Stakeholders Driving Payment Evolution and Digital Identity

March 2015 ACTion Newsletter

IN THIS ISSUE:

  1. EDITORIAL - ONE SMALL STEP – ONE LARGE LEAP FOR THE FUTURE OF MOBILE
  2. MONERIS SELECTED AS PAYMENT ACQUIRER FOR GOVERNMENT OF CANADA
  3. INGENICO MOBILE SOLUTIONS LAUNCHES INDUSTRY'S FIRST MPOS SOLUTION ENABLING NFC ACCEPTANCE OF APPLE PAY, MASTERCARD CONTACTLESS AND VISA PAYWAVE
  4. IT'S OFFICIAL: SAMSUNG PAY IS REAL
  5. VISA IS PARTNERING WITH BANKS ACROSS THE GLOBE TO EXPAND HCE SERVICES
  6. TOKENIZATION IS NOT ENOUGH: THE ROLE OF ON-DEVICE SOFTWARE FOR SECURE MOBILE PAYMENTS
  7. BULGARIAN BANK TO LAUNCH MOBILE PAYMENTS WITH MEAWALLET TECH
  8. G&D PROVIDES FRAUD PROTECTION FOR APPS
  9. MASTERCARD WORKS WITH SAMSUNG TO DELIVER SAMSUNG PAY
  10. GEMALTO AND TAPIT BRING ONE-TAP MOBILE PAYMENT TO POSTERS, KIOSKS, PACKAGES, AND SIGNS
  11. COULD APPLE PAY FRAUD HAVE BEEN PREVENTED?
  12. NBS TECHNOLOGIES AND SMART CARD IT SOLUTIONS LEAD IN GLOBAL INTEGRATION
  13. APPLE WATCH AIMS TO ALTER PAYMENT AND SHOPPING EXPERIENCE
  14. TD MOBILE APP REFRESH PUTS A SPOTLIGHT ON SPEED AND AGILITY
  15. NXP LAUNCHES NEW PLATFORM FOR DEVELOPMENT OF SECURE MOBILE PAYMENT APPLICATIONS
  16. VISA AND SAMSUNG BRING MOBILE PAYMENTS TO THE NEW SAMSUNG GALAXY S6
  17. BRITISH SHOPPERS WARMING TO NEW PAYMENTS TECHNOLOGIES BUT NOW HAVE GREATER EXPECTATIONS OF RETAILERS
  18. CPI CARD GROUP ANNOUNCES NEW LINE OF DURBIN-COMPLIANT MASTERCARD EMV CHIP CARD SOLUTIONS
  19. JETCO LAUNCHES MOBILE NFC SERVICES IN HONG KONG AND MACAU WITH GEMALTO'S TRUSTED SERVICE HUB
  20. GLOBAL PAYMENTS & DISCOVER FINANCIAL SERVICES ANNOUNCE STREAMLINED CARD ACCEPTANCE ON THE DISCOVER GLOBAL NETWORK IN CANADA
  21. FACEBOOK MESSENGER WILL NOW HAVE PERSON TO PERSON PAYMENTS
  22. U.S. CONSUMERS WANT MORE PERSONALIZED RETAIL EXPERIENCE AND CONTROL OVER PERSONAL INFORMATION
  23. ELAVON'S SIMPLIFY APPLICATION MAKES PAYMENT SECURITY FOR MID-TO-LARGE SIZE BUSINESSES SIMPLE
  24. EVERLINK INTRODUCES INTERAC FLASH ENABLED WEARABLE PAYMENTS SOLUTION
  25. GERMAN EXPERTISE LEADS THE IMPLEMENTATION OF THE NATIONAL PKD SOLUTION IN THE UNITED ARAB EMIRATES
  26. INGENICO GROUP LAUNCHES SECURED PAYMENT ACCEPTANCE INTO CONNECTED DEVICES
  27. SQUARE BUYS TORONTO'S KILI TECHNOLOGY
  28. PAYPAL STRENGTHENS MOBILE PLANS WITH PAYDIANT ACQUISITION
  29. GEMALTO SOLUTION POWERS A UNIFIED NATIONAL REGISTRY FOR OMAN'S IDENTITY DOCUMENTS
  30. VISA ANNOUNCES AGREEMENT TO ACQUIRE TRIALPAY
  31. HERON FOODS SELECTS VERIFONE'S P2PE-CERTIFIED PAYMENT AS A SERVICE TO PROTECT CARDHOLDER DATA AND ENHANCE THE CUSTOMER EXPERIENCE
  32. BMO HARRIS BANK UNVEILS CARDLESS APP
  33. MEAWALLET AND NXP TO ENABLE NEXT GENERATION OF MOBILE SOLUTIONS FOR ACCESS, TRANSIT AND TICKETS
  34. SAMSUNG'S NEW FLAGSHIP SMARTPHONE GALAXY S6 EMBARKS OT'S ESE TO OFFER INNOVATIVE SECURE APPLICATIONS
  35. NXP LAUNCHES NEW SECURE SERVICE DEVELOPMENT PLATFORM FOR SECURE MOBILE TRANSACTIONS

ACT Canada Partners:

Ingenico Group

INGENICO - Point of Sale Equipment Partner
Ingenico Group is the global leader in seamless payment, providing smart, trusted and secure payment solutions to empower commerce across all channels, in-store, online and mobile. With the world's largest payment acceptance network, we deliver secure solutions with a local, national and international scope in 125 countries. For over 30 years, we have been the trusted world-class partner for financial institutions and for retailers, ranging in size from small merchants to several of the world's best known global brands. Our smart terminal and mobile solutions enable merchants to simplify payment and deliver their brand promise. Visit http://www.ingenico.com/.

Interac Logo

INTERAC - Payment Network Partner
Interac Association is a recognized world leader in debit card services. Interac Association is responsible for the development and operations of theInterac network, a national payment network that allows Canadians to access their money through Interac Cash at 60,000 Automated Banking Machines and InteracDebit at 766,000 point-of-sale terminals across Canada. Interac Flash, a secure contactless enhancement of Interac Debit allows Canadians to pay for items instantly with their Interac chip debit card at a reader that supports Interac Flash.

 Payments Business - Media Partner



ACT CANADA WOULD LIKE TO THANK OUR NEW & RENEWING MEMBERS:

PRINCIPAL

Credit Union Central of Canada ~ member since 1990
CUPS Payment Services ~ member since 2012
Pivotal Payments ~ member since 2014

GENERAL

B2 Payment Solutions ~ member since 2014
EnStream LP ~ member since 2013


JOB OPPORTUNITIES

LOOKING FOR GOOD PEOPLE?

There is a lot of movement in the market, so if you are looking for new employees, we are always aware of some great people. Please contact ACT Canada for more details – postings@actcda.com.


CALENDAR OF EVENTS

Connect:ID
Mar 23 - 25, 2015
Washington, DC
http://www.connectidexpo.com/
ACT Members receive 15% off the full registration price

The BayPay Forum: Social Mixer
Mar 25, 2015
Toronto, ON
http://www.baypayforum.com/add-your-events/eventdetail/2420/60/%7C70/baypay-social-mixer-march-25-2015-toronto-on-canada?filter_reset=1

ICMA 25th Anniversary Card Manufacturing & Personalization EXPO
Mar 29 - April 01, 2015
Phoenix, AZ
https://icma.com/icma-25th-anniversary-expo/

TRANSACT 15
Mar 31 - April 02, 2015
San Francisco, CA
http://electran.org/events/transact15/

Mobile Payment Workshop
Apr 02, 2015
Toronto, ON
http://paymentsbusiness.ca/mobileworkshop.htm
ACT members receive a registration discount

Card Forum & Expo
Apr 8 - 10, 2015
Chicago, IL
http://www.paymentssource.com/conferences/card-forum/
ACT Members receive $200 off registration

HCE Summit
Apr 15, 2015
New York, NY
http://www.hcesummit.com/

Cartes America
May 5 - 7, 2015
Washington, DC
http://www.cartes-america.com/
ACT members receive a 20% registration discount

CNP Expo
May 18 - 21, 2015
Orlando, FL
http://cardnotpresent.com/cnpexpo/

NFCP Global Summit
Jun 04, 2015
London, England
http://www.nfcpglobal.com/

The 14th Annual Smart Card Alliance Government Conference
Jun 09 - 10, 2015
Washington, DC
http://www.govsmartid.com/
ACT members receive a registration discount

Cardware 2015
Jun 16-17, 2015
Niagara Falls, ON
http://www.cardware.ca
ACT members receive a substantial registration discount


ACTivities

We are excited to be co-presenting the Mobile Payments Workshop on April 2nd, in Toronto, ON. For more details please visit http://www.actcda.com/calendar/act-canada-events/mobile-payment-workshop.html.

Our Mobile and Customer Authentication Strategic Leadership Teams (SLTs) are busy working towards their mandates. For information on the teams please visit http://www.actcda.com/teams/slts/. Their next meeting dates are:

Customer Authentication SLT – Thursday April 9th, 2015
Mobile SLT – Thursday April 16th, 2015

Our SLTs are open to all members, if you are interested in joining one of the aforementioned teams, please email britteny@actcda.com.

Cardware 2015 is just around the corner on June 16th & 17th. Check out www.cardware.ca to get all the details. The program is now available at http://cardware.ca/program/. Hotel information including how to get a discount for your stay is available as well (www.cardware.ca/delegate-information/location.html). The hotel will fill up quickly, so make your travel arrangements before it is too late.


1. EDITORIAL COMMENT - ONE LARGE LEAP FOR THE FUTURE OF MOBILE
Source: Catherine Johnston, President & CEO, ACT Canada (03/23)

Mobile has been a series of steps. Some have been large but more have been small. Some have been simple, but we have all heard it said that all things mobile are complicated.

Technology is not the chokepoint and you know that I persist in advocating the need for stakeholder engagement and management. But let me suggest a new barrier to market adoption and then hastily state that it can be quickly eliminated with little to no cost.

CHANGE TERMINOLOGY!

Remember these questions?
"Why do you want me to take a picture with my phone?"
"Why do you want me to make a payment with my phone?"

No-one asks, "Why do you want me to access the internet with my tablet?"

At what point is a phone no longer a phone? I would suggest that it is when 50% of the usage time is not spent talking on it. So if it isn't a phone, what is it?

You may have another term, but I believe it is a Connection. This device connects me to information, to business and to friends and family. It connects me to all sorts of entertainment. Moving forward it will connect me with billions of objects as the Internet of Things devices come online.

Terminology can influence our perceptions. Once upon a time we travelled in horse drawn buggies. When the horse left and motors were introduced we gave the conveyance a new name: CAR. The change made sense because no-one would have believed that a horseless buggy could travel hundreds of miles or kilometres in mere hours.

Today it is time to acknowledge that the devices we use, not just for conversation but for so much more, are mobile connectors or connections. Now when you tell people that this device can replace all their TV and stereo remote controls, monitor their health and do other amazing things, they won't have to wonder why or how their phone would do that.

Mobile Connections – here, now, useful and understandable.


2. MONERIS SELECTED AS PAYMENT ACQUIRER FOR GOVERNMENT OF CANADA
Source: Moneris (03/19)

Moneris Solutions Corporation (Moneris) announced that it has been selected as the payment acquirer for the Government of Canada.

Following a competitive process, the Government of Canada selected Moneris as the successful bidder to provide card processing services to federal departments and agencies across Canada. As part of the agreement, Moneris will process all Interac Debit, VISA, MasterCard and American Express payments for Government of Canada services.

We're excited to be working with the Federal Government to manage and improve its payment solutions, for services across the country. Moneris is a payment technology leader in North America and is capable of scaling to meet the needs of the Canadian government, innovate with new technology and deliver strong service and support." Jeff Guthrie, Chief Sales and Relationship Officer at Moneris.

Approximately 38 federal government departments and agencies accept credit and debit cards at different locations across Canada. Through the agreement, Moneris will provide all Point of Sale (POS) devices as well as manage all card payment transactions for various government services offices.

In line with the government mandate, Moneris will work to ensure that cost recovery services provide the best possible solution at an affordable cost to Canadian taxpayers while continually helping the federal government evolve its payment processing solutions to keep pace with the ever-changing payment technology landscape.

Moneris Solutions is a member of ACT Canada and a sponsor at Cardware; please visit www.moneris.com.


3. INGENICO MOBILE SOLUTIONS LAUNCHES INDUSTRY'S FIRST MPOS SOLUTION ENABLING NFC ACCEPTANCE OF APPLE PAY, MASTERCARD CONTACTLESS AND VISA PAYWAVE
Source: Ingenico (03/02)

Ingenico Mobile Solutions has developed the RP170c that gives small merchants a future-proof solution for contactless payment acceptance by providing support for both magstripe contactless and EMV contactless cards.

The RP170c is fully compatible with the Ingenico Mobile Solutions mCommerce platform including their mPOS application, management portals and gateway to instantly accept all of the latest NFC payment methods – including Apple Pay – as well as all Visa and MasterCard contactless cards, whether they are EMV or magstripe. As for any mPOS solutions deployed by Ingenico Mobile Solutions, the RP170c based solution can also be white labeled for merchants or channel partners reselling the solution that want to emphasize their own brand.

Ingenico Group has a strong track record of innovation when it comes to EMV and NFC as we were the first one to develop combined EMV and NFC features in smart terminals in the US and across the globe." said Jacques Guerin, EVP Smart Terminals & Mobile Solutions at Ingenico Group. "Today, we are introducing the only mPOS solution that will be able to process Apple Pay, MasterCard contactless and Visa payWave transactions. With such a solution, we continue to provide merchants with future proof mPOS solutions."
Additional features of the RP170c include:
- NFC/contactless reader and dual track magnetic stripe reader (MSR) in one unit
- Compatible with virtually any iOS or Android device and connects via a 3.5mm standard audio jack
- EMV Level 1 contactless certification
- Certified for qVSD and MSD (Visa), plus M/Stripe and M/Chip (MasterCard)
- Audible buzzer and color LEDs to signal completed contactless transaction
- Integrated extended life rechargeable battery
- Developer friendly SDK for mobile application integration

Ingenico is a member of ACT Canada and an exhibitor at Cardware; please visit www.ingenico.com. MasterCard Worldwide is a member of ACT Canada and a sponsor at Cardware; please visit www.mastercard.com. Visa Canada is a member of ACT Canada and a sponsor at Cardware; please visit www.visa.ca.


4. IT'S OFFICIAL: SAMSUNG PAY IS REAL
Source: Mobile Payments Today (03/01)

Almost two weeks after the industry first saw its official glimpse into what Samsung planned to do in the mobile-payments market, the South-Korean based electronics manufacturer revealed Samsung Pay at the Mobile World Congress in Barcelona.

While Samsung Pay will not launch until the summer, it will come to the market with a distinct merchant acceptance advantage over Apple Pay and Google Wallet.

Samsung will use a two-pronged approach to mobile payments thanks to its recent acquisition of LoopPay, which developed a proprietary contactless payments technology that is supposed to work with 90 percent of the point-of-sale terminals deployed in the U.S.

Samsung embedded LoopPay's technology into the new Galaxy S6 and Galaxy S6 Edge smartphones. The new devices will still rely on NFC chips to enable users to conduct tap-and-pay transactions at contactless-enabled point-of-sale terminals. But if contactless is unavailable, LoopPay's Magnetic Secure Transmission technology can "communicate" with magnetic-stripe reader currently present on all terminals. Samsung Pay will sense which option is available and adjust accordingly.

Samsung Pay's dual approach means more merchants will be able to accept the mobile wallet without an equipment upgrade. A large portion of Tier 1 merchants have already updated their terminals ahead of the EMV liability shift in October, but the option to switch on the contactless function lies with the retailer. Samsung Pay, however, would work regardless of the situation.

"As a result, this technology from LoopPay provides Samsung with a formidable option that meets the U.S. market where it stands today in terms of payment infrastructure upgrades," Michelle Evans, a senior analyst for Euromonitor International, wrote in a research note Sunday about the announcement. "Even after the U.S. completes its shift from mag stripe to chip-based cards, this technology from LoopPay will continue to have relevance for gift cards, as well as loyalty and membership cards.

"That functionality could be an important differentiator for Samsung moving forward and ultimately help to drive adoption for its mobile wallet."

Samsung Pay at first will be available to consumers in the U.S. and South Korea followed by a worldwide rollout.

Samsung Pay's specs are almost identical to what we saw Apple announce in September with Apple Pay. Samsung will let users load credit card information into the Samsung Pay app where it will then use tokenization to mask critical credentials. The wallet will also work in tandem with what Samsung calls an improved fingerprint reader to authenticate purchases.

Samsung Pay also comes to the table with the support of American Express, MasterCard and Visa. Payment processor First Data is on board, as are Bank of America, Citi, JPMorgan Chase and U.S. Bank.

Even with all the initial support from financial institutions, expect Samsung Pay to run into consumer adoption issues.

"As with any new payment service, it will take time before we see significant adoption, whether for Samsung Pay or Apple Pay, because it requires personal time investment on the side of the consumer to learn such a new service," Pascal Caillon, general manager of North America for mobile proximity commerce provider Proxama, said in a statement. "That being said, adoption may be quicker with Samsung Pay than it was with Apple Pay because Samsung Pay can be used in most POS environments."

A consumer's preference also will be an issue as when it comes to Samsung Pay adoption.

Google's recent acquisition of Softcard's technology from AT&T, T-Mobile and Verizon included a stipulation that puts Google Wallet as a preinstalled app on Android phones sold by mobile manufacturers. The Associated Press reported that Samsung Pay and Google Wallet will come on Samsung phones sold by those three manufacturers. Consumers will need to choose one wallet as their preference so that they will not be charged double for purchases.

American Express is a member of ACT Canada; please visit www.americanexpress.com. MasterCard Worldwide is a member of ACT Canada and a sponsor at Cardware; please visit www.mastercard.com. Visa Canada is a member of ACT Canada and a sponsor at Cardware; please visit www.visa.ca.


5. VISA IS PARTNERING WITH BANKS ACROSS THE GLOBE TO EXPAND HCE SERVICES
Source: Let's Talk Payments (03/11)

Visa Inc. has announced that it has partnered with several leading financial institutions around the world to offer new mobile payment services. BBVA and Cuscal launched new issuer-branded mobile payment applications for mobile devices running on the Android operating system. Additionally Banco do Brazil, PNC Bank, N.A., and U.S. Bank intend to launch similar capabilities in the near future.

To use these new mobile payment services, consumers simply download their financial institution's mobile payment app from the Google Play store. Following a one-time enrollment process, customers of participating financial institutions who download and install the application will be able to pay in-store with their Visa accounts by waving their Android mobile phone in front of a contactless reader. These capabilities are an integral part of Visa Digital Solutions, a comprehensive suite of offerings that facilitates secure payments across a broad range of Internet-connected devices and wearables.

A year ago, at Mobile World Congress 2014, Visa launched a new technology that provides financial institutions, merchants, and developers the ability to securely deploy mobile payment apps with Android devices. Specifically, Visa offered capabilities that gave financial institutions the option to take advantage of Host Card Emulation (HCE), a new feature in the Android mobile operating system that allows any NFC application on an Android device to emulate a smart card.

This recent announcement is a testament to the flexibility of Visa Digital Solutions, which includes Visa's software development kit (SDK) and the Visa Token Service. Visa Token Service is an innovative technology that replaces sensitive payment account information found on plastic cards, such as the 16-digit personal account number, expiration date and security code, with a unique series of numbers that can be used for payment without exposing the underlying account details. Visa Token Service is the foundation for Visa mobile payments through Apple Pay, HCE, and other digital payments apps coming to the market.

Sam Shrauger, senior vice president of digital solutions at Visa Inc., said in an official press release: "2015 is the year in which fast and safe mobile payments based on Visa technology will proliferate across the world. We are very proud that Visa Digital Solutions is now accessible to the broader market to be used across multiple devices and form factors – enabling secure, fast and engaging commerce experiences in any environment."

Visa Canada is a member of ACT Canada and a sponsor at Cardware; please visit www.visa.ca.


6. TOKENIZATION IS NOT ENOUGH: THE ROLE OF ON-DEVICE SOFTWARE FOR SECURE MOBILE PAYMENTS
Source: Mobile Payments Today (03/06)

HCE cloud-based mobile payments have opened a new chapter in the industry's thinking around security of card data on-device and the risk management associated with it.

The lack of secure element hardware storage on-device creates the need for strong software based solutions to mitigate the risk of storing sensitive card data on phone memory. Tokenization has emerged as one of the most important solutions for enabling secure cloud-based payments. By replacing something of high value, the secure Personal Account Number (PAN), with something of lower value, the limited-time use card data or "token," tokenization protects the original PAN number from misuse.

But is tokenization alone enough?
Traditionally, tokenization means one-time use data. If one-time use card data is provisioned to the phone then the security risk of the data in open is restricted to that transaction only. However, as per EMVCo specification on tokenization, the definition of token is alternate PAN, which is not the same as one-time use data. Consequently, tokenization specifications being implemented in commercial services today provision tokens to phones with extended active life spans – opening the window for potential fraud. Hence the role of tokenization in cloud-based payment security for proximity payment has lesser importance than it is often given. The main security it provides is that a hacker cannot use the stolen card data online or other channels.

Furthermore, having cryptographic keys and functions in the phone database leaves critical payment data vulnerable to attacks.

Two aspects become critical for consideration in thinking about cloud payment deployment based on HCE and tokenization. They are dynamic issuance and on-device security and management.

Service providers are generally familiar with the aspects of card issuance and personalization. Card issuance and personalization for SE-based and HCE-based issuance have much in common. The key difference being that the former is static while the latter is dynamic in nature. Dynamic issuance requires dynamic management of the card and account data in addition to tokenization.

On-device management is the ability to dynamically monitor various threshold parameters that govern the policy of making a transaction and performing account replenishment. For example, a bank may decide to replenish account parameters if the device is used to transact at a location that is 250 miles away from where the account data was initially issued. In this case, the digital issuance system is resetting the threshold parameters and replenishing the limited-use key. This is an example of how location data can be used to dynamically manage account parameters for cloud payment deployments.

On-device security is the implementation of software-based secure element to protect card data and cryptographic keys and functions. In addition, application integrity must be maintained to resist modification of the application by hackers. Various techniques must be employed to protect application integrity including white-box cryptography.

At the end of the day, secure mobile payments, especially leveraging cloud-based HCE, will only be possible by leveraging all the available tools for security. That will include network-based tokenization and dynamic issuance and management as well as robust on-device software and device fingerprinting. The sooner we understand that and start having a holistic approach to mobile payments security the sooner mobile payments will migrate from early adopters to the majority of the population.


7. BULGARIAN BANK TO LAUNCH MOBILE PAYMENTS WITH MEAWALLET TECH
Source: Mobile Payments Today (03/02)

First Investment Bank AD of Bulgaria last week announced that it will work with MeaWallet to bring mobile NFC payments to existing mobile bank users. The mobile payment service is based on mobile virtual payment cards using cloud based security and host card emulation technology, according to a joint press release from the companies.

First Investment said the service will work at all merchants that accept MasterCard PayPass and Visa payWave.

First Investment said this launch with MeaWallet will be one of the first commercial cloud-based NFC banking projects in Europe and the plan for launch is after summer. Mobile banking users will be able to use the service globally at all EMV contactless compliant POS terminals covering millions of merchants, according to the announcement.

"First Investment Bank AD is seen as one of the most innovative banks in the Balkan region," said Svetoslav Moldovansky, executive director for the FI. "With the MeaWallet mobile payment service we will give our customers an attractive, secure and easy-to-use service to complement our already popular mobile banking app,"

In addition to mobile proximity payments, the app will also have standard features such as account balances and transaction history, bill payment, person-to-person payments and communication services. First Investment also wants to add the ability for customers to make e-commerce purchases, as well.

"The partnership with First Investment Bank AD, which is a first mover and trendsetter in Bulgaria, is further proof that our mobile technology platform and strategy — and in particular our focus on cloud-based mobile payment solutions, including techniques like tokenization, HCE and NFC — is paying off," said Lars Sandtorv, CEO of Norway-based MeaWallet.

MeaWallet is a member of ACT Canada and an exhibitor at Cardware; please visit www.meawallet.com.


8. G&D PROVIDES FRAUD PROTECTION FOR APPS
Source: Giesecke & Devrient (03/02)

The rise of mobile devices is a key driver of the connected society. Smartphones and apps have experienced great success and have become the archetype of modern software. Their numbers are steadily increasing and have far exceeded millions in various app stores. Many of these apps trigger various transactions, which may involve sensitive data. Yet most of these apps rely on vulnerable measures and ways of protecting users' identities and data. With SIMSec, Giesecke & Devrient (G&D) is now presenting a solution that uses the devices' SIM cards to protect apps in a fast, easy, and reliable way. By using SIMSec, app developers can offer their customers unbreakable, integrated protection. Mobile network operators (MNOs) can open up new revenue streams by providing better use of the SIM card. To demonstrate the concept, G&D is showcased a SIMSec-based password manager using the SIM card to securely store the user's credentials such as PINs, passwords, etc., at Mobile World Congress.

Using the features of modern SIM cards for protecting identities and data and providing a tamperproof security execution platform gives consumers more trust when making apps part of their "connected lives". Compared to other security measures, such as storing keys and sensitive data in the smartphone standard storage or in the cloud, SIM cards offer much higher security. SIMSec makes use of the core SIM security features, so it can be used to secure any kind of application or service utilizing authentication, encryption, secure storage, or key management. The availability of an easily accessible hardware security component in an otherwise insecure environment allows service providers and app developers alike to make their products and services stand out.

With the SIMSec framework, deployment could not be easier: Once a SIMSec-enabled app is downloaded to a device featuring a SIMsec enabled SIM card, it sends a request to the MNO's SIMsec OTA server. An applet is then deployed to the SIM card automatically, enabling the app to use core security features of the SIM card such as password storage or hardware encryption.

SIMSec consists of three key components: an application deployed on the MNO's OTA server infrastructure, an applet on the SIM card enabling access to its features for third parties, and a development kit to integrate the desired security features into the app. SIMSec is an extension G&D's proven SmartTrust platform which manages more than 2 billion SIM cards worldwide. Developers can register for SIMSec via a simple web interface.

Giesecke & Devrient is a member of ACT Canada as well as an exhibitor and sponsor at Cardware; please visit www.gi-de.com.


9. MASTERCARD WORKS WITH SAMSUNG TO DELIVER SAMSUNG PAY
Source: MasterCard (03/01)

As consumers increasingly trade cash to use their cards through connected devices, Samsung is enabling a wider audience to take advantage of digital commerce. Samsung Electronics Co., Ltd has unveiled Samsung Pay, a mobile payment service that will enable MasterCard cardholders to use their Samsung Galaxy S6 for everyday in-store purchases.

MasterCard built the foundation for secure digital transactions, so consumers can use their cards when, where and how they want. Samsung Pay delivers a seamless and secure mobile payment experience that will work at both contactless-enabled and most traditional point of sale terminals. For consumers and merchants alike, that means that every purchase made with a MasterCard using a Samsung Galaxy S6 will offer the enhanced security, benefits and guarantees of a digital MasterCard transaction including the latest tokenization technology. Owners of the new device will be able to use their MasterCard credit and debit cards from participating banks directly through Samsung Pay.

"This is an exciting time for payments," said Ed McLaughlin, chief emerging payments officer, MasterCard. "As consumers are increasingly relying on their mobile devices in their everyday lives, we are excited to work with an industry leader like Samsung to deliver new payment options to our cardholders around the world. We have been a pioneer of mobile commerce innovation for years and together we're delivering a digital payment experience that is both simple and secure."

"From the start, Samsung's vision for mobile payments and commerce has been centered on security, wide acceptance, and a simple user experience. With MasterCard's tokenization services in conjunction with Samsung's unique MST (magnetic secure transmission) and NFC technologies, Samsung Pay makes secure contactless mobile payments possible at most NFC or traditional magnetic POS terminals," says Dr. Injong Rhee, Executive Vice President at Samsung Electronics. "Samsung's KNOX security platform and fingerprint authentication make Samsung Pay transactions highly secure and easy to use."

The MasterCard Digital Enablement Service (MDES) enables MasterCard consumer credit and debit cardholders to use Samsung Pay. In building a secure payment experience, Samsung Pay leverages industry-standard cryptography based protections to ensure transactions can take full advantage of one of the most secure payments technologies in the world. In order to further protect consumers, Samsung Pay transactions also incorporate additional security features including tokenization via MDES and fingerprint or passcode payment authorization.

Samsung Pay will first be made available for U.S. consumers this summer. MasterCard will be working with Samsung to roll out Samsung Pay to additional global markets including Korea.

MasterCard Worldwide is a member of ACT Canada and a sponsor at Cardware; please visit www.mastercard.com.


10. GEMALTO AND TAPIT BRING ONE-TAP MOBILE PAYMENT TO POSTERS, KIOSKS, PACKAGES, AND SIGNS
Source: Gemalto (03/03)

Gemalto is working with Tapit, a platform used by global brands to transform their physical assets into interactive objects, to launch "Tapit and Buy". This is an innovative solution whereby the consumer taps their smartphone against a Tapit-enabled physical support, such as outdoor media posters, product packaging and in-store marketing materials, enabled by an NFC tag, QR code or beacon. They are then instantly directed to the media owner's ecommerce site where they can buy digital content, in one click, charged to their operator phone bill.

Tapit and Buy is the first solution of its kind, leveraging Gemalto's Netsize operator billing system and Tapit's Cloud Platform to transform a wide range of physical assets into 'one-tap' mobile payment terminals. This new collaboration has an initial focus on the UK for transactions worth up to £30 for digital content such as e-publications, video, music and games.

This solution gives enterprises the opportunity to forge direct relationships with consumers via their physical assets, and measure precisely the return on investment achieved by advertising campaigns.

"Tapit and Buy gives brands access to incremental revenue opportunities through their product packaging or point of sale materials, directly associating sales with marketing," said Tapit Founder Andrew Davis. "Gemalto's Netsize operator billing technology ensures that payment is secure, seamless and transparent for end users, while Tapit's platform ensures brands have full control and visibility of how their physical assets are performing in the field."

"'Tapit and buy' brings a completely new dimension to how people interact and transact with brands that brings greater convenience and spontaneity to the consumer domain," added Frédéric Deman, Senior Vice President of Netsize at Gemalto. "A host of stakeholders stand to benefit from new opportunities and revenue streams, including brands, outdoor media owners, marketing and advertising agencies, and mobile network operators seeking to sell direct to millions of potential customers."

Gemalto is a member of ACT Canada and a sponsor at Cardware; please visit www.gemalto.com.


11. COULD APPLE PAY FRAUD HAVE BEEN PREVENTED?
Source: Let's Talk Payments (03/09)

By now, pretty much everybody has heard about the identity fraud going on with Apple Pay. Stolen card data from the card-not-present channel and even some of last year's stolen card data from the card-present channel, seem to be finding its way comfortably into Apple's Mobile Wallet. Effectively, stolen card data is being converted into 'legitimate' Apple Pay 'cards'.

The common view among bloggers and industry experts is that this is not an Apple Pay problem. It basically says that Apple was not responsible, in the first place, for properly authenticating cardholders during the enrollment process. Instead they say it was the responsibility of card issuer to identify the user of the card before it got into the wallet.

I simply disagree. Apple and the payment industry cannot continue to blame each other and hope that the problem will simply disappear somehow. No, it won't happen! My expectation is that, unfortunately, the problem may grow further if nothing is being done to fix it. In my opinion, both Apple and the payment industry bear an equal level of responsibility for the current situation and both could have done a much better job by introducing simple steps that would have prevented it from ever happening.

There are several main issues at play here, which each individually may require separate consideration and analysis.

First Issue – Putting Consumer Convenience Ahead Of Strong Security
The first issue is that consumer convenience took precedence over a strong KYC process and security. My only guess would be that the expectation that Apple products must be completely frictionless contributed a great deal to the pressure to collectively enable an easy enrollment process, potentially knowingly full of security holes.

What Could Apple Have Done To Make the Enrolment Process More Secure?

Apple, as the mobile wallet provider and approved Token Requestor, could and should have taken several steps to secure the enrollment gates. We all know how much pride Apple takes in the fact that they fully control every aspect of iPhone6/6+ production and manufacturing. I assume, by the same logic, that they fully control the NFC chip as well and I believe they could have easily provided a proper Apple Pay Enrollment App capable of:
- Utilizing the NFC chip as 'mPOS like' contactless card reader to offer 'tap & enroll' method for owners of contactless Visa payWave, MasterCard PayPass and American Express ExpressPay chip-cards to capture card data with dynamic CVV.
- Capturing the cardholder's digital hand signature, during the enrollment process, especially when manually entering the pure magnetic stripe data into the wallet.

These two measures above, separately or together, would provide a generic and universal solution for securing the enrollment process. Such an Apple Pay Enrolment App would clearly be independent of any issuer's proprietary or discretionary process. I can only assume that this would be relatively simple to be implemented by Apple and thus effectively convert the current 'card not present' enrolment process (prone to identity theft as with any online purchase) into something that would resemble the much more secure 'card present' process.

What Could Issuers and Payment Networks Have Done To Make Enrollment More Secure?

In retrospect, the card issuers and payment networks also could and should have resisted pressure for a completely frictionless process, by sticking to their guns and insisting on applying proper security measures as part of the process, like:
- If the consumer card is already 3D Secure enabled, use it and let the issuer properly authenticate the consumer
- If the consumer card is already stored inside payment network provided wallets like MasterPass, V.me or Visa Checkout, make sure Apple imports the card info from those wallets – as part of the process, let the digital wallets properly authenticate the consumer

Then the issuers and payment networks should REJECT any card being entered into the Apple Pay wallet, which hasn't successfully passed one or more of the enrollment criteria listed above.

Second Issue – Availability Of Unprotected Card Data
The second issue is the vast availability of unprotected sensitive card data, which can be stolen and used by fraudsters. This is the payment industry's chronic issue, which is hurting it well beyond Apple Pay.

All of today's plastic cards communicate the PAN, unprotected, to the physical point of sale (POS) terminals. That applies to both magnetic stripe cards and even EMV chip cards. This is currently a somewhat neglected issue by the payment networks, issuers and EMVCo. For example protection of plastic card PAN data in POS transactions is not covered by the "EMVCo Payment Tokenization Specification -Technical Framework", which is mainly focused on mobile NFC / QR based and online payments.

To secure the physical card data in the card-present channel, the payment networks could easily take advantage of the built-in EMV chip computing power and offer a complete end-to-end protection of the sensitive payment card data at point of sale, which is independent of merchant's willingness to adopt acquirer-proprietary P2PE solutions. Complete end-to-end protection of plastic chip-card data at physical point of sale, could be offered by adopting either one of these concepts:
- End To End Format Preserving Encryption
- Generic Pre-Tokenized ProxyEMVPay Cards

In the online world, mainstream digital wallets like Visa Checkout or MasterCard MasterPass, etc., which are used to securely store card data for online payments, still provide to the online merchants unprotected card data during online transactions. These digital wallets should integrate tokenization services provided by the same payment networks, offering them ASAP.

To conclude – the road from here is not easy and clearly requires a concerted effort by the mobile wallet providers like Apple Pay, Samsung Pay or even the imminent Android Pay and the main payments industry players to:
- Fully close out all 'PAN leakages' across all payment channels
- Collaborate and implement comprehensive, as generic as possible, card enrollment processes, using the available and existing best practices in payments security

American Express is a member of ACT Canada; please visit www.americanexpress.com. MasterCard Worldwide is a member of ACT Canada and a sponsor at Cardware; please visit www.mastercard.com. Visa Canada is a member of ACT Canada and a sponsor at Cardware; please visit www.visa.ca.


12. NBS TECHNOLOGIES AND SMART CARD IT SOLUTIONS LEAD IN GLOBAL INTEGRATION
Source: NBS Technologies (03/06)

NBS Technologies has supplied the Horizon Evolution HD with Integrated Mailing system and EMV Software to Smart Card IT Solutions of Pune, India.

Smart Card IT Solutions Limited (SCIT), founded in 2010, manufactures and markets smart cards to Indian and international customers; and like NBS, deal with businesses in government (e-governance), immigration, telecommunications, transportation, banking, health, insurance, security, entertainment, commercial, and other industries.

The SCIT state of the art facility which has the manufacturing capacity to produce up to 250 million cards per year, has now invested in NBS technology in order to support their new banking card personalization bureau opportunity. "This is going to be a big foot print for the NBS range of banking card personalization machines in the Indian market." commented Krishna Prakash, NBS Country Head of Sales for India.

SCIT chose NBS since they're aligned in their vision and requirements for predictable quality and throughput which NBS offers with its highly advanced Horizon Evolution HD. NBS is the source for total card solutions as it provides magstripe, chip encoding, printing, embossing, to inline card insertion and mailer. Highly secured EMV solution software Persomaster from NBS makes it a one stop solution and a more streamlined operation process. Furthermore, with Aura Print Solutions as partner and service providers for NBS in India, with their factory trained engineers for local support, was the key to differentiate SCIT in the market. The recent Indian Government initiative of "Jan Dhan Yojana" is an ambitious mission focusing on financial inclusion and integration of all households in India.

"This is a huge undertaking considering the dynamics and vastness of India. Indian card manufacturers have to step up and meet the challenge of the sudden demand for RuPay debit cards from all the nationalized and cooperative banks. RuPay is competing to be the best alternative to MasterCard and Visa in India for debit cards, and soon to be recognized as an official credit card." remarked Krishna Prakash, NBS Country Head of Sales for India.

NBS Technologies is a member of ACT Canada; please visit www.nbstech.com.


13. APPLE WATCH AIMS TO ALTER PAYMENT AND SHOPPING EXPERIENCE
Source: Mobile Payments Today (03/10)

Apple gave the world a more detailed look into its newest product line in the Apple Watch and the device shows the potential to put a new twist on the shopping, payments, and personal financial management experience for consumers.

Apple CEO Tim Cook waited until the end of its "Spring Forward" event to discuss the new device, and even then the company mostly focused on fitness and health features. But Apple did give the gathered audience in San Francisco quick glimpses into how the Apple Watch will work with Apple Pay, airline boarding, and mobile banking.

Apple Pay appears to work on Apple Watch as easily as it does on the new iPhone 6 devices.

When it's time for a consumer to pay for an item at a retailer, he or she will double tap the side button on the Apple Watch to prepare Apple Pay and the preferred payment card will appear on the screen. A consumer then holds the Apple Watch near an NFC reader to pay. Apple Watch notifies the user the transaction is complete with an audible ping, and then proceeds to show some purchase details on the screen.

At first blush, it appears the Apple Watch payments experience reduces the overall time it takes to complete a purchase compared with an iPhone or credit card. But is that enough to increase mobile payments adoption?

"Although this may seem like just five seconds of time improvement, that really matters from an adoption standpoint for mobile payments" Mike Wehrs, head of U.S. operations and global chief marketing officer of Appster, told Mobile Payments Today in an email. "We see this as a fundamental accelerator for the adoption of mobile payment technology overall."

Cook said during the event 2,500 financial institutions now support Apple Pay. Some 700,000 retail locations accept it as well. Cook also mentioned Coca-Cola this year plans to deploy up to 100,000 vending machines that will accept Apple Pay (and by default, other forms of NFC-enabled mobile payments).

Apple during the event also highlighted other Apple Watch capabilities that are not necessarily tied to payments, but appear to enhance the mobile environment.

Starwood Hotel & Resorts developed an Apple Watch app that enables users to unlock a hotel room door without the need for a key. The feature is similar to one on Disney's MagicBand wearable bracelet. MagicBand is a contactless wristband Disney created for its park and hotel patrons to use as a room key, theme park ticket and payment account.

Target is the only major retailer at the moment with an Apple Watch app. The Target app will track users in a store and will send them a reminder when they're near something on their shopping list, which a consumer creates on their iPhone. The app shows the potential for how beacon technology will interact with the Apple Watch.

"It is much easier to react to a beacon pushed message by looking at your watch, than by taking your phone out of pocket or purse, unlocking it and clicking on the alert in the notification area," Pascal Caillon, general manager of North America for Proxama, told Mobile Payments Today in an email.

American Airlines is on board the Apple Watch with an app that enables travelers to receive notifications and the ability to check in for a flight. Users also can store a QR code on the watch's screen that contains boarding information.

Citi and Mint each developed personal finance management apps for the Apple Watch. Citi's app enables users to get a quick look at checking, savings, and credit card balances and detailed information about the five most recent transactions. Mint's app lets users track monthly spending goals and the ability to receive weekly notifications about personal budgets.

Apple will begin taking preorders for the watch April 10 and it will be available starting April 24.

Apple Watch comes in three distinct editions: Apple Watch Sport, Apple Watch, and Apple Watch Edition, which is the infamous 18-karat gold watch that starts at $10,000. The Apple Watch Sport starts at $349. Prices vary depending on the display size for each edition.

Target is a member of ACT Canada; please visit www.target.com.


14. TD MOBILE APP REFRESH PUTS A SPOTLIGHT ON SPEED AND AGILITY
Source: TD Bank (03/17)

TD Bank Group announced a redesign of its popular TD app for Android and iPhone smartphones, creating a more intuitive, simplified experience for customers. The new functionality allows users quicker access to popular features, as well as added capabilities, such as the ability to submit U.S. bill payments – a first for a Canadian banking app.

"This redesign represents a real collaboration of ideas between TD and our customers, incorporating new capabilities in ways our customers want to be able to use our app," said Rizwan Khalfan, SVP and Chief Digital Officer at TD. "The result is a more engaging experience that is quick and simple to use and allows customers to do more while on the go."

Building on the framework of Canada's most popular mobile banking app, the enhanced mobile features and capabilities include:
- Quick Links: Customers can quickly and easily manage their money with our most popular banking functions accessible now from the top of their home screen.
- Quick Access: Customers can choose to conveniently view their account balances without having to log in.
- Quick TD Credit Card payments: TD Credit Card Account bill payment features the option to pay via three pre-populated payment amounts, as well as the customer's ability to type in a specific payment amount.
- Moving and sending money: Sending an Interac e-Transfer using the TD app is now simpler and faster, with the ability to add recipients straight from your smartphone's contact list.
- U.S. and Canadian bill payments: For the first time in Canada via a banking app, TD customers can submit U.S. bill payments from their eligible TD Canada Trust Canadian or U.S. dollar personal chequing or savings accounts. Customers can also easily add and manage Canadian bills directly on their smartphone.
- Enhanced direct investing features: TD Direct Investing clients can make trades and view real-time quotes, analyze portfolio information with the new Heat Maps tool, and monitor investments and stocks with advanced, full-screen charting.

When using the TD app, customers are protected by the TD Online and Mobile Security Guarantee, provided security responsibilities are met.

TD is a member of ACT Canada and a sponsor at Cardware; please visit www.td.com.


15. NXP LAUNCHES NEW PLATFORM FOR DEVELOPMENT OF SECURE MOBILE PAYMENT APPLICATIONS
Source: Let's Talk Payments (03/15)

NXP Semiconductors has announced the availability of its Secure Service Development Platform (SSDP), developed to facilitate the rapid introduction of applications that utilize NXP's NFC and embedded Secure Element (eSE) module, PN66T. The SSDP provides a turnkey approach for the loader service on the PN66T, enabling a faster time-to-market for secure mobile applications. Secure NFC applications can now be realized quickly and easily, reducing design effort and resources while maintaining quality levels expected in a commercially available mobile or wearable device.

The SSDP is a set of hardware tools and software blocks that enable application developers to quickly start building apps that leverage the eSE in the PN66T. With this the platform developers are able to test and validate their secure applications on commercial phones. In addition to providing real-world phone solutions, the development platform also contains example industry use-cases from companies such as Hyatt, 7Eleven, and TransportKiosk. The SSDP can be used to create many different applications, including secure banking, transit, access control, authentication, automotive, and much more.

Jeff Miles, VP Business Development at NXP Semiconductors, said in an official press release: "The SSDP supports partners wanting to create new secure applications by removing the technical challenges they face in getting credentials on to the secure element in phones and wearable devices. Now, instead of taking months, new applications can be created and validated in a matter of weeks. The SSDP will streamline the process for the development community therefore enabling phone and wearable technology manufacturers to bring these new apps to market faster."

NXP Semiconductors is a member of ACT Canada; please visit www.nxp.com.


16. VISA AND SAMSUNG BRING MOBILE PAYMENTS TO THE NEW SAMSUNG GALAXY S6
Source: Visa Inc (03/01)

Visa Inc. announced it is supporting consumer payments with the new Samsung Galaxy S6. Eligible consumers in the U.S. will be able to make secure Visa payments with Samsung Pay, Samsung's new payment service scheduled to launch this summer.

Samsung Pay is supported by Visa Token Service technology which is designed to enable secure payments with a broad range of connected devices. This new innovative technology from Visa replaces sensitive payment account information found on plastic cards, such as the 16-digit account number, expiration date and security code, with a unique series of numbers that can be used to authorize payment without exposing actual account details – helping to make mobile payments safer for everyone, everywhere.

"Working in partnership with Samsung, we are able to bring secure mobile payments to millions of consumers around the world," said Ryan McInerney, global president, Visa Inc. "Combining Visa's expertise in payment technology with Samsung's global leadership in creating innovative mobile experiences gives more choice to financial institutions who want to enable their customers to pay with the new generation of mobile devices."

To make Visa purchases in-store with Samsung Pay, users will simply select their preferred Visa account and hold the device near a payment terminal. The new Samsung Galaxy S6 is equipped with both Near Field Communication (NFC) and Magnetic Secure Transmission (MST) technology that enable the device to wirelessly transmit payment information to either a contactless or traditional magnetic stripe merchant terminal.

"Samsung's vision for mobile payments and commerce is rooted in secure, simple, and convenient user experiences. Our partnership with Visa realizes this vision by combining Visa's secure tokenized service with Samsung's unique MST (Magnetic Secure Transmission) and NFC technologies. Samsung Pay enables consumers to make simple and secure mobile payments at most merchant POS terminals," says Dr. Injong Rhee, EVP, Mobile Commerce, Samsung Electronics. "Using Samsung's KNOX security platform and fingerprint authentication, Samsung Pay will deliver a truly revolutionary and secure payment experience to Samsung Galaxy users."

Samsung Pay is scheduled to launch during the summer of 2015 in the U.S. The new service will be made available to eligible Visa account holders from U.S. financial institutions participating in the Samsung Pay program.

Visa Canada is a member of ACT Canada and a sponsor at Cardware; please visit www.visa.ca.


17. BRITISH SHOPPERS WARMING TO NEW PAYMENTS TECHNOLOGIES BUT NOW HAVE GREATER EXPECTATIONS OF RETAILERS
Source: Verifone (03/10)

Verifone announced the findings of its UK consumer study that shows how British shoppers are taking to new technologies enthusiastically as they browse and pay for goods and services. Yet with these advances and choices comes a need for retailers to offer promotions and incentives consistently across all channels to maintain brand loyalty and provide positive experiences to their customers, according to the study.

Overall, it found that familiarity with new payment methods is rising; 38 percent of respondents in London were either very or somewhat familiar with contactless payments, and 21 percent were very or somewhat familiar with mobile wallets. Yet cash remains the primary choice of payment in the UK for 65 percent of the respondents, followed by chip and PIN transactions and online payment methods.

Conducted among 1,085 UK adults last month by Censuswide, the survey gives a view of consumer attitudes toward in-store and online shopping experiences, and how they want to be treated by retailers. It also examined the extent to which the application of new technology in retail environments has shifted expectations and customer satisfaction.

The effect of the rising prominence of technology in retail experiences is clear, with 56 percent of respondents saying the breadth of new ways to pay in-store is important to them. Three out of 10 supported improvements made in the range of payment methods at the point of sale, while 32 percent saw mobile applications that stored card details as important or very important.

The results also show that e-commerce continues to evolve and bring new opportunities to retailers, with in-store (75 percent) and online (72 percent) shopping now practically equal in popularity. However, only 10 percent of respondents had shopped by mobile phone. And, the same number said they now expect less human interaction because of new technology, showing that the personal touch remains crucial to the retail experience.

The introduction of more technology has also shifted expectations, with consumers wanting retailers to use it to enhance their marketing and the way discounts are offered. Better sales promotions or discounts are now expected by 35 percent of respondents in exchange for their loyalty through a more connected approach to commerce, and 32 percent expect to be treated consistently across all payment methods, marketing channels and whether shopping in-store or online.

"We are seeing UK consumers begin to take to new technologies with enthusiasm, indicating that mass adoption won't be far away," said June Felix, President of Europe for Verifone. "However, shoppers also want to feel that retailers value and understand them more because of these technologies. Therefore, it's imperative for these new technologies to provide a connected commerce experience that is clear and relevant to the consumer. Otherwise, retailers risk frustrating and even eroding trust with their customers."

"Security has become a primary and integral part of that experience both for e-commerce and in-store, with retailers expected to assure the same level of protection wherever or however people shop. The age of the customer is also a consideration. We found that the older a person is, the more worried they are that their shopping will lead to a personal data breach or fraud. Retailers need to find ways to continue to improve the retail experience and in particular reduce wait times—without compromising security in any way," she said.

Other key survey data include:
- Online shopping has become ingrained in daily life, with 81 percent of respondents inputting card details online regularly or fairly regularly
- Loyalty card schemes have a huge impact on meeting consumer needs, with 78 percent rating them as important in improving the way they shop. Point of sale technologies and processes will need to become more integrated with marketing and promotional benefits in order to sustain customer loyalty between purchases
- When asked about what factors most contributed to a negative shopping experience, 73 percent cited having to queue to pay while 75 percent indicated price as the biggest factor in a happy shopping experience
- Although 49 percent believed speed of purchase was more important than security in-store, security of online transactions was seen as more important, for 35 percent, than speed of purchase
- Simplicity with assured security is important, as 23 percent said payment devices being easy to use was their primary concern

Verifone is a member of ACT Canada and an exhibitor at Cardware; please visit www.verifone.com.


18. CPI CARD GROUP ANNOUNCES NEW LINE OF DURBIN-COMPLIANT MASTERCARD EMV CHIP CARD SOLUTIONS
Source: CPI Card Group (03/10)

CPI Card Group announced a new product line that supports MasterCard best practices for EMV debit card issuers in the United States.

"As the U.S. market migration to EMV continues to gain pace, we are confident that this additional product line for MasterCard Debit will enable our customers to migrate their portfolios in a timely manner and ahead of the liability shift date later this year," said Steve Montross, president and CEO of CPI Card Group.

The new products comply with all MasterCard requirements and Durbin specifications for U.S. debit cards. The specifications include supporting full data sharing across multiple application instances, providing merchants with debit transaction routing options.

CPI provides a range of contact and dual interface EMV solutions for debit and credit running on Java, Multos or Native operating systems.

CPI Card Group is a member of ACT Canada; please visit www.cpicardgroup.com. MasterCard Worldwide is a member of ACT Canada and a sponsor at Cardware; please visit www.mastercard.com.


19. JETCO LAUNCHES MOBILE NFC SERVICES IN HONG KONG AND MACAU WITH GEMALTO'S TRUSTED SERVICE HUB
Source: Gemalto (03/10)

Gemalto announces that Joint Electronic Teller Services Limited (JETCO) has commercially launched mobile NFC services in Hong Kong and Macau using Gemalto's AllynisTrusted Services Hub (TSH). JETCO is the largest Automatic Teller Machine (ATM) network in the region consisting of 32 member banks. The Hub provides aggregation service for banks and service providers, delivering secure over-the-air provisioning of payment credentials to their customers' NFC phones. This will allow users to pay for their goods, services, and transport with a simple tap of their smartphones.

Hong Kong, with a population of 7.2 million, has the highest smartphone penetration in Asia Pacific, and a user base that is already familiar with contactless payment. Gemalto's TSH provides JETCO with a single connection and immediate access to the broadest base of users, allowing it to quickly deploy NFC services across a comprehensive portfolio of smartphones and mobile networks.

"Hong Kong is experiencing major growth in cross border payments, particularly with Mainland China,"said Mr. Angus Choi, CEO of JETCO Hong Kong. "Gemalto's TSH provides a one-stop solution that allows our member banks to plug in to the NFC infrastructure and provision services for their large base of customers, seamlessly and securely."

"Gemalto's TSH enables JETCO to play the role of a trusted third party, eliminating the need for multiple individual contracts," said Suzanne Tong-Li, President for Greater China and Korea at Gemalto. "With a strong track record of NFC deployments in Asia, we can empower JETCO to play a leading role in transforming Hong Kong into a fully cashless society."

Gemalto is a member of ACT Canada and a sponsor at Cardware; please visit www.gemalto.com.


20. GLOBAL PAYMENTS AND DISCOVER FINANCIAL SERVICES ANNOUNCE STREAMLINED CARD ACCEPTANCE ON THE DISCOVER GLOBAL NETWORK IN CANADA
Source: Global Payments (03/12)

Global Payments Inc. ("Global Payments") and Discover Financial Services ("Discover") announced a streamlined acceptance solution for Discover cards for merchants in Canada. The new program will simplify acceptance of Discover, Diners Club International, PULSE and affiliated network cards for Global Payments' Canadian merchants, offering a comprehensive solution which provides value by offering a single statement.

"The launch of our full acquiring program for Discover is the latest example of our commitment to providing Canadian merchants with robust and innovative product and service offerings," said Rene Belanger, President of Global Payments Canada. "This program brings additional value to our merchant customers by enhancing payment acceptance options and providing them a single source for payment processing, settlement, underwriting, risk management, support and reporting."

"Canada is a prime growth market for Discover as we see many of our cardholders traveling to the region," said Gerry Wagner, Vice President, Discover Network. "Our agreement with Global Payments allows us the opportunity to benefit merchants by streamlining Discover Global Network acceptance, while continuing to deliver value for cardholders at the point-of-sale. We will continue to keep our focus on growing Discover Global Network acceptance in Canada and are confident that Global Payments will help us to execute against this goal."

Discover Global Network is the third largest payments network in the world and the largest merchant acceptance network in Asia-Pacific, with more than 30 million merchant acceptance locations and 1 million ATM and cash access locations across 185 countries and territories. Discover Global Network includes Discover, Diners Club International, PULSE and affiliated networks.

Discover and Global Payments are members of ACT Canada; please visit www.discover.com & www.globalpayments.com.


21. FACEBOOK MESSENGER WILL NOW HAVE PERSON TO PERSON PAYMENTS
Source: Let's Talk Payments (03/18)

In October last year, LTP wrote a breaking news story about a Stanford computer science student who had revealed that Facebook Messenger payments was on its way. He had used an iOS app exploration developer tool called Cycript. Also last year, Amit Goel (LTP co-founder and chief curator) wrote about Facebook's strengths and weaknesses in becoming a payments player, and related What-if scenarios. After David Marcus joined the Facebook Messaging team, it was evident that something was imminent and then Mark Zuckerberg announced that Facebook and Payments will eventually overlap. So here we are.

On March 17th, 2015 Facebook has entered into payments in a very big way. This is perhaps the biggest news in this sector since its inception. Much like WeChat, a sort of Facebook of China, along with Alipay with their hundreds of millions of users, to send money via instant messages.

To become a person to person payment system in the US, the company must apply for and be granted a money transmitter license in every state. Facebook has been approved money transmitter licenses in every US state and territory along with many European and Asian countries. My good friend Faisal Khan has been researching this for a number of years.

In the US there has not yet been a person to person payment system centered around a communication platform. One could argue that Google's system was a communication platform centered around gmail but it was not fully linked to the chat system.

It turns out a vast majority of Facebook's 500 million monthly users are logged on to Facebook Messenger with about 80 million payment cards on file. With Facebook Payments, the entire system is currently built around the Messenger platform. Fundamentally, person to person payments are a form of deep communication and Facebook Messenger is a logical jumping off point. A vast majority of person to person payments begin with a conversation, perhaps already within Messenger. Thus, with the press of the new $ icon and the entry of an amount, you can send money that will arrive on the recipient's listed debit card within seconds.

How Does Facebook Payments Work?
To use the system, the sender associates a US based debit card with a Visa or MasterCard logo to her Facebook account. If the user already has a debit card on file with Facebook from gaming, advertising or donations, this can be the default card. The system will allow for the user to image the card via a camera or to manually enter the card into the setup form. Users will be prompted to set a passcode or use Apple TouchID on compatible iOS devices to confirm transfers, although one can opt out of this authentication in the settings panel. Once an account is confirmed, it's ready for use.

To send money, press the "$" button in the Messenger message composer – you have an option to send a photo or sticker along with a text message and the money – enter in an amount that is currently less then $250 and tap the "Pay" button.

The money is instantly removed from the sender's debit account and delivered to the recipient's Facebook associated debit card. Facebook uses the debit card network which can take about 24 hours to become usable. Both sender and recipient will see a confirmation message detailing the transfer status and time.

If the recipient has not associated a debit card, they will be prompted to register, going through the same process and choices as the sender. If for some reason the money is not claimed by the recipient in 30 days, it will revert back to the sender. Along the way, Facebook will send the recipient notices to claim the money.

As an added security feature, Facebook may ask users some extra security questions before a transfer can be authorized. This may take the form of "Did you ever own a red car?" or "In what city did you live in during the period of 1984 – 1986?", etc.

Facebook is currently using only a debit card based system, using a similar system that Square adopted for Square Cash [2], but there are a number of changes and optimizations made by Facebook to make the system more fault tolerant and redundant. Facebook is also using better recognized APIs that have the ability in the future to allow payments from credit cards. The system will also be able to easily scale to countries outside the US and localize from a both a technical and a regulatory stand point.

Facebook is entering into a market that has many existing solutions, including: Google; PayPal; Venmo; Square; Banks; and others

It is inevitable that a shakeout will commence that will define competing products and remove some from the market. There is little doubt that the landscape will be far changed one year from now.

It is inevitable that a shakeout will commence that will define competing products and remove some from the market. There is little doubt that the landscape will be far changed one year from now.

Square Cash seemed to be in a very vulnerable position before Facebook Payments [3] and I tried to present the case days after the product was announced that this will prove to be a huge waste of time, talent and money that will result in abstractions and distractions for Square. While Square is the current payment platform for SnapCash and currently this element of Square Cash is growing, it's simply not at the level that had been expected. The question is: how will this part play out in the future and will SnapCash use cases be enough to sustain SquareCash as a product?

There is no doubt that PayPal and Venmo will see a challenge from Facebook Payments. The IPO and the new DNA at the company may help drive the fleet-footed innovation and marketing needed to respond to Facebook. There are many ways that PayPal and Venmo can stay vital and relevant because of the scale they have already achieved. But the next year is critical.

Banks have been doing person to person payments via inter-accounts and intra-accounts for over two decades. They have finally begun to catch up to payment startups with useful and intuitive apps. There is also good reason to believe that banks are currently working on a system that is outside the ACH system and will allow for instant person to person payments in the next 12 months. However, as it stands today, Banks that have whole families and friends on the same platform in the US may very well continue to hold their own for some time to come, even if they fail to continue to innovate because they have a "home field" advantage.

Google has been sending person to person money via Gmail for over two years and although it is not breaking any records, it continues to grow and become a platform for many users. The simplicity of attaching payments like a document or a picture is quite genius. Google will need to lower costs and to continue to innovate.

The other person to person payment products that are not centered around out of country remittances will face huge adoption issues and attrition. Some may be able to survive by redesigning and specializing. Many will not.

Apple Will Enter Soon
Finally Apple will become a huge part of person to person payments and will choose partners and a system that will surprise even Facebook. The plans have been in process for quite some time, and unlike Facebook, PayPal, Google and Square, Apple will not handle any payments themselves.

MasterCard Worldwide and Visa Canada are members of ACT Canada and sponsors at Cardware; please visit www.mastercard.com & www.visa.ca.


22. U.S. CONSUMERS WANT MORE PERSONALIZED RETAIL EXPERIENCE AND CONTROL OVER PERSONAL INFORMATION
Source: Accenture (03/09)

U.S. consumers want a more personalized retail experience but are divided on retailers' tactics and the types of personal information they feel comfortable disclosing, according to a new survey from Accenture. Nearly 60 percent of consumers want real-time promotions and offers, yet only 20 percent want retailers to know their current location and only 14 percent want to share their browsing history.

The Accenture Personalization Survey examined customer expectations around a personalized shopping experience with retailers, including social channels, and explored the issue of digital trust. Accenture defines digital trust as the confidence placed in an organization to collect, store, and use the digital information of others in a manner that benefits and protects the consumer.

The research found that while many consumers are willing to share some personal details with retailers, nearly all (90 percent) of the respondents said if the option was available they would limit access to certain types of personal data and would stop retailers from selling their information to third parties. In addition, 88 percent would prefer to determine how the data can be used and 84 percent want to review and correct information.

"Personalization is a critical capability for retailers to master, but as our survey shows, addressing the complex requirements of U.S. consumers is challenging because they are conflicted on the issue," said Dave Richards, global managing director of Accenture's Retail practice. "If retailers approach and market personalization as a value exchange, and are transparent in how the data will be used, consumers will likely be more willing to engage and trade their personal data."

The survey explored and identified the types of online and offline retail technologies, tailored customer experiences and communications that consumers may experience. According to the survey, the most welcome in-store retailer communications and offerings include automatic discounts at checkout for loyalty points or coupons (82 percent) and real-time promotions (57 percent). When it comes to personalized online experiences, the most popular choices were website optimized by device (desktop, tablet, mobile) (64 percent) and promotional offers for items the customer is strongly considering (59 percent).

Other notable findings include:
- Almost half (48 percent) of those surveyed are receptive to getting reminders online to order items that they might have run out of and need to be refilled (from mass retailers, drug stores and grocery stores) and 51 percent like the idea of "one-click" checkout retailers who know how consumers want to pay and have items shipped.
- At the same time, consumers want to be active in making purchases, with 48 percent saying they don't like the idea of in-store purchases being charged automatically to their account without them taking out their wallet or mobile phone.
- As part of the information exchange for a more personalized retail experience consumers also expect to get something in return. The key benefits cited include: access to exclusive deals (64 percent), automatic crediting for coupons and loyalty points (64 percent), a one-time discount (61 percent) or special offers (61 percent).

Consumers are more willing to share certain personal details with retailers, including demographic information such as gender (65 percent), age (53 percent) and contact information (52 percent), although a significantly smaller percentage (24 percent) would share their contact information on social media. Financial (credit score), medical and social media contacts details are deemed the most sensitive, with 13, eight and five percent, respectively, willing to share this information with retailers.

"At the end of the day, it's all about the customer, his or her data, and the obligations retailers have to create and maintain digital trust with those customers," said Richards. "It is important to recognize that the line for what's acceptable versus inappropriate is different for every customer, that the customer often doesn't know where the line is and that the line is fluid and evolves over time as new, innovative, personalized experiences are created and become mainstream. The customer remains in control over where the line of digital trust is drawn, requiring retailers to be agile and flexible in their approach to personalization."

Key demographic differences depict generational conflict
- More than half of all consumers (51 percent) and 68 percent of Millennials would be receptive if a drug store tells them to stop buying items online that could react negatively with other medicines; however, a significantly lower percentage (30 percent) of Baby Boomers were comfortable with this personalization tactic.
- Millennials are more likely than Baby Boomers to look for advice on in-store purchases. Forty-five percent like the idea of a personal shopper who can pull items according to the customer's style, fit or wardrobe, versus 28 percent of Baby Boomers.
- Baby Boomers are more demanding than Millennials when it comes to receiving benefits in exchange for their data. Almost three-quarters (74 percent) expect to get automatic crediting for coupons and loyalty points, and 70 percent expect special offers for items they are interested in, versus 58 percent and 61 percent of Millennials, respectively.

"Leading retailers understand that every shopper is different and look for insight in terms of what works best across product and service lines or with high-value customers," said Chris Donnelly, global managing director for Retail, Accenture Strategy. "It is critical to test how customers might respond to a particular personalization strategy. Data-driven testing should include the behavior of individual customers, demographic indicators and factors relating to the item itself. For instance, while some people may want to be told they are out of milk, they may not feel the same way about personal care products."

Consumers want to get personal, but not too personal
While the survey results indicate that consumers want retailers to know them enough to provide relevant offers, some potential tactics such as a retailer making sure the customer is buying the right item based on their personal demographics are considered too personal. According to the survey, consumers are less comfortable with the following personalization tactics:
- Retailers suggesting not to buy items online outside their budget at big-ticket destinations such as home improvement and electronics stores (46 percent).
- Mass retailers and grocery stores advising them not to buy items online outside of their dietary restrictions (40 percent). For additional findings click here

"Personalization can be a powerful method for retailers to differentiate from competitors, increase basket size and build customer loyalty," said Richards. "To effectively implement personalization across all channels, retailers would benefit from understanding customers at a broad level as well as individually – determining where personalization strategies can best drive business results, and giving key subsets of customers the choice on how they wish to participate."

The key technology enablers of a personalized experience that places the consumer at the center of every digital experience—what Accenture refers to as the "Internet of Me"—are explored further in the Accenture Technology Vision 2015.

Accenture Strategy - Financial Services (ASFS) is a member of ACT Canada; please visit www.accenture.com.


23. ELAVON'S SIMPLIFY APPLICATION MAKES PAYMENT SECURITY FOR MID-TO-LARGE SIZE BUSINESSES SIMPLE
Source: Elavon (03/03)

Elavon now offers EMV with its Simplify payment application. The application is pre-certified for EMV prior to the October 1, 2015 liability shift deadline, when non-EMV-enabled businesses and card issuers will assume responsibility for any fraud that occurs.

Certification requires businesses to provide adequate EMV coding via an acquirer for all payment elements, including the PIN-enabled device, point of sale (POS) terminal, payment gateway and third party processor as well as for each card scheme.

"The industry has reached a critical point where businesses can no longer avoid having security measures in place to keep them safe from fraud and data breaches," said Marianne Johnson, Elavon's global executive vice president of product and innovation. "Having a pre-certified solution gives us the opportunity to help reduce the complexity of implementing EMV as well as enable value added resellers, agents and solution providers to accelerate their efforts."

Simplify is a software application that resides within a payment terminal that is integrated with a customer's current POS or Property Management System (PMS). The application uses a layered approach to security that combines encryption, tokenization and EMV to mitigate vulnerabilities while cardholder data is in-transit, in-use and at-rest. Simplify securely encrypts card data and sends the transaction to Elavon's Fusebox Gateway, where a token is created and returned to the payment terminal. Concurrently, the EMV-enabled application uses advanced algorithms contained on a CHIP card to authenticate that the card is not counterfeit when it's used at the payment terminal. Within seconds, sensitive cardholder data is easily isolated from a business' payment system and the card is verified as legitimate.

White Castle, a family-owned business that owns and operates more than 400 restaurants in 12 states in the U.S., recognized the prevalence of restaurant data breaches and recently integrated Elavon's Simplify application to proactively reduce threats of cardholder data theft (Click here to download the White Castle case study).

"Because Elavon's advanced payments security removes card data from our POS systems, our PCI efforts are greatly reduced. We project saving at least 50 percent in terms of PCI validation costs and resource consumption," said Randy Embree, director of information technology for White Castle.

Elavon is a member of ACT Canada; please visit www.elavon.com.


24. EVERLINK INTRODUCES INTERAC FLASH ENABLED WEARABLE PAYMENTS SOLUTION
Source: Payments Business (03/19)

Everlink Payment Services Inc. has completed a proof of concept market trial for its debit card innovation – DebitWear, a contactless-only, debit card form factor that uses the same EMV and Near Field Communication (NFC) technology currently being used for Interac Flash enabled cards. With DebitWear the 'debit card' is carried in a fun, wearable, form factor – such as a wristband – and can be used wherever Interac Flash payments are accepted.

For the trial, Everlink has provided participating credit unions with a silicone wristband that holds an Interac Flash enabled mini-tag containing a standard Multos ML4 chip (the same chipset found in Everlink's dual interface cards). These mini-tags are essentially smaller versions of Everlink's existing Interac Flash enabled debit card, utilizing the same tap-and-go technology and advanced security features.

"The growing acceptance and use of NFC for credit and debit card payments in Canada has opened the door for wearable card-based payments," says Mark Ripplinger, president & CEO of Everlink. "Everlink's DebitWear gives cardholders the choice to pay for smaller value items quickly and securely by simply 'flashing' their wristband over a contactless point-of-sale device that supports Interac Flash. DebitWear form factors are ideal for any situation where it may not be convenient to carry your wallet and pull out your debit card. This includes when you're at the beach and need to buy more sunscreen or at a sporting or music event where you want to buy souvenirs and refreshments, but would prefer to leave your wallet securely locked away. "

With DebitWear cardholders continue to have the convenience of contactless payments, with all of the security and benefits of EMV, but without the need to insert a card and enter a PIN, which increases the speed and convenience without sacrificing security. DebitWear is simply the next evolution of the debit card.

Interac Association is a member of ACT Canada and a sponsor at Cardware; please visit www.interac.ca. MULTOS is a member of ACT Canada; please visit www.multos.com.


25. GERMAN EXPERTISE LEADS THE IMPLEMENTATION OF THE NATIONAL PKD SOLUTION IN THE UNITED ARAB EMIRATES
Source: Giesecke & Devrient (03/09)

Abu Dhabi–based Emirates German Security Printing LLC (EGSP) delivered the complete infrastructure for the establishment of a National Public Key Directory solution. The system is used at border control checkpoints in the United Arab Emirates (U.A.E.) to ensure tamper-proof and efficient verification of domestic and foreign electronic passports. For the implementation of the "Made in Germany" security solution, EGSP was supported by its partners HJP Consulting GmbH, Bundesdruckerei GmbH, secunet Security Networks AG and Giesecke & Devrient GmbH.

Emirates German Security Printing, a joint venture in which Bundesdruckerei holds a 49 percent stake, is the prime contractor for the National Public Key Directory (NPKD) project initiated by the Ministry of Interior of the United Arab Emirates. EGSP's project partners delivered the solution. HJP Consulting (HJP) worked closely with the relevant departments in the Ministry of Interior of the United Arab Emirates and provided all services related to system integration, including planning, testing and project management. G&D Dubai, a subsidiary of the Munich-based technology group Giesecke & Devrient (G&D), provided the NPKD software, which is part of the secunet eID PKI Suite by the G&D subsidiary secunet Security Networks. The Bundesdruckerei delivered the software for the expansion of existing border control systems.

Proof of authentic and tamper-proof electronic passport data
Electronic passports are embedded with a chip that prevents the undetected manipulation of the personal data of the passport holder. Using the Public Key Directory of the International Civil Aviation Organization (ICAO) , border control authorities can verify the authenticity of the passport data. They rely on having access to prequalified certificates, called Document Signer Certificates, and other public key infrastructure (PKI) data from active ICAO member states. The Ministry of Interior of the United Arab Emirates has now introduced the National PKD system to examine the data obtained from the ICAO PKD and from other sources and to forward the appropriate certificates and certificate revocation lists (CRLs) to all document verification systems (so-called "Inspection Systems") at border control posts in the U.A.E. In September 2011, the United Arab Emirates became the first country in the Middle East to join the ICAO PKD as an active member. Now it is the first country in the Middle East that implemented a National PKD solution.

Background: Public Key Infrastructure (PKI) and Public Key Directory (PKD)
A public key infrastructure (PKI) enables participants to exchange encrypted information with each other on a public communication network such as the Internet without having to use a different trustworthy channel to exchange a shared secret key. Instead, participants just need to share their public keys in order to exchange encrypted messages. The encrypted messages can be decrypted only by a recipient with the associated secret key (private key). The same mechanism can be used to generate a digital signature (also called an electronic signature) that shows whether a message is indeed from the sender or whether it has been modified by an unauthorized person. In the area of e-passports, digital signatures are used to determine that the data on an electronic passport was stored there by the appropriate authority and has not been falsified.

Authentication of the sender is essential to prove that the issuer of a public key really is who it claims to be. This is where the public key infrastructure comes into play. The basic principle is that a trustworthy authority confirms the identity of the sender of a public key, thus assuring the participant that the data is tamper-proof and originated with the sender. Therefore, the trusted authorities establish public key directories (PKD), in which are recorded both the currently valid and the compromised public keys of its participants.

For electronic passports, the ICAO provides the exchange platform (ICAO PKD) for PKI data of the operators of National PKD solutions.

Giesecke & Devrient is a member of ACT Canada as well as an exhibitor and sponsor at Cardware; please visit www.gi-de.com.


26. INGENICO GROUP LAUNCHES SECURED PAYMENT ACCEPTANCE INTO CONNECTED DEVICES
Source: Ingenico (03/17)

Ingenico Group takes innovation one step further, launching more initiatives to integrate payment into connected devices. Ingenico Labs launches a payment acceptance pilot solution specifically designed for the Curie Institute's campaign against cancer (A daffodil for Curie), enabling passers-by with contactless payment cards to make a donation to the Curie Institute by simply flashing their cards in front of advertising screens .

Intended to be an upstream response to the new expectations of the emerging Internet of Things, this innovative NFC payment acceptance solution can be deployed around the world to integrate contactless card and NFC telephone payment into connected objects and thereby generate additional sales of products and services.

We are delighted to support the Curie Institute as part of this operation. With this initiative undertaken alongside Media Transports, we have transformed screens into fundraising instruments for the benefit of a great cause", explains Michel Léger, EVP Innovation, Ingenico Group. "This solution represents a technological achievement and is a world first. It triggers new behaviours and represents a major milestone in the history of the integration of payment acceptance into new connected devices.

Ingenico is a member of ACT Canada and an exhibitor at Cardware; please visit www.ingenico.com.


27. SQUARE BUYS TORONTO'S KILI TECHNOLOGY
Source: Finextra (03/11)

As it seeks to keep pace with a market shifting to EMV and NFC, Square has acquired Canadian payments specialist Kili Technology. Financial terms of the deal were not disclosed. Toronto-based Kili develops silicon, electronics, and software designed to simplify and optimise payment processing, building what it calls a 'POS on a chip' that helps merchants accept contactless payments.

Explaining the acquisition, Square hardware lead Jesse Dorogusker says: "The payments landscape is changing faster than ever -- from EMV to NFC -- and we know that major technology shifts often leave small businesses behind. Our job is to continue to make the smartest and sexiest payments hardware on the planet accessible to them."

Square has already built a new EMV card reader, although it is chip and signature, not chip and PIN. It has also indicated that it will start letting merchants accept NFC-based Apple Pay payments. Rival PayPal has already upgraded its mPOS dongle to accept contactless.


28. PAYPAL STRENGTHENS MOBILE PLANS WITH PAYDIANT ACQUISITION
Source: Mobile Payments Today (03/02)

One of PayPal's biggest issues over the past few years is its inability to gain a strong foothold inside retailers' physical storefronts. But its announcement Monday to acquire mobile-wallet technology provider Paydiant helps the company address two problems at once as the mobile payments market continues to undergo a remarkable transformation.

"PayPal has done payments really well, but they've had issues on both the mobile and offline side of things," James Wester, research director of global payments for IDC Financial Insights, told Mobile Payments Today in an interview. "This shores up both areas in one acquisition. It gives PayPal a credible way of saying they have a different path to mobile payments [compared with Apple and Google]."

That path begins with Paydiant's white-label technology, which provides retailers with a mobile wallet and other value-added services such as loyalty. The company counts Capital One, Harris Tweeter supermarkets, Orange Leaf, and Subway as its biggest partners. And Paydiant is the mobile-wallet technology provider behind the Merchant Customer Exchange's CurrentC app. Going forward, it will be business as usual for Paydiant and its current partners.

"There are no changes on that front," Paydiant Co-founder Chris Gardner told Mobile Payments Today in an interview. "We started having conversations with our customers [recently] to give them a heads up [about PayPal] and the reaction has been overwhelming positive.

"It's pretty hard to imagine we would get a negative reaction when we told them we're adding the might of PayPal while those merchants still get to use our white-label platform."

PayPal did not disclose the terms of the agreement, but re/code reported the purchase price at $280 million. Paydiant will stay at its current Newton, Mass. location for now, but PayPal has a rather large presence in downtown Boston despite its West Coast roots.

In keeping with the mobile payments theme, PayPal also announced it is adding contactless acceptance to it PayPal Here mobile card reader.

The connection
Paydiant's relationship with PayPal goes back almost a year as it integrated the company's payments platform about six months ago.

"Our approach has always been to support the payment mechanisms retailers want to use," Gardner said.

That mantra is at the center of this particular marriage.

Paydiant uses a technology-agnostic approach and tailors a merchant's mobile wallet to work with whatever a business thinks is best: Bluetooth, NFC, QR codes or even a combination of methods. The end goal, Gardner said, is to help the merchant sell more goods regardless of the technology used to complete the transaction.

"People like to say it's NFC versus QR codes, but I think the reality is we're collectively solving a business problem here and the goal is to create great experiences for consumers, particularly how it pertains to retailers," Gardner said.

Paydiant's line of thinking jibes with the one-size-fits-all approach PayPal pursues with merchants. PayPal now can offer retailers payment acceptance options, business loans, and way to break into mobile payments.

"We want to be a real partner to retailers because that is a key differentiator that we have on a global scale," Chris Morse, PayPal's director of communications, said in an interview. "It's us being much more aligned with the retailers' and this relationship helps us extend that."

Current market
How this relationship eventually benefits MCX remains to be seen, but Wester believes the merchant consortium now has more credibility.

"Outside of the payments industry, are people going to recognize that PayPal now is a partner with a company that is partnered with MCX to make the CurrentC app?," Wester said. "That may be a long chain that PayPal will have to reinforce with consumers, but I think there is a credibility issue of having PayPal involved. It's a recognized payments option for consumers in the online space."

MCX might need to lean heavily on PayPal's recognition if and when CurrentC launches because it sits squarely behind the eight ball now thanks to recent developments in the last few weeks.

"MCX needs to get out there now," Wester said.

When it does, CurrentC will face competing systems as the mobile wallet market now has more defined landscape.

"I think at one point, we thought we would have one wallet to rule them all and everyone else would be picking up what's left," Wester said. "Now what we're seeing are wallets with similar user experiences and that benefits them all.

"We now have all of the sensible, viable mobile payment platforms out there and now it's going to be up to the consumer to decide what they want to pay with."

MCX is a member of ACT Canada; please visit www.mcx.com.


29. GEMALTO SOLUTION POWERS A UNIFIED NATIONAL REGISTRY FOR OMAN'S IDENTITY DOCUMENTS
Source: Gemalto (03/17)

Gemalto announces that the Royal Oman Police is deploying its Coesys Document Management System to create a single, unified registration infrastructure across all the Sultanate's identity documents. The new system will initially apply to Oman's well-established national eID card as well as the ePassport officially launched on January 15, 2015, both of which are supplied by Gemalto. Pairing both documents will streamline the enrollment process, delivering considerable benefits for the Royal Oman Police and its citizens alike.

When applying for the new ePassport, Omani citizens do not need to go through the entire enrollment process, as the personal data provided for the eID is already stored in the national registry and can be reused. Cross-referencing between eIDs and ePassports adds an extra layer of security and strengthens collaboration with international authorities.

"Having successfully deployed some key national programs in Oman, Gemalto was uniquely positioned to create a unified solution for them," said Major General Sulaiman Al-Harthy, Assistant Inspector General for the Royal Oman Police. "This new project extends our long-standing relationship with Gemalto reaching back in 2002, adding a 'full solutions and services' dimension."

"This new deployment reflects the country's full commitment to constantly delivering the benefits of modern IT in the public realm," added Hisham Surakhi, Senior Vice President of Government Programs for the Middle East at Gemalto. "The launch of the ePassport could also be a stepping stone to future innovative solutions such as e-border management and eGates."

Gemalto is a member of ACT Canada and a sponsor at Cardware; please visit www.gemalto.com.


30. VISA ANNOUNCES AGREEMENT TO ACQUIRE TRIALPAY
Source: Let's Talk Payments (02/28)

Visa will now be partnering with TrialPay, a leading payments technology company that was founded in 2006 and now reaches over 500 million users across 20,000 merchants in 180 countries. With TrialPay, Visa will be able to target consumers based on their transaction histories and present them with specific promotions. These promotions will be similar to incentives; the customer will be provided with the option to purchase a desired product or service to receive an additional bonus product or service as a result.

TrialPay is a company focused on connecting the right type of advertisements with the right customers. They do this by using monetization toolkits and allowing developers/third-party platforms to connect and reach the consumers efficiently. With around 3,000 current offers from TrialPay, Visa will be able to present personalized offers to their consumers in real-time. These new options will give merchants the opportunity to generate tons of new transactions of all sizes. These offers will be incentive based, and as a result customers will be very likely to invest and extend their purchases. This will also produce more traffic among Visa's payment sites, and in turn reel in new buyers. TrialPay offers the power to work seamlessly with existing advertising partners "in one lightweight SDK (software development kit)."

Visa is strengthening its relationships with their merchants while helping them increase growth and improve business across the board. Transactions will be more valuable and profitable for all businesses that are involved. Outside Visa, DAG Ventures, Transmedia Capital, and Battery Ventures are just a few of the prominent investors who trust and support the TrialPay mission.

This acquisition by Visa is yet another sign that Visa and the incumbent payment leaders are looking to expand their portfolio of offerings, either through internal innovation initiative or external acquisitions. Regardless, this is a positive sign of the industry, with technology enabled innovation front-and-center in mindshare and on the investment radar.

Visa Canada is a member of ACT Canada and a sponsor at Cardware; please visit www.visa.ca.


31. HERON FOODS SELECTS VERIFONE'S P2PE-CERTIFIED PAYMENT AS A SERVICE TO PROTECT CARDHOLDER DATA AND ENHANCE THE CUSTOMER EXPERIENCE
Source: Verifone (03/10)

P2PE is crucial for merchants in today's retail landscape, as it encrypts cardholder data collected at the point of sale (POS) and keeps it encrypted until it is safely inside Verifone's PCI compliant decryption environment. Verifone's P2PE validated Payment as a Service solution will protect cardholder data across Heron Foods' payment terminals, networks and systems while helping the company to:
- Significantly reduce the scope and burden of PCI compliance
- Make security management more straightforward and less costly
- Protect its brand and reputation

P2PE certification of Verifone's platform was based on 888 rigorous standards required by the PCI SSC across 6 domains.

Heron Foods is continuing to expand beyond its base in Hull by opening stores across Northern England and the Midlands. Using Payment as a Service from Verifone, Heron Foods will be able to provide faster authorization and shorter queue times for customers. And, the VX 820--Verifone's PIN Transaction Security (PTS) 3.0 compliant and fully contactless/NFC-enabled payment terminal—will enable Heron Foods to accept a variety of payment methods—including Apple Pay—and future-proof its payment infrastructure as the company grows.

"Enhancing card security and payment acceptance capabilities will help us to continue delivering on our commitment to provide the best customer service," said David Heuck, Finance Director of Heron Foods. "Verifone's managed services and NFC-enabled terminals will enhance the shopping experience for our customers and provide world-class protection against fraud through a single system that increases efficiency for the long term."

Heron Foods will also be able to access Verifone's Value Added Services (VAS) to drive sales and improve customer loyalty. Heron Foods can leverage VAS capabilities to engage customers with targeted promotions and branded messages that are displayed on terminal screens during checkout.

Verifone's multi-channel Payment as a Service offering bundles hardware, software, gateways and support services into a single, integrated solution that is pre-certified with major acquirers. The following is just a sample of the benefits Payment as a Service provides to merchants of all sizes and in all verticals:
- Secure payment acceptance across all sales channels
- "One stop" solution that removes payment complexity
- Reduced total cost of payment system ownership
- Seamless, secure payment acceptance and transaction management
- Client services, consulting and training, and help desk support

"In a world of connected commerce, it's crucial that merchants are able to offer effective and secure payment solutions in ways that efficiently meet the operational demands of their fast-changing businesses and deliver enhanced value to their customers," said June Felix, president of Europe for Verifone. "Through Verifone's Payments as a Service and Commerce Enablement solutions, we are working with merchants to create relevant and personalized shopping experiences for their customers. Heron Foods is a great example of a growing retailer that recognizes payment technology as a critical component to its mission to deliver excellent customer service in a way that helps drive commerce and fulfil sales."

Verifone is a member of ACT Canada and an exhibitor at Cardware; please visit www.verifone.com.


32. BMO HARRIS BANK UNVEILS CARDLESS APP
Source: Payments Business (03/17)

BMO Harris Bank has unveiled a mobile app for cardless ATM cash withdrawals and claimed it has the nation's largest network of ATMs configured for smart-phone-based withdrawals.

BMO Harris Bank, the U.S. affiliate of BMO Financial Group (Bank of Montreal), said 750 of its ATMs currently can perform cardless cash withdrawals using its new mobile cash app, and another 150 will be ready in June. "With the launch, BMO Harris now has the largest network of cardless-enabled ATMs in the country," says the bank.

"Smart phones are quickly becoming the singular device that people use to help manage their life," says Connie Stefankiewicz, head of North American channel strategy and solutions at BMO Financial Group. "BMO Harris is continuing to invest significantly in technology that is designed to address consumers' evolving preferences."

The mobile app uses QR codes to allow cardholders to make cash withdrawals without inserting their debit cards into the ATM. The app will speed up transaction times and does not store customer account information, says the bank.

The app uses technology from white-label mobile-payments and banking platform developer Paydiant Inc. and comes to BMO Harris Bank via Paydiant's partnership with payment processor Fidelity National Information Services Inc. (FIS). Other banks that use Paydiant's technology for mobile cash withdrawals include Wintrust Financial Corp. and City National Bank in Los Angeles.

To use the feature, the customer logs in to her mobile-banking app to request the withdrawal amount. The application sends a token to the user's device linking the user, her account number, and the requested transaction. Later, at one of her bank's ATMs, the user pushes a "mobile" button on the ATM screen and scans the QR code displayed on the screen to identify herself and trigger cash dispensing via an encrypted connection to a cloud server.


33. MEAWALLET AND NXP TO ENABLE NEXT GENERATION OF MOBILE SOLUTIONS FOR ACCESS, TRANSIT AND TICKETS
Source: MeaWallet (03/02)

MeaWallet and NXP Semiconductors N.V. announced a collaboration to simplify implementations of virtual card solutions for access, transit, tickets and IDs. Using NXP's Secure Services Development Platforms (SSDP), MeaWallet will now be able to rapidly develop secure applications on NXP's PN66T module. The PN66T is an NFC Controller combined with an embedded Secure Element which incorporates the new Loader Service and LTSM (Local TSM) features for easier provisioning of secure mobile applications.

The collaboration allows MeaWallet to develop and test their application for accessing NXP's embedded Secure Element (eSE) on supported devices. This will enable solutions for virtual and digitized cards that emulate MIFARE based cards (MIFARE Classic, MIFARE Plus, MIFARE DESFire and more), fully supporting the use of smartphones for proximity use cases like access, transit, ticketing and IDs. Access to the embedded SE can also increase security on storage and transaction execution in cloud based payments, e.g. the storing of single use keys or tokens in the embedded S, and, as such, MeaWallet's customers will now be able to use the eSE to store secure authentication applications, such as government ID or passports.

"MeaWallet is truly creating the next-generation smart phone experience. Being able to provide end-users with the possibility to use their smartphones for easy and secure access, transit ticketing and authentication will change user behaviour. Instead of having three items to carry we will have only one – our phones. We are very pleased to be working together with MeaWallet to enable these types of services and we look forward to being part of many MeaWallet initiated customer projects," said Jeff Fonseca, secure mobile transactions, NXP Semiconductors.

"MeaWallet is a leader in cloud based mobile solutions and has quickly developed a deep competence and understanding of the Secure Element through our work with the SSDP. Being able to validate our solutions on the development platform means that we can support our customers and partners in the enabling of next generation solutions for access, transit and ticketing, further expanding the use of smartphones instead of plastic cards", says Lars Sandtorv, CEO of MeaWallet.

MeaWallet is a member of ACT Canada and an exhibitor at Cardware; please visit www.meawallet.com. NXP Semiconductors is a member of ACT Canada; please visit www.nxp.com.


34. SAMSUNG'S NEW FLAGSHIP SMARTPHONE GALAXY S6 EMBARKS OT'S ESE TO OFFER INNOVATIVE SECURE APPLICATIONS
Source: Oberthur Technologies (03/02)

Oberthur Technologies (OT), a world leader in digital security solutions for the mobility space today announced its selection by Samsung Electronics to provide PEARL, its state-of-the-art NFC embedded Secure Element (eSE) in its latest version, for its newly released flagship smartphone Samsung Galaxy S6.

PEARL by OT is the most advanced multi-application eSE and offers the largest memory on the market. It is also the first of its kind to be certified by Visa, MasterCard and American Express. PEARL by OT allows easy deployment of secure contactless payment, strong authentication, transit, access and loyalty applications.

OT is the recognized leader in trusted payment with OEMs with more than 150 million units of its eSE and the most advanced and certified multi-application features in the field.

"OT is proud to put on the market its new generation of eSE product which offers various secure applications which allows end-users to pay, transit, authenticate themselves simply by waving their phone in front of a contactless terminal" said Cédric Collomb, Managing Director of the Telecom Business Unit at OT. "We are delighted to bring to Samsung our latest technology in their new flagship smartphone. It opens a new world of applications to address the booming market of biometrics and mobile payment solutions".

Oberthur Technologies is a member of ACT Canada and an exhibitor at Cardware; please visit www.oberthur.com.


35. NXP LAUNCHES NEW SECURE SERVICE DEVELOPMENT PLATFORM FOR SECURE MOBILE TRANSACTIONS
Source: NXP Semiconductors (03/02)

NXP Semiconductors N.V. announced the availability of its Secure Service Development Platform (SSDP) developed to facilitate the rapid introduction of applications that utilize NXP's NFC and embedded Secure Element (eSE) module, PN66T. The SSDP provides a turnkey approach for the loader service on the PN66T enabling a faster time-to-market for secure mobile applications. Secure NFC applications can now be realized quickly and easily, reducing design effort and resources while maintaining quality levels expected in a commercially available mobile or wearable device.

The SSDP is a set of hardware tools and software blocks that enable application developers to quickly start building apps that leverage the eSE in the PN66T. With the platform developers are able to test and validate their secure applications on a commercial phone. As well as providing real-world phone solutions, the development platform also contains example industry use-cases from companies such as Hyatt, 7Eleven and TransportKiosk. The SSDP can be used to create many different applications ranging from secure banking, transit, access control, authentication, automotive, and much more.

"The SSDP supports partners wanting to create new secure applications by removing the technical challenges they face in getting credentials on to the secure element in phones and wearable devices. Now, instead of taking months, new applications can be created and validated in a matter of weeks," said Jeff Miles, VP Business Development, NXP Semiconductors. "The SSDP will streamline the process for the development community therefore enabling phone and wearable technology manufacturers to bring these new apps to market faster."

NXP Semiconductors is a member of ACT Canada; please visit www.nxp.com.


In our 25th year, ACT Canada has been the internationally recognized authority in the market. As the eyes, ears and voice for stakeholders focused on secure payment, mobile, NFC, loyalty, secure identity, and leveraging EMV, we promote knowledge transfer, thought leadership and networking. We help members protect their interests, advance their causes, build their business and grow the market. We take a neutral and non-partisan approach to all issues, facilitating collaboration among issuers, brands, acquirers, merchants, regulators, solution providers, governments and other stakeholders. Over 50% of our members have been with us for more than 5 years, enjoying ongoing value from their affiliation with ACT Canada.  Please visit http://www.actcda.com or contact our office at 1 905 426-6360 x122.


Please forward any comments, suggestions, questions or articles to . Please note that articles contained in this newsletter have been edited for length, and are for information purposes only. If you would like to be removed from our newsletter distribution list please follow the unsubscribe instructions at the bottom of the email.


Andrea McMullen
Vice President
ACT Canada
tel: 905 426-6360 ext. 124
fax: 905 619-3275
email: andrea@actcda.com
web: www.actcda.com
mail: 85 Mullen Drive, Ajax, ON, L1T 2B3

http://ca.linkedin.com/in/andreamcmullen


Insights • Networking • Visibility

ACT Canada is the place to be to:

  • Filter the truth from market noise
  • Understand complex issues
  • Facilitate problem resolution

because stakeholder dialogue helps you make profitable decisions.

For more information, please contact Andrea McMullen at 1 905 426-6360 ext 124 or email andrea@actcda.com.

Please forward any comments, suggestions, questions or articles to andrea@actcda.com. Please note that articles contained in this newsletter have been edited for length, and are for information purposes only.