Executive Director’s Letter

Dear members and friends of the Alliance,

Last week, I came across the article, Security standards potential ‘showstopper’ for health network, and I started thinking about the opportunity that the healthcare market has to leapfrog the technology divide it finds itself in today and use the lessons learned from federal government’s IT security infrastructure. The article points out that the healthcare industry involves both federal agencies and private sector organizations, yet only federal agencies have security regulations in place, such as the Federal Information Security Management Act (FISMA), which define security practices to identify users and authenticate them on the network. The challenge for the Department of Health and Human Services Office of the National Coordinator for Health IT (ONCHIT) is to architect a National Health Information Network that meets the federal standards and attracts the private sector to follow. That invokes images of herding cats in my book, unless strong leadership from this administration looks for solutions first within itself before opening the debate to the public sector.

Member Profile: First Data – Interview with Wendy Humphrey

This month, Smart Card Talk spoke with Wendy Humphrey, Vice President of Business Development and Strategic Partnerships at First Data, working in the Government and Higher Education group. Wendy is a member of the Government and Education team in the United States, specializing in the integration of electronic payments with strategic partners in the transportation and tolling industry. She is experienced in developing global ecommerce solutions for U.S. domiciled organizations, including card present and card not present solutions. Additionally, she focuses heavily on emerging technologies including contactless payment solutions. In previous product development roles, she was responsible for the launch of the first portable wireless credit card terminal and the launch of contactless payments at First Data. Wendy earned NPDP certification from the Product Development and Management Association (PDMA).

With the Smart Card Alliance, Wendy has been a board member for over four years, and previously held the Vice Chairman and Assistant Secretary positions on the Executive Committee. She was previously the co-Chair of the Contactless Payments Council and served on the advisory board. In 2009 Wendy will serve on the advisory board for CTST and will chair the Payments Track.

Feature of the Month

Using FIPS 201 and the PIV Card for the Corporate Enterprise

Corporate enterprises have always required employees to carry cards or badges that verify the employee’s identity and allow the employee to access enterprise resources. However, changes in both the regulatory environment and the amount of risk that enterprises face from unauthorized access are driving executives to reevaluate their identity management practices. How should a potential employee’s identity be verified? How can corporate security ensure that only authorized employees have access to facilities, enterprise networks, and computers? How can authorized employees use identity credentials to access enterprise resources easily and efficiently?

Establishing a robust identity management framework within an enterprise requires both the implementation of new business processes and the selection of appropriate credentialing technology. While there are many approaches to enterprise identity management, industry and government have worked for over 10 years to develop both a standardized identification process within the government and specifications for proving an individual’s identity and providing individuals with a secure identity credential. The process and technical specifications, which are now being implemented throughout the Federal Government, are documented as Federal Information Processing Standard Publication 201 (FIPS 201), Personal Identity Verification (PIV) of Federal Employees and Contractors. This standard provides an identity management framework that enterprises should regard as a best practice in the design and implementation of their own identity management programs.