 |
 |
 |
 |
November 2006 • Volume 11 Number 11
|
 |
|
Executive Director's Letter
I was reminded in the last few weeks why the wild antelope travel in herds, bees live in hives, and fish swim in schools. The power of numbers living in community with similar survival instincts and defensive tactics can be a powerful force to overcome when presented with outside forces who by their actions, either deliberately or for reasons involving their own survival, threaten that community. Recently our smart card industry was threatened in such a way and the response of the members within the community in rallying together to respond to the external threat was a rewarding experience. I am referring to a story that appeared in the New York Times on October 23rd about researchers at the University of Massachusetts who claimed to have “discovered” security risks with contactless payments cards issued in the United States using technology developed by MasterCard, Visa, and American Express. The discovery was nothing that the industry people most familiar with the technology didn’t already know and something the major payments brands had been aware of in designing the network and terminal specifications to handle contactless payments. Still, some television news/entertainment producers capitalized on the opportunity to play on consumers fears about identity theft and payment fraud and soon the story ran in over 80 markets around the country. Even before the story broke, the smart card “community” began to react in unison like nature often does. Our Contactless Payments Council, the card association spokespeople and the Alliance’s PR firm held near daily group calls to discuss the findings and plan the appropriate response. That response, I am proud to say, was the collective work of 37 different individuals from 21 participating organizations. The statement, which appears on the Smart Card Alliance web site along with an accompanying Q&A document, demonstrates the power of smart card community working hand in hand with the shared experience and payments industry knowledge to educate and inform the market. The message is clear, that contactless chip technology is safe and that industry best practices are in place and improving every day to ensure consumers will have confidence when carrying and paying with contactless devices. This experience should also serve as a lesson for our other industry verticals adopting chip technology that they must be sure that they are meeting the highest security standards and best practices because powerful forces are watching. The Smart Card Alliance has a role to play when we see potential misuse of security technology or misguided approaches to human identification systems. Such is the case with the Western Hemisphere Travel Initiative and the proposed use of long range RFID technology for the new passport card, a U.S. citizen identity verification system to be used at our nation's borders for travelers who do not possess an U.S. passport. Since we reported about the decision by the Department of Homeland Security (DHS) to recommend that the Department of State produce passport cards using EPC Gen2 RFID technology rather than the contactless chip technology used in electronic passports, a definition of the passport card program has been posted on the Federal Register (Document # DOS-2006-0329). The Alliance Identity Council has submitted a 5 page response to the proposed program, asking DHS to reconsider their choice of technology on the grounds that the long range (20’ – 25’) RFID technology lacks security safeguards, can potentially track users and create citizen distrust, duplicates the reader infrastructure at border points equipped to accept ePassport technology, and relies on a central database and real-time communications to validate the identity of the cardholder. In addition, the technology choice has faced no standards review or industry discussion about alternative approaches. At a public meeting on the RFP process held in McLean, VA on November 17th, at which the subject of the card technology was not open for discussion, DHS admitted they still don’t have all of the funding for this project. There has been minimal public outcry over this misguided approach to developing a privacy-sensitive, secure border security card so far. No doubt this is a result of a “glitch” in the Regulations.gov web site that does not allow electronic submission of public comments on this project. Since I reported this problem to the proper authorities, we have been told “we are working on it.” Also, despite the statement on the Regulations.gov web site stating “All comments will be posted without change to http://www.regulations.gov, including any personal information sent with each comment,” no comments have been posted. The public comment period ends on December 18th, so I encourage everyone to submit their comments in writing (they promise they will be read) and make your opposition to this program known. If you wish to read the full text of the Smart Card Alliance official response, read the WHTI Passport Card Response on the Alliance web site. Let me add a few more words about the recent changes in both the public and members-only Smart Card Alliance web site. If you haven’t visited the site recently, stop on by – but plan to be a while because once you start clicking and poking around, you will be amazed at what you will find. Much of the content was there in one form or another before the change, but now that the site has been redesigned and the new menu options and navigation tools are in place, it seems like there is so much more information at your fingertips. Special credit goes to the design team at Avisian Publications, who designed and implemented the new features and are busy working on the phase two portion of the project which will include new features and more content for our industry leading web site to build upon. And for our many friends and followers we met recently in Paris attending the Cartes 2006 Conference, thanks for stopping by our stand on the exhibit floor and saying hello. And although you may have suffered through two days of transit strikes and cell phone service problems while taking in the largest gathering of smart card and related technologies in the world, just be glad you weren’t on my flight back to Philadelphia. About a dozen other lucky smart card industry companions and I had to endure 3 days and 2 nights of sitting in Paris CDG airport and nearby hotels while our U.S. carrier struggled with mechanical and humane customer service shortcomings. My advice to any future travelers to the U.S. -- if US Airways says there is going to be a short delay in your departure time, don’t believe them. Take a different flight. Enjoy your Thanksgiving!
|
|
