much security you encase it with, a username-password combination is a knowledge-based approach. It’s inherently vulnerable.
5. What are some of the challenges you see confronting the smart card technology industry? Education on smart cards is our primary challenge as an industry. Within the federal government, most people understand at least the value of smart cards, even if they don’t recognize the full range of capabilities. But beyond the federal government is an array of industries and local government entities that need the security that smart cards offer. They just don’t know enough about it. I would say education efforts should focus on three key facts: First, smart card technology is privacy enhancing; it is intertwined with an existing trust infrastructure. Second, it can be user friendly as well as mobile. Implementation and use are not onerous processes. Third, when implemented as an enterprise solution, smart card technology offers a notable return on investment. If more non-federal enterprises knew these facts, I think adoption of smart card technology would be even more widespread.
6. What type of measurable impact has the Smart Card Alliance and/or Councils made in your company’s business? The Smart Card Alliance has been an invaluable resource for industry collaboration. Although the smart card market is bigger than ever, it still maintains a niche feel. That common bond of specializing in a targeted technology unites Smart Card Alliance member companies and allows the group to remain focused and to continue providing value to its members. The Alliance is also a significant source of employee education for XTec. More than 40% of our employees have completed the LEAP Certified Smart Card Industry Professional (CSCIP) program. We find that proven, measurable competence in our field is compelling for both current and potential customers.
Member Point of Contact:
Kevin Kozlowski Vice President, XTec Incorporated, www.xtec.com kkozlowski@xtec.com (703) 547-3524
Smart Card Talk
5
feature article
Hospital LO Patient SUSAN B JON ES-
SMITH Confidentia l Patient ID 808400 123 456 789012 Provider (80 840) 1234 567 89 3
GO & Name DOB 11/1 4/1978 Issued 5/14 /10
Smart Healthcare Cards: Facilitating Compliance with Meaningful Use Meaningful use of health information technology is an umbrella term for rules and regulations with which hospitals and physicians must comply to qualify for federal incentive funding under the American Recovery and Reinvestment Act of 2009 (ARRA). [1] ARRA authorizes the Centers for Medicare and Medicaid Services (CMS) to provide reimbursement incentives for eligible professionals and hospitals that meet meaningful use criteria on the way to becoming “meaningful users” of certified electronic health record (EHR) technology. Meaningful use includes using EHR technology for functions that both demonstrate and improve quality of care, such as e-prescribing, electronic exchange of health information, and submission of quality measures to CMS. Meaningful use sets healthcare goals, rather than goals for information technology. The overall goals are to use EHR technology for the following: 1. Improve quality, safety, and efficiency of patient care 2. Engage patients and families 3. Improve care coordination 4. Ensure adequate privacy and security for personal health information 5. Improve population and public health Implementation of meaningful use is occurring in multiple stages. Stage 1 implementation requirements and measures are documented in the Department of Health and Human Services Final Rule of July 28, 2010. The Department of Health and Human Services’ Office of the National Coordinator (ONC) states that EHRs provide the following benefits for providers and their patients: [2] • Complete and accurate health information. • Better access to health information. • EHRs facilitate access to the information that providers need to diagnose health problems earlier and improve the health outcomes of their patients. EHRs also allow information to be shared more easily among doctors’ offices and hospitals and across healthcare systems, leading to better coordination of care. • Patient empowerment. • EHRs empower patients to take a more active role in their health and in the health of their families. Patients can receive electronic copies of their medical records and share their 6
Smart Card Talk
• • • • •
health information securely over the internet with their families. The Stage 2 rules document includes: Minor changes to Stage 1 criteria and measures Additional requirements and measures for achieving Stage 2 Additional clinical quality measures Additional reporting requirements and mechanisms
Implementation of meaningful use and incentive payment opportunities extends until at least 2020, with incentives decreasing over time to encourage early adoption of EHR technology. Smart cards can make critical information readily available to healthcare providers and facilities, which positively affects the quality, accuracy, and cost of care. Current technology supports smart card solutions that can integrate with current provider systems using the cloud and HL7 messaging. Health information can be exchanged among providers and across systems, making key health information mobile and facilitating coordination of care. This same technology also allows healthcare information to be transformed into a standardized electronic format that can be accessed by patients and their families through secure patient portals. Smart card and patient identity technologies can provide a modular EHR solution and meet Health Information Technology for Economic and Clinical Health (HITECH) and meaningful use requirements in eight areas: • Streamline patient registration and discharge • Fulfill government requirements for confirming identity verification • Increase patient privacy and security • Prevent record duplication • Provide consistent branding across an organization and beyond • Serve as a real-time, portable mini-EHR • Provide first responders with potentially life-saving information • Satisfy HIPAA compliance requirements Streamline registration and discharge. Use of a smart healthcare card for registration or admission allows healthcare organizations to decrease patient wait times, improve the quality of care, and heighten efficiency by confirming a patient’s identity, registering or checking the patient in, and verifying insurance instantly. Because
the process does not rely on human data entry or transcription, errors can be virtually eliminated. Use of a smart healthcare card at discharge allows the system to recognize a patient’s identity, match it to the visit, update the card with demographic and medical information, update a patient data portal with required discharge information (e.g., follow up appointments, medication information, education, instructions, activity requirements, dietary care), and trigger transmission of any required educational materials to the patient’s e-mail address.
and Medicaid data and statistics can be maintained per federal requirements.[3] Smart cards integrated with an identity software solution can also support automated time-based reporting and review of patient data, protecting healthcare information with encryption algorithms that allow access only by authorized readers. Smart cards can support multi-factor authentication, which satisfies requirements such as those for e-prescribing, and can provide strong authentication, digital signatures, and security through encryption.
Meet government identity verification requirements. Smart card technology is currently used for the Department of Defense Common Access Card (CAC), the Federal Information Processing Standard (FIPS) 201 Personal Identity Verification (PIV) card (issued to all Federal employees and subcontractors), the Transportation Worker Identification Credential (TWIC), and the U.S. electronic passport. Using standards such as FIPS 201, smart cards can provide single sign-on solutions to EHRs for government-employed medical personnel, such as physicians and nurses.
Prevent record duplication. Smart cards can significantly decrease the incidence of duplicate records and the associated expense. Linking a patient to that patient’s health records seems a simple process, but human error, such as transcription of the wrong medical record number, can retrieve an incorrect record or cause creation of a duplicate record because the correct record has not been located. Using authenticated identifiers on a card can match a patient to that patient’s individual medical record, improving administrative functions such as billing and registration and enhancing continuity of care.
Increase patient privacy and security. Smart card solutions can meet or exceed all mandates and requirements for patient privacy, safety, records, system security, and confidentiality. All smart card data can be encrypted, and all data transmitted can comply with applicable standards (e.g., HL7, SnoMed, and ISO/IEC). Medicare
Provide consistent branding. While smart cards can provide a single tool for patient identity management, they also provide
Smart Card Talk
7
healthcare organizations and affiliations with the opportunity to build stronger community alliances between healthcare organizations, integrated delivery networks, hospital systems, provider networks, and auxiliary services. Coupled with identity software, smart cards can replace multiple cards (e.g., insurance IDs, allergy cards, registration cards) that a patient or consumer would otherwise have to carry to be known throughout the organization. In addition, there are smart card solutions that make the patient’s healthcare provider of record immediately known and recognized to other members of the healthcare community, such as pharmacies, durable equipment providers, and others. Serve as a real-time EHR. Smart cards can contain encrypted patient demographic information, such as name, date of birth, height, weight, and body mass index (BMI), as well as other key information. In addition, a smart card can store key health data components such as current medications, allergies, immunizations, a conditions or problem list, smoking status, surgeries, and hospitalizations. Smart cards can also be configured to store patient information such as implanted devices, artificial valves, defibrillators, advance directives, and organ donation status. Unlike standard EHRs, a smart card is mobile and goes with the patient. Provide first responders with critical information. In an emergency, smart cards can enable first responders using a simple portable reader to identify a patient immediately and access the patient’s medical record, regardless of whether the patient is conscious, is emotionally or physically able to convey the entire medical picture accurately, or has language barriers that impede effective communication. Satisfy HIPAA compliance requirements. Smart healthcare cards offer entities covered under HIPAA an effective tool to facilitate compliance with the HIPAA Privacy Rule. One of the key provisions of the HIPAA Privacy Rule is to assure that an individual’s health information is properly protected and that individuals can control how their health information is accessed and used. Providing healthcare organization employees as well as patients with smart healthcare cards can help ensure that health information is accessed only by those with the appropriate credentials. Many recent high-profile breaches of protected health information occur because data is kept on unsecured, unencrypted devices such as CDs and USB flash drives, or because entities have been able to access medical records without proper authorization. A smart healthcare card can minimize or eliminate such breaches using embedded secure chip technology, encryption, and other cryptography measures that make it extremely difficult for unauthorized users to access or use information on the smart card or to create duplicate cards. These capabilities help protect patients from identity theft, protect healthcare institutions from medical fraud, and help healthcare providers meet HIPAA privacy and security requirements.
8
Smart Card Talk
In summary, smart healthcare cards can better position healthcare organizations and providers for meaningful use of EHRs, while addressing many of the security and privacy challenges that come with EHRs and health data exchanges.
References and Notes [1] Meaningful use is a broad topic. For more information, follow the links to “EHR Incentives” at The Centers for Medicare and Medicaid Services Web site: https://www.cms. gov. Dr. John Hamalka’s blog (http://geekdoctor.blogspot. com/2011/01/bookmarked-final-rules.html) contains bookmarked versions of the CMS final rules. Additional resources are the Healthcare Information and Management Society (HIMMS), “Meaningful Use One Source,” http://www.himss. org/ASP/topics_meaningfuluse.asp. [2] “What Is Meaningful Use?,” HHS HealthIT.gov web site, http://healthit.hhs.gov/portal/server.pt/community/healthit_hhs_gov__meaningful_use_announcement/2996 [3] http://www.cms.gov/Research-Statistics-Data-and-Systems/CMS-Information-Technology/InformationSecurity/ Information-Security-Library.html. CMS has defined 11 information types processed by CMS information systems. For each information type, CMS used FIPS 199 to determine an associated security category. CMS also used OMB M-04-04 to determine each information type’s e-Authentication assurance level.
About this Article This article is an extract from the Smart Card Alliance Healthcare Council publication, Smart Card Technology in U.S. Healthcare: Frequently Asked Questions. The FAQ was developed to provide an easy-to-use resource for understanding how smart card technology is used for healthcare applications and for discussing the benefits that smart healthcare cards deliver to patients, healthcare providers and healthcare payers. Healthcare Council members participating in the development and review of the FAQ included: ABnote Group; CSC; Datacard Group; Eid Passport; Gemalto; LifeMed ID, Inc.; Oberthur Technologies; OTI America; RM Industries; SafeNet Inc.; SecureKey Technologies; Watchdata Technologies USA; XTec, Inc.
About the Smart Card Alliance Healthcare Council The Smart Card Alliance Healthcare Council brings together payers, providers, and technologists to promote the adoption of smart cards in U.S. healthcare organizations. The Healthcare Council provides a forum where all stakeholders can collaborate to educate the market on the how smart cards can be used and to work on issues inhibiting the industry.
from the alliance office
Welcome New Members • • • • •
Hillsborough Transit Authority, Government ImageWare Systems, Inc., General Member Intelligent Parking Concepts LLC, Associate Member IPS Group, Inc., General Member STMicroelectronics Ltda., SCALA, Government
New CSCIP Recipients • • • •
Jamie Chang, Deloitte & Touche LLP Vamsi K. BondadaVenkata, Deloitte & Touche LLP Brenda Sutton, Deloitte & Touche LLP John Ward, Deloitte & Touche LLP
For more news, visit our website at www.smartcardalliance.org. Members can also access white papers, educational resources and other content.
191 Clarksville Road Princeton Junction, New Jersey 08550 1.800.556.6828 Fax: 1.609.799.7032 info@smartcardalliance.org www.smartcardalliance.org
About Smart Card Talk
About the Smart Card Alliance
Smart Card Talk is the monthly e-newsletter published by the Smart Card Alliance to report on industry news, information and events and to provide highlights of Alliance activities and membership.
The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology. Smart Card Talk
9
council reports
Updates from the Alliance Industry Councils Access Control • The Access Control Council is working on a project to provide comments to the U.S. Coast Guard on the Transportation Working Identification Credential Reader Requirements Notice of Proposed Rulemaking (NPRM). • The Council is developing comments to submit to NIST on the draft Special Publication (SP) 800-73-4, Interfaces for Personal Identity Verification.
Healthcare • The Healthcare Council is collaborating with the Workgroup for Electronic Data Interchange (WEDI) Health ID Card Subworkgroup to provide input on smart cards and biometrics for a WEDI research paper. • The Council is developing comments to respond to the Senate request for feedback on federal progress promoting health information technology adoption and standards
10
Smart Card Talk
Identity • The Identity Council is developing a white paper on smart card technology and NSTIC. The goal of the white paper is to raise awareness of the benefits of smart card technology and show how smart card technology can be used for high assurance credentials in the NSTIC identity ecosystem. • The Council is completing a cross-council white paper project on supporting the PIV application on mobile devices with the UICC.
Mobile and NFC • The Mobile and NFC Council held two successful webinars to complete the series on mobile/NFC security fundamentals. The third webinar, “NFC Forum Tags and Security Considerations,” was held on April 18th, with presentations from Tony Rosati (NFC Forum Security Work Group & Blackberry), Joe Tassone (Identive), Mike Zercher (NXP Semiconductors), and Rob Zivney (Identification Technology Partners). The fourth webinar, “NFC Application Use Cases: Security Considerations,” was held on May 9th and featured presentations from Tony Sabetti (Isis), Christian Ali (SecureKey Technologies), Jonathan Main (NFC Forum/ MasterCard), and Steve Rogers (IQ Devices). Webinar recordings are available at http://www.smartcardalliance.org/ pages/activities-events-mobile-nfc-security-fundamentals.
• The Mobile and NFC Council held a well-attended in-person meeting at the 2013 NFC Solutions Summit on May 15th. The meeting focused on the secure credentials on mobile devices white paper use cases, with presentations from the member teams on the progress of their content. • A Smart Card Alliance workshop, “NFC Base Camp: The Fundamentals of NFC Mobile Technology and Business Applications,” was held at the NFC Solutions Summit on May 14, 2013, in Burlingame, CA. Speakers included: JeanLuc Azou (HID Global); Lanny Byers (Consult Hyperion); Mukesh Chandek (Gemalto); David deKozan (Cubic); Chris Edwards (Intercede); Jeff Fonseca (NXP Semiconductors); Howard Hall (Consult Hyperion); Reid Holmes (INSIDE Secure); Roger Hornstra (Identive); Tony Sabetti (Isis); Bart van Hoek (UL); Tom Zalewski (CorFire); Rob Zivney (Identification Technology Partners).
Payments • The Payments Council is starting two new projects: a white paper on EMV and card-not-present fraud and a white paper on the U.S. payments landscape. • The Council held an in-person meeting at the 2013 NFC Solutions Summit on May 15th, discussing status of Council projects.
Transportation • The Transportation Council completed an election for the parking vice chair; Steven Grant (LTK Engineering Services) has been elected. In addition, Eric Schindewolf (Visa) has joined the Council Steering Committee. • The Council is starting a new white paper project on the EMV impact on transit.
Other Council Information • Members-only council web pages are available at http:// www.smartcardalliance.org/councils. These are passwordprotected pages that contain council working and background documents and contact lists. Each Council area has a separate password since Councils may have different membership policies. If you are a Smart Card Alliance member and would like access to a council site, please contact Cathy Medich. • A Council meeting calendar is available on the members-only web site at http://www.smartcardalliance.org/pages/memberscouncil-resources. • If you are interested in forming or participating in an Alliance council, contact Cathy Medich.
Alliance Members: Participation in all current councils is open to any Smart Card Alliance member who wishes to contribute to the council projects. If you are interested in participating in any of the active councils, please contact Cathy Medich.
Smart Card Talk
11