Stakeholders Driving Payment Evolution and Digital Identity

March 2009 ACTion Newsletter

IN THIS ISSUE

1. Editorial Comment
2. Help Wanted - EMV Expertise
3. Consultation On Proposed Changes To CPA Rule E1
4. Mobile POS Payments Moving Up - Member Only Access
5. Quebec Launches Enhanced License
6. Saskatchewan Cancels RFID Licences; Ontario Looks For Off-Switch
7. BMW Explores The New 'Key' To Payments - Member Only Access
8. Canadian Tire To Introduce Prepaid MasterCard
9 .McDonald's Beefs Up Smart Cards - Member Only Access
10. Belgium Reinforces Children Protection With Gemalto Solution
11. Collis Releases Card Testing Tool
12. Biometrics Growing As Future Of Patient Care - Member Only Access
13. Visa Says RBS Worldpay & Heartland Not PCI Compliant
14. Britain's Biometric Id Cards Postponed
15. Maritz Unveils New Pos Rewards Platform - Member Only Access
16. Oberthur Began Delivery Of Its Chrysalis Fly Dual Interface Payment Card To S2P
17. Gemalto Combines EMV, Contactless & Digital Signature For Banco Santander University Program

ACT Canada Partners

 Visa

Visa operates the world's largest retail electronic payments network and is one of the most recognized global financial services brands. Visa facilitates global commerce through the transfer of value and information among financial institutions, merchants, consumers, businesses and government entities.

Collis

Collis is a leading provider of EMV, e-ID, and e-Passport test tools, consulting, and training in Canada. Contact us for EMV training and test tools for every step of the EMV Transaction life-cycle - Cards, Terminals, Acquiring host and Authorization host. Collis America at 1-651-925-5410.

ACT CANADA THANKS OUR NEW & RENEWING MEMBERS

PRINCIPAL

Chase Card Services ~ new member
Citi Cards Canada ~ member since 2006

GENERAL

FIME ~ member since 2006
SecureKey Technologies ~ new member

GOVERNMENT

Metrolinx ~ new member

CALENDAR OF EVENTS

2009 CTST/Smart Card Alliance Annual Conference & Expo
May 4-7, 2009
Ernest N. Morial Convention Center
New Orleans, LA, USA
http://www.ctst.com
ACT Canada members receive discounts - please contact andrea(AT)actcda.com for details

CAMA: Canadian Automatic Merchandising Association annual conference
Catherine Johnston to present, "The Evolving Canadian Payment Landscape: Your Role as a Stakeholder"
May 8-9, 2009
Hamilton Convention Centre
Hamilton, ON, Canada
http://www.vending-cama.com

Cardware 09: Payment Insights
Financial & Retail Sectors Conference
June 17-18, 2009
White Oaks Conference Centre
Niagara-on-the-Lake, ON, Canada
Visit www.actcda.com for more details

Cardware 09 Secure ID Insights
Government Sector Event
September 16, 2009
Hellenic Centre
Ottawa, ON, Canada
Visit www.actcda.com for more details

1. EDITORIAL COMMENT
Source: Catherine Johnston, President & CEO, ACT Canada (03/30)

Strength through association.

Have you ever had an idea that changed and got better after you discussed it with someone else? There is such strength in collaboration.

In the past two months we have held two roundtable meetings, bringing stakeholders together to discuss issues relevant to the Canadian market. I am encouraged by the depth of interest participants bring to each discussion, their generosity of input and their enthusiasm for the process.

At a time when we are all overextended and trying to do more with fewer resources, these meetings provide real value.

We see the same strength in our Strategic Leadership teams who focus on specific issues. The Merchant team is now moving into their second stage. After a year of collecting information, they are ready to work on EMV best practices and a presentation to be given at Cardware 09: Payment Insights (June). The PIN Management Strategic Leadership team has completed a survey and continues to identify best practices. The new Mobile team already has 24 members from a number of stakeholder groups.

Looking ahead, ACT Canada is committed to supporting the success of our members. We have a holistic view of the market, a global network of resources and a unique knowledge of the past twenty years of the Canadian market.

If you have questions that start with:
How do I, Why would I, What do you think of, Who should I, When should I, Could you help us with, What is happening in / at / with, Where would I or What if - and they are chip related applications, technologies or markets , call us.

ACT Canada can help. After all, we answer those questions for our members every day and have for 20 years.

2. HELP WANTED- EMV EXPERTISE

Can EMV stakeholders meet their goals and deadlines? Catherine Johnston, President & CEO of ACT Canada, says we are running into a shortage of qualified resources. "Every week, we get phone calls from members who are looking for people to hire. As far back as 2002, we forecast that this would be a problem for Canadian companies and it could get worse as the US starts to talk about an eventual conversion to EMV."
For the association, it presents a challenge, because members want to recruit, but not lose personnel. For that reason, ACT Canada passes on information to members about available people, but does not offer this support to non-members. Johnston says, "Right now we are aware of several openings and are keeping our ears open for those members, but there aren't many people who are actively looking for positions."

3. CONSULTATION ON PROPOSED CHANGES TO CPA RULE E1
Source: CPA (03/04)

The Canadian Payments Association is considering amendments to CPA Rule E1, Exchange of Shared Electronic Point-of-Service Payment Items for the Purpose of Clearing and Settlement in order to:

  • implement requirements of the CPA's Guidelines for Pre-Funded Debit Products Permissible under the CPA's Payable-Through Policy that are not currently contained in the Rule;
  • state more clearly the roles and responsibilities of parties to POS payment items; and
  • where applicable, be consistent with new terms/wording/approaches outlined in the new CPA draft Rule E4, Exchange of PIN-less Point-of-Service Debit Payment Items for the Purpose of Clearing and Settlement ("Rule E4").

Recognizing that these amendments may have implications for both CPA members and non-members, the CPA is conducting a sixty-day consultation on the proposed changes.

Comments or questions on the proposed amendments should be submitted in writing to the CPA by May 4, 2009, to: consultation@cdnpay.ca. For more information, visit http://www.cdnpay.ca/news/consultation_rule_e1.asp

The Canadian Payments Association is a member of ACT Canada; please visit http://www.cdnpay.ca.

4. MOBILE POS PAYMENTS MOVING UP - Members Only Access

Available in the ACT Canada Members Only section of our web site. Click on the link below to access this section.
http://www.actcda.com/members-only/members-only-news/

If you are a member of ACT Canada but do not have your login details please contact me - andrea@actcda.com.

5. QUEBEC LAUNCHES ENHANCED LICENSE
Source: Press Republican, by Dan Heath (03/17)

The Province of Quebec has rolled out its version of the Enhanced Driver License (EDL).

The Quebec EDL will cost an additional $40. It has been deemed acceptable by the U.S. Department of Homeland Security for entry into the United States under the provisions of the Western Hemisphere Travel Initiative, slated to take effect June 1.

The Quebec EDL has both a scannable bar code and an embedded electronic chip. The chip transmits a number that gives border agents access to data about the license holder, but for security reasons, does not contain the personal data itself.

Charest said Quebec is the first province in Canada to create a driver's license that meets WHTI requirements. A pilot program is under way in British Columbia, and the provinces of Ontario, Manitoba and Saskatchewan are working together to develop an EDL program.

6. SASKATCHEWAN CANCELS RFID LICENCES WHILE ONTARIO LOOKS FOR OFF-SWITCH
Source: IT Business (03/26)

While Ontario's Privacy Commissioner is seeking to include an off-switch on the enhanced driver's licence (EDL) being rolled out in June, Saskatchewan has opted to scrap their project completely.

The EDL is being deployed by many provinces as a response to stricter border crossing standards imposed by the U.S. Department of Homeland Security. The Western Hemisphere Travel Initiative starts June 1, any driver entering the U.S. from Canada will need to show either a passport, or an EDL to establish their nationality.

Privacy advocates across Canada have expressed grave concerns over the new licences because they include a GEN2 RFID chip that can be read within a vicinity of about 30 feet. The idea is to let border guards know who is approaching ahead of time. But the card also broadcasts information at other times and anyone with a RFID (radio frequency identification) reader could pick it up.

Saskatchewan announced Monday it is halting its EDL program. A number of factors were cited and privacy was among them. Public interest in making use the card was also an issue.

"Privacy may have afforded the government the opportunity to pause and reconsider the whole project," says Gary Dickson, Saskatchewan's Privacy Commissioner.

Ontario Privacy Commissioner Ann Cavoukian is working on a solution to the problem posed by the card's RFID technology. She wants an off-switch on the licence so people can control when their information is being sent out. Before, it wasn't clear whether a switch was possible on this particular RFID chip, but now a company has come forward saying they're ready to mass produce it.

"The beauty of this technology is that the default is the RFID is off. That's what we loved about it," she says. "We think it's very promising and we're trying to get moving and exploit the interest in it."

It is too late to include an off-switch on the first generation of EDLs in Ontario. Manufacturer Giesecke & Devrient will need to start producing the cards soon to have them ready in time for June. Instead, the cards will come with a sheath that will hamper the signal. The card will be too thick to fit in your wallet slot while in its sheath.

Using an RFID reader, someone could read a unique string of characters broadcast by the card. But they'd need access to the right database to retrieve any personal information with the number. But privacy advocates say the string alone is enough to track an individual's movements.

"Even if someone can't penetrate the database kept by the Canadian Border Service, it still means that every time the card is not in the sleeve, there's a risk that it could be associated with a designated individual," Dickson explains.

But the hope is that the off-switch could eventually be included on the next run of EDLs.

"If you have a solution that works in the field, then the next generation of EDLs could be produced with a switch," Cavoukian says.

Cavoukian plans to meet Secretary of Homeland Security Janet Napolitano in June to discuss the off-switch.

Giesecke & Devrient is a member of ACT Canada; please visit http://www.gi-de.com.

7. BMW EXPLORES THE NEW 'KEY' TO PAYMENTS - Members Only Access

Available in the ACT Canada Members Only section of our web site. Click on the link below to access this section.
http://www.actcda.com/members-only/members-only-news/

If you are a member of ACT Canada but do not have your login details please contact me - andrea@actcda.com.

8. CANADIAN TIRE TO INTRODUCE BRANDED PREPAID MASTERCARD
Source: Marketwire (03/10)

Mint Technology Corp. announced that it is has entered into an agreement with Canadian Tire Financial Services Limited to introduce a new Canadian Tire branded prepaid MasterCard® product.

The prepaid cards will be accepted at any merchant in the world that accepts MasterCard electronically, including the internet and ATM cash withdrawals. They offer the convenience of a traditional credit card without the need for a credit application and of a debit card without the need for a bank account.

"Canadian Tire Financial Services Limited is committed to continuing to provide innovative payment offerings to our customers," said Jim Kozack, vice president, marketing, Canadian Tire Financial Services Limited.

Canadian Tire Financial Services is a member of ACT Canada; please visit http://www.ctfs.com.

9. MCDONALD'S BEEFS UP SMART CARDS - Members Only Access

Available in the ACT Canada Members Only section of our web site. Click on the link below to access this section.
http://www.actcda.com/members-only/members-only-news/

If you are a member of ACT Canada but do not have your login details please contact me - andrea@actcda.com.

10. BELGIUM REINFORCES CHILDREN PROTECTION WITH GEMALTO'S SOLUTION AS PART OF NATIONAL EID PROGRAM
Source: Gemalto (03/25)

Gemalto announced it is rolling out its eID solution as part of the Belgian government program to expand its national eID initiative. The program consists of a dedicated eID card for children aged under 12 with specific features intended to increase their security in emergency situations. In particular, a special hotline number is printed on the card body of the child's ID card so that his parents can be alerted as soon as possible. Gemalto will deliver the microprocessor cards to Zetes, the European Auto-ID solutions provider. Fedict (FPS Information and Communication Technology), the Federal Public Service of Belgium in charge of developing e-Government projects, has just started deploying the Kids-ID program. This roll-out follows a decision from the Belgian government dated December 19, 2008.

The new Kids-ID card features three main functionalities. Firstly, it acts as an electronic national ID credential for Belgian children and also serves as an official travel document in most European countries. It contains all necessary ID information as well as the child's photograph.

The second capability is protecting the child in emergency situations. In case he/she gets lost, or is the victim of an accident, the hotline number printed on the card body enables to notify the next of kin or friend. The caller dials the hotline number and enters the child's 11-digit National Registry number. The call is immediately transferred to the first number on a list of up to seven contact phone numbers that the parents have selected upon card issuance. If this person is not available, the caller is immediately connected to the second number on the list, and so on until somebody is available.

Lastly, the Kids-ID card can be used on the Internet for safer access to online chat and for use of services that require identification. A built-in PIN code enables to automatically authenticate the child and to grant him access to web services he is allowed to use. Other potential uses include accessing library books, sport club membership or healthcare access.

Kids-ID is part of Belgium's nationwide electronic ID program, launched in 2003. In January 2009, the number of e-ID in use exceeds 8 million, representing over 90% of the targeted population (source Fedict). The cards are being produced by the Auto-ID specialist Zetes and integrating Gemalto technologies, such as Sealys MultiApp ID and Sealys Laser-Secured Card. In addition to the usual national ID document functionality, Belgian citizens use their e-ID card to prove their identity on the internet, request official documents, fill in forms and sign documents electronically.

Gemalto is a member of ACT Canada; please visit http://www.gemalto.com.

11. COLLIS RELEASES CARD TESTING TOOL
Source: SecureID News (03/17)

Collis announced the release of the Collis Card Image Editor; a new product designed to support both Issuers and Acquirers with card and terminal testing.

The Collis Card Image Editor is a tool for editing EMV card data. It provides an editing functionality of data from a real EMV Card. It can be used to create and manage profiles and has been designed with issuers and acquirers in mind.

Collis Card Image Editor provides a virtual image of data from the EMV Card that can be saved as a card template for further use in the data preparation system. It can also be saved as a card image for further validation with the Collis Personalization Validation Tool. This is important for issuers and personalization bureaus to reduce the number of iterations required before producing correctly personalized physical cards. In other words, no physical test cards need to be made.

The same card images can be used with the Collis Card Simulator for the testing of payment terminals. This approach can simplify the creation of sets of simulated cards for terminal testing which can be beneficial for acquirers and merchants.

Collis is a member of ACT Canada; please visit http://www.collis.nl.

12. BIOMETRICS GROWING AS FUTURE OF PATIENT CARE - Members Only Access

Available in the ACT Canada Members Only section of our web site. Click on the link below to access this section.
http://www.actcda.com/members-only/members-only-news/

If you are a member of ACT Canada but do not have your login details please contact me - andrea@actcda.com.

13. VISA SAYS RBS WORLDPAY & HEARTLAND NOT PCI COMPLIANT
Source: ITPro (03/16)

Visa has taken the Royal Bank of Scotland Group's RBS Worldpay and US payments processor Heartland Payment Systems off its list of Payment Card Industry Data Security Standard (PCI DSS) compliant service providers.

It means the two companies are no longer considered compliant by the Payment Card Industry Security Standards Council (PCI SSC), created by Visa and other leading card issuers. These are the technical requirements created to help organisations that process card payments prevent credit card fraud, hacking and other security vulnerabilities.

It comes after Heartland Payment Systems fell victim to a massive security breach that potentially exposed customer information involving 100 million transactions. RBS Worldpay was hit by a hack, which the FBI said led to a million dollar ATM scam.

In a statement given to the Tech Herald, Visa said: "Based on compromise event findings, Visa has removed Heartland and RBS Worldpay from its list of PCI DSS compliant service providers."

RBS Worldpay replied in a statement to the Tech Herald that it received its last certification of compliance in June 2008, but that it was required to obtain a new one due to the data breach and was removed from the compliance list until it was complete.

It said: "There have been no material system changes that would have negatively altered this certification and we have in fact enhanced the security of our systems in the interim.

"Because of the criminal intrusion, we need to be recertified earlier than the normal schedule."

Heartland replied in a statement that it was cooperating fully with Visa and other card brands.

It said: "Heartland was certified as PCI-DSS compliant in April 2008 and expects to continue to be accessed as PCI-DSS compliant in the future.

"We're undergoing our 2009 PCI-DSS assessment now, which Heartland believes will be complete no longer than May 2009 and will result in Heartland, once again, being assessed as PCI-DSS compliant."

Visa Canada Inc is a member of ACT Canada; please visit http://www.visa.ca.

14. BRITAIN'S BIOMETRIC ID CARDS POSTPONED
Source: ICMA Daily News (03/11)

The failure of fingerprint and iris-recognition equipment caused the delay, Home Secretary David Blunkett told members of Parliament this week. The trial, involving the registration of 10,000 volunteers to record and test biometric ID data, was originally due to launch in February but did not begin until last week. As a result, the length of the project has been cut from six months to three months.

The U.K. Passport Service is running the project with its technology partner Atos Origin, which inherited the deal through an acquisition.

But at a Home Affairs select committee this week, Blunkett and the U.K. Passport service acknowledged that the system Atos Origin initially delivered had problems and was sent back to the company after a few weeks.

Problems with the hardware, software and the capture and recognition of data have forced adjustments to the resolution and focus of the facial-recognition camera, along with modifications to the background used for iris scanning. A representative for the Home Office told Silicon.com that the problems have now been rectified.

15. MARITZ UNVEILS NEW POS REWARDS PLATFORM - Members Only Access

Available in the ACT Canada Members Only section of our web site. Click on the link below to access this section.
http://www.actcda.com/members-only/members-only-news/

If you are a member of ACT Canada but do not have your login details please contact me - andrea@actcda.com.

16. OBERTHUR TECHNOLOGIES BEGAN DELIVERY OF ITS CHRYSALIS FLY DUAL INTERFACE PAYMENT CARD TO S2P
Source: Smart Card Trends (03/16)

Oberthur Technologies began delivery of its next generation Chrysalis Fly dual interface payment card to S2P as part of its new "Universal Payment Card" project, the first of its kind in France and one of Europe's largest contactless projects to-date.

For S2P, the Chrysalis Fly card represents a way to increase the use of payment cards, replacing cash for low value payment transactions which represent the majority of transactions in Europe. The Chrysalis Fly product also combines the proven security of an EMV chip interface with Oberthur Technologies' contactless applications, offering a vastly accelerated transaction time twice the speed of other payment cards.

Oberthur Technologies is a member of ACT Canada; please visit http://www.oberthur.com.

17. GEMALTO COMBINES EMV, CONTACTLESS AND DIGITAL SIGNATURE FOR BANCO SANTANDER UNIVERSITY PROGRAM
Source: Smart Card Trends (03/03)

Gemalto announced it is providing Banco Santander, a major European financial institution, with new technology for its well established university identity card program in Spain. The company is supplying its high-end Optelio cards that offer EMV payment, multi-application identity for digital signature, strong authentication and secure contactless access to facilities. In addition, Gemalto delivers its Client strong authentication software solution to enable digital signature applications.

University Politecnica Catalunya (UPC) is first to rollout out this technology in the country. In addition to Spain, Banco Santander is currently running its university identity card program in Latin America, Morocco, Portugal and the United Kingdom. Santander manages several million cards in use at 200 universities, 48 of which are in Spain.

As part of the program, students use their card as a Banco Santander EMV debit card. Spain, and many countries around the world, are migrating payment systems to the more secure EMV standard. Students can also use their card for a wide variety of services and applications. The new digital signature functionality allows students and professors to conveniently sign documents electronically, while at the same time helping universities comply with new laws requiring their use.

The contactless features on the Gemalto card enables secure access to buildings such as libraries, dormitories and gymnasiums. Students also use the card for secure access to the campus electronic networks, to pay in cafeterias, take out books from the library, store grades and personal documents, pay for laundry and photocopies, and for other student expenses. The university card is also used for students to gain access to public transportation in the cities of Burgos, Lerida, Malaga and Santander.

Gemalto is a member of ACT Canada; please visit http://www.gemalto.com.

For more information, please contact Andrea McMullen at 1 905 426-6360 ext 124 or email andrea@actcda.com.

Please forward any comments, suggestions, questions or articles to andrea@actcda.com. Please note that articles contained in this newsletter have been edited for length, and are for information purposes only.