randy vanderhoof, executive director smart card alliance
TRANSCRIPT
Technologies for Secure Electronic Transactions
Randy Vanderhoof, Executive Director Smart Card Alliance
ICMA Card & Personalization ExpoApril 2014
Deployed Around the Globe and in the U.S.•Payment applications: contact and contactless credit and debit cards; transit payment cards
•Telecommunications applications: mobile phone subscriber identity modules; pay telephone payment cards
•Identity applications: employee ID badges for physical access to buildings and secure computer and network access; citizen ID documents; electronic passports; driver’s licenses; online authentication devices
•Healthcare applications: citizen health ID cards; health provider ID cards; portable medical records cards
Secure Electronic Transaction Changes Are Happening
3
EMV4
EMV Chip and ?????
EMVChip
Set-up
CardInterface
Contactless/mobile
CardAuthentication
SDA/DDA
CardholderVerification
PIN or Sig TransactionAuthorization
Online/ offline
5
Signs of Progress:
Estimates based on 2013 results:• 17 million to 20 million chip cards (< 2% of ~1.0 billion cards)• 2 million EMV-capable terminals (~ 20% of ~12 million POS)
• 2103 and Projections for 2014 to 2016
PO
S
6
Next Steps for U.S. Migration
• Keep talking – real movement happens when the right people are in the same room
• Avoid distractions from things that are NOT consistant with EMV requirements for the US market
• Document progress, revisit problem areas, communicate all potential options
• Ask questions …there may be many answers
• If someone shares information that helps you, pass it alone and help the next guy
If you are not engaged in the decisionmaking about EMV, you are already behind
7
Big Issues Remain:
Federal Reserve decision on its appeal of Regulation II Debit card interchange fees and routing rules
Consensus on multiple single common AIDs per card Resolution of debit routing without adding cost, complexity, and
sacrificing choiceo US Common AID and what it means for issuers/ merchantso Aligning testing & certification processes to allow acquirers
time to EMV enable merchantso Phase One implementation planning – Orlando, FLo Education – “who educates whom “ definitiono Timelines – will it all happen by October 2015?
8
NFC9
What Does Mobile Payment and Mobile Wallet Mean To You?
Mobile Wallet - Functionality on a mobile device that can securely interact with digital valuables –Mobey Forum 2013
Paving the way for Mobile Wallets
Payment is Only Part of a Mobile Wallet
Examples of Alternative Approaches of Mobile Wallets
Mobile Schemes Mobile Wallet Characteristics
Isis Full NFC, proximity payment, card image in phone
Google Hybrid NFC, proximity with cloud storage of card
PayPal Non-NFC, funding source in Cloud, with companion card, in-store “check-in” to mobile POS systems
Level up, MCX QR code, cloud-based funding source, ACH or card
Starbucks QR code, closed loop stored value with funding card
Square Location-based, facial linked to cloud,
IPhone Cloud, iOS device-centric, linked to iTunes account
Others 280 + combinations
NFC and Mobile Payments
Card Emulation Mode
NFC Conclusions
Mobile payments and mobile wallets have a long time to go until they reach ubiquity
Mobile payments creating new (lower cost) payments choices for retailers – not a replacement
NFC and Cloud payments equally complex and difficult to scale – sustainability??
Security remains a factor for consumers Large, well known brands have an advantage
over lesser known solutions The mobile payments landscape could be
radically different in 5 years
HealthID16
Medical ID Card
Emergency Care
Physician ID & Credentials
Eye Care
Express Registration
Insurance e-Claims Processing
Dental Care Immunizations Record
Prescription Processing
Secure Medical Record Access
Capabilities of Smart Card basedElectronic Healthcare Identity Credential
Medicare Common Access Card Act of 2013 (H.R 3024)
•Calls for an upgraded Medicare card, based on a secure smart card, to verify who is eligible to give and receive benefits as a pre-condition to the claim ever being presented to the Centers for Medicare and Medicaid Services (CMS) for payment.
•It shall protect the personal information of every beneficiary and puts in place a front-end prevention system to only allow authorized providers and suppliers to bill for Medicare services.
Upgraded Medicare Cards
For beneficiaries, the new smart card would securely store the Medicare claim number (identifier) (which today is the Social Security number) on a secure micro-controller.
Does not call for use of biometrics for beneficiary authentication.
Not recommending biometrics for Medicare or Medicaid beneficiaries at this time due to the significant challenges and costs of enrollment.
CMS has estimated the cost to remove the SSN from the beneficiary card to be $317M
Provider and Supplier Medicare Cards
• Providers and suppliers will also receive a new smart card, securely storing their National Provider Identity number (NPI), so that only they can use it.
• Biometric authentication is recommended for providers and suppliers in the Medicare CAC system. This would extend to billing agents within a doctor’s office or hospital.
• By requiring identity verification of providers and beneficiaries before a claim can be filed and payment processed, Medicare would easily eliminate more than fifty percent of the fraud within the current system.
Gov’t ID
21
Multiple Government-Issued IDs
22
Government Identity Card Trends
• Federal PIV mandates under HSPD-12 and OMB M-11-11 are still strongly supported
• PIV cards PIV-I cards CIV cards• Federal worker identity part of immigration reform• Mobile credentials being driven by BYOD, not to
replace cards• Strong chance for Medicare CAC pilots to be funded
this year• State CIO’s are following Federal ICAM guidelines
with requirements for high assurance credentials• States need for electronic authentication increasing re-examining government assistance programs to
cut costs and combat fraud under austerity guidelines - more cloud-based services
Driver’s licenses, govt-assisted health benefits cards, big data servers
23
Randy VanderhoofExecutive DirectorSmart Card [email protected]
1-609-587-4208
www.smartcardalliance.org