Stakeholders Driving Payment Evolution and Digital Identity

January 2011 ACTion Newsletter

IN THIS ISSUE

1. Editorial - What do we know?
2. A First in Canada: Desjardins Launches End-To-End Data Encryption Solution for Credit Card Payment
3. Visa Program Encourages EMV Adoption as a Path Toward Dynamic Authentication
4. Germany Deploys Contactless National ID
5. RIM: NFC will Become Standard Technology in Smartphones - Members Only Access
6. Another Credit Union Migrating To EMV
7. New Mobile Payment Service Makes Bank Accounts Mobile
8. Elavon Certifies Hypercom's Spos32 EMV on Optimum Payment Systems for Canada
9. ICC Solutions Announces ICCSimTMat Test Package Implementing the UK Cards Association (UKCA) Pre-Requisite Test Cases
10. Opening the Loop With Transit Programs - Members Only Access
11. YESpay's First Live Retail Chain With First Data in Canada!
12. MasterCard Expands PayPass in Canada with CIBC
13. Gemalto Unveils Mobile OTP, Microsoft Integration
14. NXP Brings Smart Card Security to Device Authentication
15. Preparing for Mobile Payment: Visa, Mastercard and ISIS Weigh In - Members Only Access
16. NXP and Giesecke & Devrient Enable Mass Deployment of NFC in Mobile Handsets
17. AT4 Wireless & Collis Offer Full Portfolio Of NFC & Mobile Payments Test Solutions
18. Apriva/NAMA Survey: Majority of Vending Operators Expect to Add Cashless Technology In 2011
19. CPI Card Group Partners With LifeNexus to Produce and Personalize Personal Health Card in North America
20. INSIDE Secure Brings True NFC Hardware Independence to Google Android "Gingerbread"
21. Gemalto Launches Protiva One Time Password Application for Mobile Users

ACT Canada Partners

Collis

Collis is a leading provider of EMV, e-ID, and e-Passport test tools, consulting, and training in Canada. Contact us for EMV training and test tools for every step of the EMV Transaction life-cycle - Cards, Terminals, Acquiring host and Authorization host. Collis America at 1-651-925-5410.

 Visa

Visa operates the world's largest retail electronic payments network and is one of the most recognized global financial services brands. Visa facilitates global commerce through the transfer of value and information among financial institutions, merchants, consumers, businesses and government entities.

ACT CANADA THANKS OUR NEW & RENEWING MEMBERS

GENERAL

Canadian Bank Note Company Limited ~ member since 2003

SME

CanCard ~ member since 2008

ASSOCIATE

SICPA ~ member since 2009
Smart Strategies~ member since 2009

MEMBER ANNOUNCEMENT RE CAREER OPPORTUNITIES

Interac Association is seeking experienced payment professionals to help manage and grow our online, mobile, and card payment products. Positions are available in Product Management, Relationship Management, Fraud Programs, Marketing, and Project Management.

See http://www.interac.ca/careers.php for details on these positions. Applications should be sent to careers@interac.ca.

CALENDAR OF EVENTS

Canadian Payment Technology Forum
March 10, 2011
Hockey Hall of Fame, Esso Theatre
Toronto, ON, Canada
For invitation details please contact karrie.macdonald@gemalto.com

2011 Smart Card Alliance Annual Conference
May 2-5, 2011
Hyatt Regency - McCormick Place
Chicago, IL, USA
http://www.smartcardalliance.org

Cardware 2011: Payment Insights
Sheraton Fallsview Hotel & Conference Centre
Niagara Falls, Ontario, Canada
June 14-15, 2011
http://www.actcda.com
ACT Canada members receive substantial discounts

CARTES & IDentification 2011
November 15-17, 2011
Paris-Nord Villepinte Exhibition Centre
Paris, France
http://www.cartes.com

1. EDITORIAL COMMENT
Source: Catherine Johnston, President & CEO, ACT Canada (02/25)

What do we know?

Don't you feel that there are more questions surfacing every day?

In the past two weeks I've been travelling and between personal and professional exchanges, I've been surprised by a few things.

One is how often people say "how could we ever do 'X': it's impossible?" Some things look that way, but when you look at the root of a problem or opportunity, it's usually possible to find something similar to learn from. An example: how can we possibly regulate payment or identity security when transactions are web based and international? Do you abide by rules and laws set by the country where the crime was instigated or where the victim was impacted? Seems to be a daunting question, but if we decide that the laws of the victim's country are paramount (or the other way around), then bilateral agreements between countries would come into play, as they already do on many other issues such as trade or border crossing.

Another option is defining global standards, as is the case in major credit cards and many travel documents. Neither is quick, easy or inexpensive, but it is possible and we can get there faster and cheaper by leveraging other solutions. Often we know more than we think we do and can use this knowledge to increase our revenues, reduce our costs or manage risk.

I'm also surprised by how often we think we "know" something because it supports what we want to do. This is often the case when technology makes it possible to enter a new market.

For example, untold billions of dollars have been made because of the emergence of the internet, but nevertheless, the dotcom phenomenon ruined countless companies and careers.

Today we have a number of new markets in the incubation phase - mobile commerce being one. We all "think" there is a highly profitable business here, but what we need to "know" is the realistic size of the opportunity and the realistic timeline for getting to the stage of the market where investments can be recouped and profits made. We need to have a clear understanding of the current market and what we need to change in order to pursue that realistic opportunity.

I hope you will join us as ACT Canada and our members seek out those insights through our Mobile Strategic Leadership team and Cardware 2011: Payment Insights, June 14 and 15, Niagara Falls.

2. A FIRST IN CANADA: DESJARDINS LAUNCHES END-TO-END DATA ENCRYPTION SOLUTION FOR CREDIT CARD PAYMENT
Source: Ingenico (02/10)

Credit card transactions are now even more secure thanks to the latest technology developed by Desjardins. End-to-end data encryption completely eliminates exposure of card numbers at points of sale during the payment process. This is a first in Canada.

With the participation of Ingenico, a major player in the global payment industry, Desjardins has developed a payment solution that encrypts credit card data throughout the entire transaction. This new technology will make it easier for retailers to comply with Payment Card Industry-Data Security Standards (PCI-DSS), under which strict security measures must be implemented at points of sale to protect credit card data exposure during the payment process.

This is the only solution of its kind in Canada to provide complete encryption of sensitive credit card information. From the moment the card is read by the store's PIN-pad to the transmission of the data to the Desjardins host system for authorization, the data remains protected. Card information cannot be viewed by store personnel nor decrypted by equipment outside of the Desjardins host system. This maximizes the level of security for every transaction.

"We were excited to team up and collaborate with Desjardins on the design of this unique cardholder data protection end-to-end encryption solution for retailers, said Chris Justice, president of Ingenico, North America. This new processor-to terminal security solution is in line with the Canadian payment environment. It will help retailers reduce the risk and cost of payment acceptance by offering the highest level of data security available on the market today."

The solution is available immediately for implementation by integrated payment solutions providers. Tender Retail, a major payment module supplier in Canada, is already integrating the encryption technology. The solution is also being implemented at a major retailer in Quebec, where it is expected to become operational by the summer.

Ingenico is a member of ACT Canada; please visit http://www.ingenico.com.

3. VISA PROGRAM ENCOURAGES EMV ADOPTION AS A PATH TOWARD DYNAMIC AUTHENTICATION
Source: ContactlessNews (02/10)

In an effort to encourage dynamic data authentication through merchant deployment of EMV-compatible chip terminals capable of processing contact or both contact and contactless payments, Visa announced a new Payment Card Industry Data Security Standard (PCI DSS) compliance program.

Under the program, Visa's Technology Innovation Program will eliminate merchant's requirement to validate their compliance with the PCI DSS for any year in which at least 75% of their Visa transactions originate from chip-enabled terminals.

"EMV chip is a proven technology platform that can offer the industry the ability to facilitate dynamic data as well as enable payment innovations," said Jim McCarthy, global head of product, Visa Inc. "In addition, merchant adoption of dual interface contact/contactless terminals will support the emergence of near field communication (NFC) payment form factors, including mobile devices."

To qualify for the program, terminals must be enabled for contact or dual contact and contactless interface chip acceptance. All merchants outside of the United States are eligible and may begin qualifying for the new program from March 31, 2011. International merchants may qualify for the program if they have either previously validated PCI DSS compliance or provided a plan to come into compliance, and if they have not been involved in a recent material breach of cardholder data.

Merchants that do not meet the program's EMV terminalization requirements, including merchants whose transaction volume is primarily from eCommerce and MO/TO acceptance channels, are still required to validate their PCI DSS compliance annually in accordance with Visa compliance programs.

Visa Canada Inc is a member of ACT Canada; please visit http://www.visa.ca.

4. GERMANY DEPLOYS CONTACTLESS NATIONAL ID
Source: ICMA Industry News (02/02)

Germany began issuing the new contactless national ID to citizens in November. The program is one of the first contactless-only electronic ID programs. It also employs a unique privacy scheme to protect cardholders.

National ID cards aren't new in the European Union and many countries use smart card technology to power the credentials. But the contactless German ID is a bit of a departure from what other countries have done and thus necessitated a slightly different take on existing contactless smart cards.

The country expects to issue 60 million cards over the next 10 years to replace existing paper documents, says Rudy Stroh, executive vice president of the ID business and country manager for Germany at NXP Semiconductors. NXP is providing the chip-its 128-kilobyte SmartMX secure contactless microcontroller-for the German e-ID.

"The contactless technology used in the e-ID enables strong privacy protection," Stroh says.

The first difference between the German ID card and other contactless smart cards is that is can only be read from four centimeters, whereas most other cards can be read from eight to 10 centimeters, Stroh says.

The chip is also PIN protected and will not release any personal information until the correct six-digit code has been entered. Communication between the card and the reader is encrypted and the card generates a unique number to begin each session with a reader, Stroh explains.

Typically when a card and reader are in close proximity, they share a number as a means to cryptographically authenticate one and other in a process called mutual authentication. By ensuring that the number shared for mutual authentication is unique for each session, there is no chance to track a card and thus an individual via this shared number.

Securing both physical and virtual worlds

"With the contactless application," says Stroh, "there will be opportunities to use the card for a lot of services."

The German program uses the electronic passport standards developed by the International Civil Aviation Organization and can be used in place of a passport for travel between European Union countries. "It's based on the ICAO EAS passport," Stroh says. "There's a common terminology being used and commonality between the documents for travel in Europe."

When traveling to other countries fingerprint templates stored on the card are verified to ensure the identity of the cardholder. Use as a travel document is optional so citizens can choose whether or not to enroll and store fingerprint templates.

The credential can be used for access to government and commercial Web sites as well, explains Stroh, to digitally sign documents, auto fill forms, verify age and login to bank accounts and other services. Stroh estimates that 150 companies-including financial institutions, retailers, and airlines-are working on applications to take advantage of the card technology.

In addition to verifying a cardholder's identity online, it can protect cardholders from online threats as well. Using mutual authentication techniques between the card and the service provider, cardholders can better trust the authenticity of the service provider.

This is designed to make it faster, more economical and more secure to open and log into accounts while guarding against identity theft. It also can protect young people, for example, by preventing underage cardholders from buying cigarettes from vending machines or accessing other age-defined products and services.

From the ground up, the German e-ID was created with privacy protection in mind. This is evident in the handling of age verification as well. Rather than disclose the age of the cardholder to the service provider, only a pass or fail indicator is provided based on the date of acceptability. Card expiration is managed in the same way disclosing only whether the card is valid or invalid, rather than providing the actual date of expiry.

NXP is a member of ACT Canada; please visit http://www.nxp.com.

5. RIM: NFC WILL BECOME STANDARD TECHNOLOGY IN SMARTPHONES - Members Only Access

Available in the ACT Canada Members Only section of our web site. Click on the link below to access this section.
http://www.actcda.com/members-only/members-only-news/

If you are a member of ACT Canada but do not have your login details please contact me - andrea@actcda.com.

6. ANOTHER CREDIT UNION MIGRATING TO EMV
Source: SecureIDNews (02/18)

State Employees' Credit Union (SECU) has announced the addition of EMV technology to its debit card portfolio, making it one of the first U.S. financial institutions to add the microchips for increased transaction security over traditional magnetic stripe cards.

Oberthur Technologies will provide the cooperative with the technology to migrate its 1.7 million debit cardholder to EMV.

SECU will begin its migration in March, with a completion target date for late 2011. "SECU's goal is to provide products and services which offer enhanced value and protection," says Leanne Phelps, senior vice president of SECU's Card Services department. "The EMV technology enables us to offer members increased fraud protection along with stress-free use of their card worldwide."

Oberthur Technologies is a member of ACT Canada; please visit http://www.oberthur.com.

7. NEW MOBILE PAYMENT SERVICE MAKES BANK ACCOUNTS MOBILE
Source: Giesecke & Devrient (02/14)

In Serbia, mobile network operator Telenor has introduced a new payment service called PlatiMo, which for the first time allows customers to pay their bills and perform other financial services via their mobile phones directly from their bank accounts. In opting for G&D's SIM cards and SmartTrust Over-the-Air (OTA) server software and Halcom's mobile payment system, Telenor has chosen one of the most competitive m-payment offerings currently present on the market worldwide. With G&D's 150 years of financial experience and its technical expertise in managing applications on SIM cards and Halcom's know-how in the field of electronic payments, Telenor is guaranteed a first class mobile payment solution.

Since early mobile payment market adoption was stunted by a lack of awareness that collaboration between banks and mobile network operators is essential, considerable attention was paid to this issue in the case of PlatiMo. Telenor worked closely with banks to provide a state-of-the-art mobile payment scheme to their customers. Telenor has chosen Halcom to provide mobile payments software and G&D to supply SIM cards and manage mobile payments applications on its delivery platform. The Telenor mobile payments scheme has so far attracted the involvement of four banks: Komercijalna bank, Erste Bank, Credit Agricole and Raiffeisen Bank. These four banks between them serve more than 50 percent of the Serbian market.

Telenor and the partner banks are currently in discussions with merchants and are eager for them to join the scheme as quickly as possible. Telenor will soon be able to offer the option of paying utility bills for electricity, cable TV, water, Internet etc. through mobile payment. Moreover, Telenor and the partner banks would also like to extend the scheme into the area of ticketing, offering users the opportunity to pay for cinema, theatre and concert tickets, taxi rides, and public transport.

For now, subscribers using the PlatiMo application can pay mobile phone bills issued by Telenor, send money to other PlatiMo users, make online purchases, buy airplane tickets via the call centre of Serbia's largest national air company JAT Airways and top up their prepaid accounts in the Telenor network.

After the promotional period, which ends in April, new banks will be introduced to the PlatiMo system, increasing the potential customer base.

What is more, thanks to cooperation with e-government, all PlatiMo users will have access to e-government services through the scheme and will be able to order personal documents, such as birth or citizenship certificates.

In order to obtain a sustainable customer base, a mobile payments service needs to be simple, yet completely reliable and secure. A key success factor in achieving a high take-up is the impressive simplicity of the new Telenor service. To perform a mobile payments transaction, the user only needs to take three steps.

In step one, a payment request containing all essential information (payment amount, vendor's name and similar details) is sent to the user's mobile phone. The second step sees the user confirming (digitally signing) the payment request with their sPIN. After confirmation, both merchant and user receive information about the transaction status in step three. This procedure minimizes end user data input, providing a very convenient and easy payment experience without compromising transaction security.

PlatiMo is simple to use, versatile and suitable for all commercially available mobile phones. It also meets the highest security standards for electronic payment transactions: The phones use special WPKI (Wireless Public Key Infrastructure) SIM cards from G&D, which provide an electronic certificate issued by the Halcom certificate agency. During the encrypted transactions, data are exchanged between the SIM card and a G&D SmartTrust Mobile Transaction Gateway server which is connected to PlatiMo's four participating banks via Halcom's 123 Pay! platform.

Consumers are protected in the event of cell phone loss or theft, since payments can only be made by entering a special additional PIN - the sPIN - which is different from the cell phone's SIM PIN. Such security technology has been widely used in electronic banking for years and so far these systems have not seen any cases of misuse or fraud.

Giesecke & Devrient is a member of ACT Canada; please visit http://www.gi-de.com.

8. ELAVON CERTIFIES HYPERCOM'S SPOS32 EMV ON OPTIMUM PAYMENT SYSTEMS FOR CANADA
Source: Hypercom (02/09)

Hypercom Corporation announced that Elavon has Class-B certified Hypercom's SPOS32 EMV and PA-DSS approved payment software on the PTS approved Optimum T4200 and M4200 mobile product family. Elavon is one of the first leading payment acquirers in Canada to certify SPOS32. With this certification, Elavon can process credit card transactions originating from these devices in Canada, effective immediately.

"We are focused on delivering sensible, state-of-the-art EMV payment systems to the Canadian market, and we are doing just that with products that futureproof the retail experience and lower the total cost of ownership," said Cory Taylor, general manager of Elavon's Canadian region.

"With Elavon, we are bringing high speed, high performance payment terminals to Canadian retailers who demand nothing less than the very best products and services," said Brent Smith, Country Manager, Hypercom Canada. "Achieving this certification allows us to continue to reinforce our increasingly considerable footprint in this important market."

Hypercom's high security PTS approved and Interac certified Optimum T4200 and M4200 product family for North America consists of six powerful 32-bit multi-application systems that share the same platform, user interface, and software toolkit to maximize efficiency, application portability, and offer customers a broad range of options to serve any market need.

Each Optimum payment system incorporates Hypercom's full X509 PKI (public key infrastructure) HyperSafe Secure security layer to protect the system and applications from hacking and malware attacks. Protecting the operational procedures and maintenance of payment terminals is just as important as protecting cardholder data. Hypercom's HyperSafe suite of security products defends terminals from rogue applications and malware, protects the terminal management system from communicating with fraudulent terminals and provides the industry's only remote key management system. The key benefit for banks, processors and large retailers: protects their investment in the point of sale estate; reduces the potential for fraudulent use of terminals; and ensures the secure transport of cryptographic keys.

In other Hypercom news, Hypercom Corporation announced that the stockholders of the Company have approved the merger agreement providing for the acquisition of the Company by VeriFone Systems, Inc. The results were announced this morning by Norman Stout, Chairman of the Board, during a special meeting of stockholders. The merger agreement and merger were approved by more than 99% of the shares voted, which constituted approximately 80% of the total number of shares outstanding as of the record date for the special meeting.

The proposed merger was announced on November 17, 2010, and is expected to close in the second half of 2011, pending the satisfaction of applicable regulatory approvals and other customary closing conditions. (Source: Hypercom 02/24)

Hypercom is a member of ACT Canada; please visit http://www.hypercom.com.

9. ICC SOLUTIONS ANNOUNCES ICCSIMTMAT TEST PACKAGE IMPLEMENTING THE UK CARDS ASSOCIATION (UKCA) PRE-REQUISITE TEST CASES
Source: ICC Solutions (02/08)

ICC Solutions is delighted to announce the immediate availability of ICCSimTMat: UKCA Pre-Req being the first automated test package implementing the UK Cards Association (UKCA) Pre-Requisite Test Cases which comprise a subset of test cases selected from each Payment Association certification pack (M-TIP for MasterCard, Visa ADVT and JCB).

ICCSimTMat enables the UK Cards Association (UKCA) Pre-Requisite testing to be performed using a reliable and efficient test environment which features easy-to-follow test instructions and automated analysis of the test results without the logistical problems created by complex hardware and card probe configurations or having to manage large decks of test cards.

This combination ICCSimTMat test package is the most cost effective means to perform the UK Cards Association (UKCA) Pre-Requisite testing, however individual ICCSimTMat test packages, being the only solution recognised and fully approved by all Payment Associations, should still be considered if intending to perform the formal Payment Association certification tests.

Jonathan Vokes, (Head of ESD, Technology Services, WorldPay), said "WorldPay is happy to accept ICC Solutions implementation of the UK Cards Association Pre-Requisite Test pack for pre-certification testing."

According to Dave Maisey CEO / Managing Director at ICC Solutions "ICC Solutions' welcomes this opportunity to further extend our ICCSimTMat portfolio by offering a ICCSimTMat test package implementing the UK Cards Association (UKCA) Pre-Requisite Test Cases enabling greater efficiency in preparing for certification."

ICC Solutions is a member of ACT Canada; please visit http://www.iccsolutions.com.

10. OPENING THE LOOP WITH TRANSIT PROGRAMS - Members Only Access

Available in the ACT Canada Members Only section of our web site. Click on the link below to access this section:
http://www.actcda.com/members-only/members-only-news/

If you are a member of ACT Canada but do not have your login details please contact me - andrea@actcda.com.

11. YESPAY'S FIRST LIVE RETAIL CHAIN WITH FIRST DATA IN CANADA
Source: YESpay (02/11)

A global fashion retail chain operating over 13 stores throughout Canada is now processing EMV Chip and PIN payments. Integrated with YESpay's EMV Chip & PIN accredited and PCI-DSS Level 1 certified managed payment service called EMBOSS, this new merchant can now benefit from a fully outsourced and comprehensive payment solution in partnership with InfoSpec Systems Inc. (developers of Profitek) and First Data Merchant Services.

The integration with YESpay International allows this leading fashion retailer, famous worldwide for its four letters acronym, to beat the threatening EMV liability shift of March 31st. Indeed, by this date merchants who do not accept EMV cards will be liable for any fraudulent transactions, leading to tremendous chargebacks. By utilizing YESpay's EMBOSS EMV payment solution, their stores will benefit from the most cost effective, reliable and comprehensive payment solution in Canada.

Roll-out has started downtown Toronto, and YESpay's solution is scheduled to be deployed across Canadian stores over the next few weeks. This retail store brand is now, along with YESpay's numerous live merchants, leading the way towards cutting edge integrated EMV payment technology in North America.

Harry Morge, National Sales Manager at YESpay International adds "Global retail chains do think twice before using a payment service provider. This milestone again proves the strong confidence in EMBOSS integrated payment solution any merchant can have. It is cost-effective thanks to a simple monthly fee structure that includes reporting portal, recurring billing etc. Most importantly, deployment is quick and seamless: in a matter of weeks, YESpay payment solution can be integrated by POS vendors and then be rolled-out in multi-location retail chains throughout Canada, as this implementation shows".

This milestone is significant as it confirms YESpay International aggressive expansion in North America, giving confidence in the robustness of its EMBOSS fully managed payment gateway for EMV card processing.

YESpay's EMBOSS payment solution relieves merchant from maintaining an in-house payment solution as well as undergoing formal EMV end-to-end bank testing and managing PCI-DSS compliance.

YESpay is a member of ACT Canada; please visit http://www.yes-pay.com.

12. MASTERCARD EXPANDS PAYPASS IN CANADA WITH CIBC
Source: ContactlessNews (02/08)

MasterCard Canada announced that the Canadian Imperial Bank of Commerce (CIBC), the largest issuer of Visa cards in Canada, will be the newest issuer of contactless PayPass-enabled MasterCard credit cards.

CIBC will offer three new PayPass cards, including the CIBC Aventura World MasterCard, the CIBC Dividend Unlimited World MasterCard and the CIBC Aventura MasterCard. Customers can use the new cards to tap and pay for purchases up to $50 without needing to enter a PIN or sign receipts, according to the bank.

Betty K. DeVita, President of MasterCard Canada, comments, "Canadians have embraced the tap-and-go convenience of PayPass, which gives cardholders the ability to purchase what they want, quickly, and without having to rely on cash on hand."

According to MasterCard, there are more than 19 million PayPass cards in Canada, accepted at some 13,000 merchants, including Tim Hortons, Petro Canada, Shoppers Drug Mart, Loblaws, Real Canadian Superstore, Toys R Us, M&M Meat Shops, and The Second Cup among many others.

MasterCard Canada is a member of ACT Canada; please visit http://www.mastercard.ca.

13. GEMALTO UNVEILS MOBILE OTP, MICROSOFT INTEGRATION
Source: ContactlessNews (02/15)

Gemalto is introducing the Protiva Mobile OTP, a new way for businesses and their employees to deploy two-factor authentication, by using their mobile phones. The company also announced that its Strong Authentication (SA) Server and Protiva OTP Tokens have been integrated with Microsoft DirectAccess.

The Protiva Mobile OTP is part of Gemalto's Protiva Strong Authentication family, which encompasses the validation server and a range of Protiva authentication application software and authentication devices that allow businesses to choose the solution that best fits their needs. One Time Password (OTP) replaces static passwords with strong authentication and provides a convenient additional level of security for transactions and access control.

Protiva Mobile OTP works with the popular handset platforms used in business today, including Blackberry, iPhone, including the handsets running Java, Windows CE and Brew. Employees simply need to download Gemalto's secure app onto their mobile phone, which is setup to immediately generate and receive OTPs using the phone as the interaction and computing device.

Combining the mobile credential with their username and one-time-password grants employees the appropriate access to company resources such as a VPN, intranet, mail directory, digital signature, mail and Web pages. Protiva Mobile OTP is simple for IT administrators to deploy and provision, and is compatible with the majority of industry-leading IT infrastructure elements.

This Strong Authentication (SA) Server and Protiva OTP Tokens integration with Microsoft DirectAccess enables two-factor authentication for remote access to enterprise Web sites and applications.

"Enterprises looking to add another layer of security to DirectAccess will find that Gemalto's Protiva SA Server and OTP tokens are extremely simple to provision and implement. Securing their entire mobile workforce is quick and cost-effective," said Tom Flynn, vice president, Online Authentication and eBanking for Gemalto North America.

Gemalto is a member of ACT Canada; please visit http://www.gemalto.com.

14. NXP BRINGS SMART CARD SECURITY TO DEVICE AUTHENTICATION
Source: ContactlessNews (02/14)

NXP announced the au10tic family of secure microcontrollers is being markted for device authentication in different applications including information and communication technologies, industrial equipment and medical devices.

The au10tic secure microcontrollers are based on NXP's technology which has been used for securing government ID cards and passports, as well as smart cards for banking and other applications.

The NXP au10tic family can be used for authentication of both devices and users accessing secure content and services, and for device identification to enable secure machine-to-machine communication. The chips can be integrated into a variety of consumer products, from smart phones, laptops and tablets to game consoles and electronic accessories.

The solutions provide a tamper-resistant security solution via key generation and programming services, as well as the option for remote management of applications and credentials running on the secure microcontroller.

Using au10tic, brand owners can prevent counterfeiting, which enhances customers' brand experience as they use genuine products, and protect software content and services against unauthorized use and distribution.

NXP is a member of ACT Canada; please visit http://www.nxp.com.

15. PREPARING FOR MOBILE PAYMENT: VISA, MASTERCARD AND ISIS WEIGH IN - Members Only Access

Available in the ACT Canada Members Only section of our web site. Click on the link below to access this section:
http://www.actcda.com/members-only/members-only-news/

If you are a member of ACT Canada but do not have your login details please contact me - andrea@actcda.com.

16. NXP AND GIESECKE & DEVRIENT ENABLE MASS DEPLOYMENT OF NFC IN MOBILE HANDSETS
Source: Giesecke & Devrient (02/15)

NXP Semiconductors N.V. and Giesecke & Devrient (G&D) announced the full validation of a joint software solution offering secure interfaces between the handset, NFC functionality and secure elements such as the SIM card. This solution enables NFC to be integrated securely into mobile handsets based on the Android platform and other operating systems. In addition, the validated software will meet the needs of mobile network operators who are specifically demanding secure elements within the handset. The first Android handset supporting this enhanced functionality is expected to be launched during the second quarter of 2011.

The availability of an integrated secure NFC software solution within the NFC ecosystem represents a breakthrough for the future deployment of NFC-based services, which will offer consumers and the industry a vast array of mobile services, such as mobile payment and mobile ticketing. This solution is based on the integration of NXP's NFC controllers in mobile handsets with G&D's secure software solutions, as well as its expertise in securing transactions via the secure element. Security and ease of use are vital for broad consumer acceptance of NFC. Leading mobile handset OEMs have already included the solution into the platform design of their Android-based mobile handsets planned for deployment in 2011 and in 2012.

"Since NXP co-invented NFC, we've been working with a range of ecosystem partners to help further adoption of the technology," said Henri Ardevol, vice president and general manager, secure transactions, NXP Semiconductors. "Our aim is to ensure that NFC is flexible enough to support the needs of the entire eco-system. Our collaboration with G&D and other key stakeholders provides our handset and mobile network partners the flexibility to incorporate NFC and the associated secure elements into their offerings in the most appropriate way, supporting their individual business needs."

"As a leader in mobile security, Giesecke & Devrient has invested early in developing solutions for bringing secure access to SIM cards and other secure elements to Android platforms. In combination with our pioneering activities in secure NFC services, this has enabled us to offer complete solutions at a time when both the Android and NFC markets are booming," explained Willem Bulthuis, senior vice president global marketing and sales, mobile security, Giesecke & Devrient. "The NFC solution for mobile devices which we have now launched together with NXP is a key milestone in enabling mass roll-out of the NFC services ecosystem."

Android is the fastest growing mobile operating system and the validation of G&D and NXP software will enable mobile network operators to capitalize on both the demand for Android-based phones and NFC technology by ensuring that all mobile transactions facilitated by the handset remain safe and secure.

"Android phones appeal to a growing number of our customers. Orange announced last December ambitious plans to expand our Cityzi NFC ecosystem project and to roll-out compatible SIMs and smartphones across Europe in 2011," said Vincent Barnaud, head of mobile contactless, Orange. "We encourage all initiatives that will enable Orange to offer contactless services to our customers who use Android phones. The efforts of NXP and G&D are fully in line with this direction."

"Deutsche Telekom will be launching first NFC services in core markets in 2011," said Kerstin Baumgart, vice president of business development, mobile products, Deutsche Telekom. "As Android is becoming one of the leading operating systems, we are embracing the opportunity to deliver contactless services with a compelling user experience on Android-based terminals. We actively support all activities driving open standards to get necessary scale in the market."

The new software-based secure NFC solution provides full flexibility to support all modes provided by the NFC technology. These include reading and writing to NFC smart tags, peer-to-peer data sharing, mobile payments and access control. The code is open source and is designed to provide full flexibility for integration in multiple platforms and usage with solutions from different suppliers.

Giesecke & Devrient and NXP are members of ACT Canada; please visit http://www.gi-de.com & http://www.nxp.com.

17. IAT4 WIRELESS & COLLIS OFFER FULL PORTFOLIO OF NFC & MOBILE PAYMENTS TEST SOLUTIONS
Source: Collis (02/14)

The scope of this partnership will include Collis and AT4 wireless products for the NFC, Contactless, Payment, transit and ID market segments. This test solutions portfolio will include Collis' Mobile Payment and NFC related test solutions, such as the Collis SWP-HCI Test Suites, Collis GlobalPlatform UICC Configuration Test Suite and Aspects Spy (end-to-end). The portfolio also includes AT4 wireless' NFC and RFID conformance and R&D test tools, including the recently approved RIDER test solution for the NFC Forum Certification. Altogether a complete portfolio to ensure the compliance of a handset or SIM according to NFC Forum, GlobalPlatform, ETSI/3GPP, Visa and MasterCard standards.

"We are excited about this partnership" commented Andres Moreno, AT4 wireless Sales and Marketing Manager. "The NFC technology is gaining a lot of momentum and this cooperation between Collis and AT4 wireless will offer an excellent test solutions portfolio to Mobile Network Operators, mobile device vendors and Certification Test Laboratories". "We recognize Collis� leadership in Contactless and Payments solutions, where they are an international reference; this alliance is quite powerful and will be very much appreciated by the Industry, as we offer a full solution for their NFC and mobile payment needs.

Berend van Geffen, Collis Chief Commercial Officer. "Collis is very pleased to join forces with AT4 wireless and offer the full suite of NFC & Mobile Payments solutions across multiple markets. AT4 wireless are the leading experts when it comes to Wireless communications and network solutions. Collis' market leading solutions for NFC/TSM, Mobile Payments and SIM technology is driven by innovation and real domain expertise. Collis is acknowledged by the Payment, Mobile, ID and Transit markets as a leading solution provider in secure applications & transaction technology. The cooperation between Collis and AT4 wireless sees a robust and complete portfolio now available for all players across these domains."

Collis is a member of ACT Canada; please visit http://www.collis.nl.

18. APRIVA/NAMA SURVEY: MAJORITY OF VENDING OPERATORS EXPECT TO ADD CASHLESS TECHNOLOGY IN 2011
Source: Apriva (02/23)

Apriva announced results of a survey it conducted among 200 NAMA members regarding the adoption of cashless payment technologies in the vending space. According to the findings, approximately 57 percent of all respondents expect to either integrate or expand the use of cashless technology in 2011. Only eight percent of the respondents indicated they do not foresee adding any cashless technology into their businesses.

"It appears that the vending community is approaching critical mass in terms of adopting cashless technology," said Stacey Finley Tappin, vice president of sales for Apriva. "The findings confirm what we're seeing in the field-that a growing number of operators understand the profound benefits offered through cashless technology, and are prepared to make the strategic decision of bringing these solutions into their businesses."

Apriva and NAMA conducted the study as part of their ongoing efforts to educate operators on the operational and economic benefits of cashless vending. Apriva is a participant in the NAMA-sponsored cashless vending initiative, which delivers an end-to-end cashless solution to operators.

Of those vendors who indicated their intention of adding cashless in 2011, about 30 percent said that they would place cashless machines in university or school settings, while 12 percent cited hospitals and other institutions as their preferred locations.

"As cashless technology becomes more accepted in the industry, most operators will face a learning curve in identifying the right locations to deploy the technology," explains Dr. Michael Kasavana, NAMA-endowed Professor in Hospitality Business at Michigan State University. "From what we can surmise from Apriva's survey, a good portion of operators see that institutions-such as schools and hospitals-offer the right demographics to warrant electronic payments. As the technology continues to become more pervasive, I expect that we'll see cashless make inroads in a number of other facilities, like retail and offices." In addition, the survey also queried operators regarding the sources they use to receive information on unattended payments. More operators (43%) use the NAMA website (www.vending.org) as their primary source of information than other outlets, including trade publications, blogs, and other forms of media.

Apriva is a member of ACT Canada; please visit http://www.apriva.com.

19. CPI CARD GROUP PARTNERS WITH LIFENEXUS TO PRODUCE AND PERSONALIZE PERSONAL HEALTH CARD IN NORTH AMERICA
Source: ICMA Industry News (02/24)

CPI Card Group and LifeNexus, the developer of the iChip(TM) and Personal Health Card, announced an agreement to produce, personalize, and fulfill the LifeNexus Personal Health Card. This is the first ever multi-purpose electronic health card utilizing the embedded iChip for securely maintaining an individual's personal health record, with a payment card option on the same card.

CPI will provide personalization of the card, including the magnetic strip and the computer chip modules utilized in the LifeNexus Personal Health Cards. CPI supplies global high level chip card personalization and fulfillment services. "This is a true first in North America for CPI or anyone in the card industry-a healthcare and financial payment product on one card," said Steve Montross, president of CPI Card Group. "Together, CPI and LifeNexus are delivering a product that raises the bar for security, portability and convenience within the healthcare and bank card industries."

The LifeNexus Personal Health Card was designed to secure and maintain an individual's Personal Health Record (PHR) on a card in their wallet. The patented iChip(TM), (Individually Controlled Health Information Platform(TM)), utilizes "mobile server" technology embedded on a chip card which is both encrypted and password-protected, providing a highly secure environment to stores comprehensive health information for individuals and their family members. Hugh Meadows, President of the LifeNexus Payment Card Group stated "Individuals and their healthcare providers no longer have to consider that the only option available is to store their sensitive information on some unrelated third party server. Individual control is now as close as your wallet where vital and potentially life-saving information is literally at your finger tips".

"In addition to having greater control over your personal health records, the Personal Health Card allows individuals extraordinary flexibility with a payment card option, to use the card just as they would their every day payment card," said Hugh Meadows.

CPI Card Group is a member of ACT Canada; please visit http://www.cpicardgroup.com.

20. INSIDE SECURE BRINGS TRUE NFC HARDWARE INDEPENDENCE TO GOOGLE ANDROID "GINGERBREAD"
Source: INSIDE Secure (02/07)

INSIDE Secure, a leader in semiconductor solutions for secure transactions and digital identity, today announced the availability of a new version of its award-winning, open-source Open NFC protocol stack geared to the latest version of Google Android (aka Gingerbread). This makes Open NFC the first truly hardware-independent, open-source NFC protocol stack for this popular smartphone operating system. Open NFC version 4.2 for Google Android 2.3 simplifies interoperability and provides the NFC ecosystem with a consistent NFC application programming interface (API) and functionality, offering chip vendors, smartphone manufacturers, wireless carriers and software developers a way to implement NFC functionality independently of the underlying NFC hardware as Gingerbread is adopted for use in a broad range of mobile products around the world.

"Open NFC relies on a separate, very thin and easily adaptable hardware abstraction software layer, which accounts for a very small percentage of the total stack code, meaning that the Open NFC software stack can be easily leveraged for different NFC chip hardware," said Philippe Martineau, executive vice president of the NFC business line for INSIDE Secure. "This has tremendous cost, time-to-market and flexibility advantages for NFC chip vendors, smartphone manufacturers and software developers who would otherwise have to contend with rewriting the hardware-specific elements of the Gingerbread NFC protocol stack."

According to Martineau, because the current Gingerbread NFC stack embeds code that is dedicated to specific hardware throughout the stack and is not confined to a thin hardware- specific layer, a substantial portion of the stack would have to be rewritten to adapt the stack to a different NFC controller or combo connectivity chip. With its separate hardware abstraction software layer, adapting the Open NFC stack to new hardware is much simpler as the hardware dependencies are well layered and the overall code base to adapt is significantly smaller.

Since it was introduced last year, the Open NFC protocol stack has quickly become recognized as the cost-effective, open-standards NFC middleware solution for mobile phones, embedded products and other devices, and has received significant industry support from a broad array of participants in the NFC ecosystem. Originally developed for INSIDE's third-generation MicroRead NFC controller and SecuRead solution with embedded secure element, the Open NFC protocol stack brings proven, high quality, well-documented NFC software into the open source arena.

Open NFC received a prestigious Sesames Award for software at the recent Cartes & Identification 2010 after it was judged by a panel of experts to represent a genuine breakthrough that brings significant benefits to OEMs and ODMs creating NFC mobile phones, embedded products and other devices.

Open NFC supports several levels of functionality, from low-level RF control to high-level NFC Forum tag handling, peer-to-peer communications as well as Bluetooth and Wi-Fi pairing, interactions with single-wire protocol SIMs and other secure elements and compatibility with smart cards and RFID tags based on Felica, Mifare and ISO 14443 standards. By providing a consistent API across all NFC hardware, the open-source Open NFC protocol stack improves the interoperability of all NFC devices.

INSIDE Secure is a member of ACT Canada; please visit http://www.insidesecure.com.

21. GEMALTO LAUNCHES PROTIVA ONE TIME PASSWORD APPLICATION FOR MOBILE USERS
Source: Gemalto (02/15)

Gemalto introduces Protiva Mobile OTP, a convenient, secure and cost-effective new way for businesses and their employees to deploy two-factor authentication, simply using their mobile phones. The new solution is part of Gemalto's Protiva Strong Authentication family, which encompasses the validation server and a range of Protiva authentication application software and authentication devices that allow businesses to choose the solution that best fits their needs. One Time Password (OTP) replaces static passwords with strong authentication and provides a convenient additional level of security for transactions and access control.

Protiva Mobile OTP works with the popular handset platforms used in business today, including Blackberry, iPhone, including the handsets running Java, Windows CE and Brew. Employees simply need to download Gemalto's secure app onto their mobile phone, which is setup to immediately generate and receive OTPs using the phone as the interaction and computing device.

Combining the mobile credential with their username and one-time-password grants employees the appropriate access to company resources such as a VPN, intranet, mail directory, digital signature, mail and Web pages. Protiva Mobile OTP is simple for IT administrators to deploy and provision, and is compatible with the majority of industry-leading IT infrastructure elements.

Gemalto is a member of ACT Canada; please visit http://www.gemalto.com.

For more information, please contact Andrea McMullen at 1 905 426-6360 ext 124 or email andrea@actcda.com.

Please forward any comments, suggestions, questions or articles to andrea@actcda.com. Please note that articles contained in this newsletter have been edited for length, and are for information purposes only.