Smart Card Talk November 2013
•
a Smart Card Alliance ePublication
Dear Members and Friends of the Alliance, The 2013 Identity Fraud Report released in February 2013 by Javelin Strategy & Research reported that in 2012, identity fraud incidents increased by more than one million victims, with fraudsters stealing more than $21 billion. The topic of my executive director letter this month covers identity theft, and how user authentication addresses the problem. Among the many benefits of smart card technology is its ability to reduce the instances and frequency of identity theft by establishing digital trust. Such trust is established when the user’s device enabling the transaction can be linked with the known identity of the user owning the device. Have a great Thanksgiving, and I hope to see you at the 2013 Member Meeting in December in Miami.
• Volume 18 : Issue 11
In This Issue: ② Executive Director Letter >> ③ Latin America Letter >> ④ Member Profile >> ⑥ Feature Article >> ⑨ Council Reports >>
On the Web: Alliance in the News >>
Sincerely,
Members in the News >>
Randy Vanderhoof Executive Director, Smart Card Alliance Click Here to Read Letter ...
Event Calendar
Smart Card Alliance Member Meeting Dec. 8-10, 2013 Biltmore Hotel, Coral Gables, FL Feature Article: Physical Access Control System Primer This month’s article features a primer developed by the Smart Card Alliance Access Control Council in collaboration with the Security Industry Association. The primer provides an overview of the functions and topologies of typical physical access control systems. Click to Read More …
Member Profile: Leidos (formerly part of SAIC) This month Smart Card Talk spoke with Chris Williams, who has been with Leidos (formerly part of SAIC) for the past 10 years, focusing on cybersecurity, identity management, smart cards, and policy compliance issues.
Click to Read More …
2014 Payments Summit February 5-7, 2014 Grand America Hotel, Salt Lake City, UT All Upcoming Smart Card Alliance Conference Events
executive director’s corner
A Matter of Trust Dear Members and Friends of the Alliance, Nearly every day I read a story or hear a news report that talks about someone being victimized by identity theft. The identity theft incidents most common today are not the kind where someone has taken over another person’s identity, but rather ones in which the attacker has stolen some personal or private piece of digital information, like a log in or someone’s credit card information. The identity thief then uses that information to commit fraud or to create mayhem against the innocent victim just for sport. Since most digital transactions today happen without any face-toface contact, such as when someone (the digital user) pays their bills online or books a trip to Hawaii, there is a virtual wall separating the user initiating the transaction and the bank or travel services provider (the relying party) offering the service. The service provider needs a method to see through this virtual wall and authenticate the user on the other side. User authentication is the means of identifying who the user really is and being able to determine that the user has established any trust with the provider. The biggest challenge I see for this generation of tech-savvy consumers who have become addicted to being online and mobile, and may have never spoken to a real person in a bank, is trust. They are going to just assume that everyone they transact with electronically can be trusted and that everyone should trust them automatically. This generation is not even going to look at the web address they just logged into. A quick snap of a picture of a QR code automatically delivers the web site to their tiny screens and after two or three taps on the screen, they just bought two concert tickets worth $200 – or at least they think they did. And that is where smart card technology can help. What raises the trust level of these types of fast, seemingly anonymous exchanges of value is that the device that is being used – a smartphone or tablet – needs to be trusted by the service provider, and the person controlling the device, the young consumer, needs to be authenticated to the trusted device. In the NFC mobile payment world, we refer to the technology that adds trust to the device as the “secure element.” The secure element can be a removable chip in the form of a SIM card (called a UICC) or a microSD card, or the secure chip can be embedded inside the phone. Inside the secure element, we can store those valuable secrets like credit card numbers and identity credentials that are protected and encrypted. Also, when the
2
Smart Card Talk
NFC-enabled phone is used to make a purchase in a retail store or used for an online purchase, the service provider can use data from the phone and secrets sent from the secure element to know that this device and these payment credentials are legitimate. This addresses part of the virtual wall divide, but how do we know the person who owns the phone is the person making this transaction? That requires another evolution in mobile technology, which Apple just introduced in the new iPhone 5S, called the Touch ID biometric reader. Biometrics have been used for more than 20 years, along with smart cards, as a second factor of authentication – something you have plus something you are. By storing a digital template of a fingerprint and using a biometric reader to compare a live match to that template, there is a heightened level of trust that the person who owns the device is the person making the transaction. This is much more secure than a PIN, which can be stolen or guessed, or even worse, turned off. Today, the Touch ID feature is only being used to unlock the iPhone and it is not enabled for applications to access the feature to authenticate to any apps, but that is only a generation or two away, which in the mobile world is several months to a year. And how long will it take the manufacturers of Android devices to leapfrog over the iPhone with dozens of competing models that don’t have the restraints common with Apple’s walled garden corporate culture? Thankfully the mobile industry is now understanding the reality —that as mobile devices get more powerful and consumers want to use them for more complex and inherently risky transactions, the smart card technology designed for use in mobile devices coupled with biometrics can strengthen the trust relationship between the user and the relying parties. As the U.S. payments industry labors through the difficult transition to EMV chip cards to make card payments more secure, the mobile industry could raise the security bar even higher with a combination of NFC-enabled devices using seÂcure elements and biometrics to create a new gold standard to seÂcuring digital transactions. It can’t happen soon enough because this generation of consumers entering the young professional stage is going to expect instant trust and our generation is going to have to find a way to authenticate consumers before the bad guys get in the middle.
Sincerely,
Randy Vanderhoof Executive Director, Smart Card Alliance rvanderhoof@smartcardalliance.org
Dear Members and Friends of the Smart Card Alliance Latino America – SCALA:
objective to help these government agencies provide aggregate value to their citizens, become more efficient, and deliver essential services to the overall population through smart cards.
In preparation for our planned activities in 2014, I recently traveled to Mexico to align our organizational strategy with our membership and with the needs of the Mexican market. Our mission for this trip was to unite all of our members with the fundamentals of creating a unified industry voice to promote smart card technology.
SCALA also held a meeting with a representative of the Mexican Banking Association. At this meeting SCALA analyzed the need for impartial information for the financial sector and developed a strategy. In terms of smart cards, Mexico is a mature market. The market has migrated to EMV using SDA and is moving to DDA. There are several opportunities for collaboration with members and the Banking Association of Mexico to present the industry perspective on convergence: open payments, mobile payments, and multi-application cards.
On this trip we were accompanied by Luis de la Cruz from Ultra Electronics – Magicard, the ID and Government Council Chair. In an effort to launch the Secure Identity Task Force for Mexico, SCALA held a meeting with interested members in Mexico. The key organizations present were: Giesecke y Devrient, HID Global, Oberthur Technologies, Safran Morpho, ST Microelectronics. Other supporters included ICards Solutions, Smartrac Technology Group, and Tecnica Commercial Vilsa. The Secure Identity Task Force for Mexico is creating a platform for member organizations to unite together for a common cause under the umbrella of SCALA, aligning in essentials such as industry best practices, case studies promoting smart card use, white paper development, and overall industry messaging. It also provides the opportunity for members within our task force to present their individual solutions and create their overall corporate strategy after SCALA has done its job of transferring the impartial, non-partisan knowledge and resources to the interested government agencies. At the meeting held on Monday, November 4th, the Secure Identity Task Force for Mexico selected the Alliance white paper “The Commercial Identity Verification (CIV) Credential,” to be adapted and translated for the Latin American markets for government agencies in need of impartial information on secure government credentials. The task force will hold a follow-up meeting on Monday, December 9th, 2013 during the Alliance Member Meeting in Coral Gables, FL. We also took advantage of the trip to meet with government agencies interested in using smart card technology. One of these agencies was the “Secretaria de Gobernacion,” a federal government agency involved in the issuance credentials to Mexican citizens. As a non-partisan, impartial industry voice, SCALA was able exchange information with the agency and found many opportunities for collaboration and support of their initiatives. It is SCALA’s
Finally, I would like to take this opportunity to mention that SCALA will be holding a conference event from June 3rd to 5th, 2014 called “The Mexico Summit.” The event will focus on identity and payments and hopefully will bring together the key decision makers from federal government agencies, and financial institutions in Mexico. The recent trip to Mexico provided us with the opportunity to evaluate many partnership opportunities with key organizations in the development of and the objectives for this new event. In May of this year, we had partnered with the U.S. Commercial Services to conduct the Government Information Exchange. We hope that in the creation of the Mexico Summit we are able to expand our partnerships, develop an interesting agenda, and spread the unity among members and vertical markets influenced by our technology. The success of this trip could not have been accomplished without the support of our member organizations, who in many instances helped coordinate the meetings and identify the right points of contact. For anyone interested in more information about SCALA, our activities and how to get involved, feel free contact me.
Sincerely,
Edgar Betts Associate Director, Smart Card Alliance Latin America (SCALA) ebetts@smartcardalliance.org www.sca-la.org
Smart Card Talk
3
latin america corner
Uniting and Aligning
member profile
1. Please describe your company’s business profile and its offerings
This month Smart Card Talk spoke with Chris Williams, who has been with Leidos (formerly part of SAIC), for the past 10 years, focusing on cybersecurity, identity management, smart cards, and policy compliance issues. At Leidos, Chris’s key responsibilities include integrated cybersecurity solutions, including identity management, public key infrastructure and smart card technologies, both Chris Williams internally and also for the company’s customers. Chris has been involved in the IT security field since 1994 in a combination of U.S. military and civilian positions, working with the U.S. Army, Defense Information Systems Agency, Department of State, and Defense Intelligence Agency, using public key infrastructure, smart cards, and identity management technologies. Chris holds a bachelor’s degree in computer science engineering from Princeton University and a master’s degree in information assurance from George Washington University.
4
Smart Card Talk
Effective September 28, 2013, SAIC separated into two new, publicly traded companies. Leidos is a new technology solutions company focused on national security, health, and engineering markets for both public service and commercial customers, with annual revenue of approximately $6 billion. SAIC will remain one of the largest, pure-play government services companies in the market, leveraging its deep mission knowledge to provide technical and enterprise IT services to government customers, with annual revenue of approximately $4 billion.
2. What role does smart card technology play in your business?
Smart card technology is critical to enterprise cybersecurity and is used by employees to secure access to corporate networks and resources across the enterprise. In addition, Leidos leverages smart card technology – including the government’s Common Access Card (CAC) and Personal Identity Verification (PIV) badge technologies – to provide our customers with integrated solutions that include state-of-the-art cybersecurity.
3. What trends do you see developing in your market?
We see a great deal of growth and investment in cybersecurity across all sectors as the threats that we all read about every day continue to materialize and evolve. On the Internet, we see the concept of secure identity continuing to increase in importance – whether that identity is used for the enterprise, for commerce or for communication. We see great challenges for industry and government as we struggle to move past password authentication and static credit card numbers to an identification and authentication method that is truly secure enough to operate on the modern Internet. We see great challenges as organizations struggle to stay secure using rapidly changing technologies against rapidly emerging threats from hackers, cyber-activists, organized crime, and nation-state espionage.
4. What things must you overcome to leverage those trends? There are a number of challenges in the cybersecurity space right now. One is that everyone is struggling to figure out “what security is good enough” and “what’s the right combination of capabilities and technologies” to be successful against modern threats? There is a paradigm shift taking place. In the past, security was largely built around network perimeters, firewalls, and signature-based anti-virus that were enough to stop general threats and unfocused attacks. In the next decade, new techniques and technologies will have to be developed to counter targeted attacks where, eventually, skilled attackers can methodically defeat almost every protection mechanism. Defenses must be layered and must not only be focused on identifying and stopping attacks after they have started – but also before they are successful. To make this more difficult, these defenses must be tailored to the world of cloud computing and bring-your-own-device (BYOD), where the servers, the networks, and the endpoints are not even under your control.
5. What do you think are the key factors driving smart card technology in the government or commercial markets in the U.S.?
In a world of cloud computing and BYOD, you could argue that the only thing you have to tie it all together is a secure online identity, and this identity becomes the key to everything, whether it is commerce, the enterprise, or protecting information and communications. We are excited by how smart card technology can be used to solve some of these challenges and by the synergy that exists when compatible technologies are used on ID cards, on credit cards, and in mobile devices. What happens when your smart phone – which we all carry with us every day – is not only your communications hub, but also your e-wallet and your online identity as well? It is staggering to think about how this is going to revolutionize our world and how we live every day.
6. What type of measurable impact has the Smart Card Alliance and/or its Councils made in your company’s business? For a large enterprise like Leidos, secure identity and strong authentication are large programs that span multiple years and have profound impact on the enterprise and its employees. Decisions for these programs have millions of dollars at stake and have strategic impact on the organization’s business and its customers. The Smart Card Alliance and its councils provide us with a forum for meeting with the leaders in this space to understand what they are doing, where they are going, and what is and isn’t working for them. The value from these lessons is priceless, and it allows us to stay abreast of this rapidly changing market space and take full advantage of its capabilities and potential.
7. In September, Leidos split off from SAIC. How does this impact your Smart Card programs?
This company separation has actually turned into a huge opportunity for us. With the split, Leidos needed new smart card technology in order to provide the new enterprise the same capabilities that SAIC has had for many years as well as some new ones. We are deploying new enterprise smart card systems and seamlessly migrating from our legacy platforms to a modern one based on PIV-compatible technologies.
Member Point of Contact: Chris Williams Leidos Enterprise Identity and Security Chris.k.williams@leidos.com
Smart Card Talk
5
feature article Physical Access Control System Primer What is a PACS?
What are the typical PACS functions?
The acronym stands for physical access control system, with the last word being the most relevant. Typically the term refers to an electronic system using an issued credential (most often a card) that the user presents to a reader to gain access to a secure area. The PACS can be a single, standalone, all-in-one device, or it can include many doors, many buildings, many campuses, many cities or many countries. A number of viable system topologies (e.g., physical and/or network components) are used to build an effective and efficient PACS. It is the functionality that determines the PACS, not the topology.
A primary PACS function is to enable authorized personnel to quickly pass through portals (e.g., doors, turnstiles, gates) quickly – so throughput needs must be considered as well as security. As is often the case with security systems, the user experience needs to be given strong consideration or the security goals will be compromised (e.g., doors propped open and alarms disabled or, as in logical access, simple passwords or notes as reminders.) The PACS must also be resilient so that it continues to function even if there is a loss of a network connectivity or communications.
What is the purpose of a PACS? A PACS manages controlled ingress or egress through secure boundaries, while monitoring those actions and deviations from an approved process. A PACS also needs to recognize or identify events and determine if they are normal or abnormal and react accordingly. The secure boundaries are usually established by a combination of physical barriers and electronic sensors monitored by the PACS and an integrated intrusion detection subsystem, or by the PACS if designed to perform intrusion detection functions. It is often critical that the intrusion detection system (IDS) be tightly integrated with the PACS. A PACS is also typically integrated with video surveillance and fire alarm systems to improve its effectiveness as a security countermeasure and to provide life safety functions. Again, “system” is the operative word.
6 6 Smart Smart Card Card Talk Talk
One way that a typical PACS achieves high levels of performance, security, and resilience is to distribute access control functionality. To do this, the PACS distributes an access control list and access control rules to a remote controller that typically is located close to the portal(s) it is controlling. The controller actually contains a “master copy” of the most current logic for letting individuals through the relevant doors and is a critical component that needs to be secured against logical and physical attacks. The controller is typically located in a more secure location than the reader. The typical functions of a controller include: • Authentication (of credentials and the related identifiers) • Authorization (e.g., rule(s) and privilege management) • Alarm monitoring and control • Alarm and event buffering/storage (for offline operation) • Input/output control and device interfaces (e.g., relays that are used to control locks or strikes; other devices such as
sensors, strobes, gate arms, or elevators) • Reader-to-controller and controller-to-server communications • Co-location with main AC/DC power source and back-up power management • Integration with life safety systems (e.g., fire systems, as permitted by life safety and building code requirements) Authentication is the process of identifying the cardholder’s credential (something you have) and determining its validity. It may do this through a challenge to the credential which requires a proper response. Authentication includes checks to see if the proper person is in possession of the credential (i.e., something you know – for example, a personal identification number (PIN), or something you are – for example, a biometric). Once a valid authentication takes place the authorization process determines if the credential and credential holder are allowed access while sustaining high throughput for those individuals (and credentials) that are authorized. A PACS will typically test first to determine if the cardholder is authorized to enter a specific portal before initiating any authentication process. This saves unnecessary overhead associated with performing the authentication process and contributes to high system throughput. Both authentication and authorization processes must take place before granting access, but not necessarily in a specific order. Authorization can be based on a predetermined set of parameters.
What is the purpose of the PACS host/server? The PACS host/server (sometimes referred to as a head-end) has several roles, but it generally does not participate in the real-time access control decision since that is typically the responsibility of the controller. Distributed access control addresses the resilience and performance requirements that the end user organization demands. The basic functions of the host/server are: • Providing the user interface for the PACS • Commissioning and maintaining the access control database, including user information about cardholders and operators • Enrolling and registering credentials • Monitoring alarms and events • Collecting logs of alarms and other events • Reporting (e.g., event logs, operator activity, system configuration) • Managing manual override of door controls and monitoring where applicable • Managing and synchronizing time and firmware updates/ upgrades • Maintaining the PACS network configuration • Providing back-up of configurations, databases, and event logs • Interfacing to other enterprise services and applications An enterprise host/server is typically not directly involved in the access control decision, although it may regularly download new parameters to the controller in order to maintain current param-
Smart Card Talk
7
eters across the system. An example would be the updating of the access control list (ACL, the list of authorized credential holders and authorization parameters) for the controller.
What is the purpose of the door position monitor? The door or (access control point) is either controlled and monitored by the PACS, or controlled by the PACS and monitored by a separate IDS. An IDS is often referred to as an “alarm system.” A typical access control point consists of a reader, a locking device and a door position monitor, which is often a magnetic switch. The door position monitor has several functions: one is to generate an alarm message that is sent to the proper location for annunciation, logging and possible security personnel response if the door is opened without an access grant decision. This is referred to as a “door forced open” alarm. The second is to monitor the length of time the door is actually open when someone is entering the secure area when access is granted. Should the door be open longer than a predetermined amount of time, a “door open too long” alarm is generated and sent for possible response by security personnel. Third, the door position monitor causes the door lock to reengage and lock the door when the door is either opened (“opening event”) or just closed (“closing event”) depending on the specific door hardware and locking mechanism. This effectively prevents the door from being opened more than once for each access grant transaction. In deployments where there is continuous (24/7/365) operation and local security staff are monitoring the PACS, the PACS often handles the alarm functions and may be integrated to activate video cameras for assessment and security personnel response. In deployments where the alarms are monitored offsite, the PACS is frequently integrated with a separate IDS to provide a similar level of security. Video surveillance may also be integrated with these deployments. Today, most PACS have native support for additional inputs that are used to monitor exterior perimeter sensors as well as interior sensors such as volumetric sensors (i.e., passive infrared, microwave and ultrasonic).
What is a typical topology for a PACS? There is not just one typical topology for a PACS. The reader, controller and server functionality can exist in a variety of devices and 8
Smart Card Talk
system designs. Designs have evolved with a variety of wiring and network configurations. Configurations depend on various factors, such as the number of doors in a building, the number of individuals assigned to access the main entrance, and the length of the wiring path to the readers. (Wiegand and Ethernet communications can run approximately 300 - 330 ft. or 100 meters; RS-485 supports up to 4000 ft.) Some controllers are two-tiered and separate the input/output (I/O) functions into a separate component from the access control logic. Controllers may support different quantities of doors; support for one to 16 doors is common. There is no one ideal configuration. Every PACS is generally sitespecific with cost, throughput, security and reliability as key considerations. Flexibility is a key consideration. Controllers can accommodate multiple readers, credentials, and credential formats that use different electrical and data protocols. These can vary widely. The ability to support the different features and functionality can be achieved through software or physical switch settings, or by adding signal conditioning hardware to the components to convert the reader electrical and data protocols to the required communications for a specific controller or manufacturer.
About this Article The Smart Card Alliance Access Control Council, in collaboration with the Security Industry Association (SIA), developed this primer to provide a high-level overview of physical access control systems (PACS) as input to the Federal government implementation of PACS with Personal Identity Verification (PIV) credentials.
About the Access Control Council The Smart Card Alliance Access Control Council is focused on accelerating the widespread acceptance, use, and application of smart card technology for physical and logical access control. The group brings together, in an open forum, leading users and technologists from both the public and private sectors and works on activities that are important to the access control community and that will help expand smart card technology adoption in this important market.
Access Control Council • The Access Control Council submitted a letter to the GSA Evaluation Technical Working Group (EPTWG) making recommendations on the FICAM testing program for physical access control systems. • The Council launched a member survey to get input on projects for 2014.
Health and Human Services Council • The Health and Human Services Council completed agenda development for the pre-conference symposium that was accepted for the HIMSS 2014 Conference. • The Council will be holding a session at the Smart Card Alliance Member Meeting, on December 9th, to plan activities for 2014.
Identity Council • The Identity Council launched a member survey to get input on projects for 2014.
Mobile and NFC Council • The Mobile & NFC Council is working on a white paper that evaluates different approaches for securing credentials on mobile devices. • The Council launched a member survey to get input on projects for 2014.
Payments Council • The Payments Council will be publishing a new white paper on the changing U.S. payments landscape for purchases at physical stores in November. The white paper will review new innovations in payment trends and devices and offer perspectives on how these trends are changing the way consumers pay and merchants accept card-present transactions.
Transportation Council • The Transportation Council is working on three new projects: an analysis of EMV impact on transit; a cross-industry discussion of key challenges in accepting open payments in transit; a guide for open payments acceptance for small transit agencies.
Other Council Information • The Access Control Council, Health and Human Services Council, and Identity Council held in-person meetings at the Smart Card Alliance Government Conference, October 15-16, 2013, at the Walter E. Washington Convention Center in Washington, DC. • Members from the Access Control Council, Health and Human Services Council, and Identity Council presented in the pre-conference workshop, Federated Identity, Strong Authentication, NSTIC and the Identity Ecosystem, on October 14, at the Smart Card Alliance Government Conference. • All Councils have defined agendas for plenary and breakout sessions for the Smart Card Alliance Member Meeting, December 8-10, at the Biltmore Hotel in Coral Gables, FL. Councils are hosting break-out sessions on industry topics that are a priority for the councils. • Members-only council web pages are available at http:// www.smartcardalliance.org/councils. These are passwordprotected pages that contain council working and background documents and contact lists. Each Council area has a separate password since Councils may have different membership policies. If you are a Smart Card Alliance member and would like access to a council site, please contact Cathy Medich. If you are interested in forming or participating in an Alliance council, contact Cathy Medich.
Alliance Members: Participation in all current councils is open to any Smart Card Alliance member who wishes to contribute to the council projects. If you are interested in participating in any of the active councils, please contact Cathy Medich.
Smart Card Talk
9
council reports
Updates from the Alliance Industry Councils
from the alliance office
Welcome New Members
• EFT Source, General member • Gallagher Group Limited, General member • Cubic Transportation Systems, Latin America General membership • SETIS Automacaoe Sistemas Ltda, Latin America General membership
New Program Recognizes Alliance Members
New CSCIP Recipients
• Vicky Redman, Gemalto • Anshuman Sinha, Tyco Integrated Systems • David O’Toole, WMATA
Member Recognition Program
New CSCIP/G Recipients
• Nathan Palenski, Xtec, Incorporated • Ramoncito Reyes • Nigel Stewart, Secure Mission Solutions
Membership Survey Winner!
Congratulations to Fred Czaky of FIS, who was randomly selected as the winner of our drawing from the 108 Smart Card Alliance Membership Survey participants. Fred received an Amazon Kindle Fire HD Tablet and $25 gift card. Thank you to all Alliance members for providing your comments on the survey. For more news, visit our website at www.smartcardalliance.org. Members can also access white papers, educational resources and other content.
No Newsletter in December
We will not publish a December newsletter; look for the 2013 E-Yearbook for a complete wrap-up of all our activities and events.
The Smart Card Alliance recently announced a new member recognition program called the Smart Card Alliance Center of Excellence. This program recognizes member companies who reach the highest level of active participation in the Smart Card Alliance. Please congratulate the following 23 companies on achieving this elite level of distinction; read more about the program and criteria by visiting our website. • • • • • • • • • • • •
ABnote Group American Express CPI Card Group Capgemini USA Inc. Cubic Transportation Systems Datacard Group Deloitte & Touche LLP Discover Financial Services First Data Gemalto Giesecke & Devrient HID Global
• • • • • • • • • • •
HP Enterprise Services LTK Engineering Services MasterCard NXP Semiconductors Oberthur Technologies SEPTA Ultra Electronics Card Systems Xerox XTec, Incorporated VeriFone Visa
About Smart Card Talk Smart Card Talk is the monthly e-newsletter published by the Smart Card Alliance to report on industry news, information and events and to provide highlights of Alliance activities and membership. 191 Clarksville Road Princeton Junction, New Jersey 08550 1.800.556.6828 Fax: 1.609.799.7032 info@smartcardalliance.org www.smartcardalliance.org 10
Smart Card Talk
About the Smart Card Alliance The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology.