Executive Director’s Letter

Dear members and friends of the Alliance,

What do the advocates for EMV to fight payment fraud and advocates for a biometric Social Security card to implement immigration reform have in common? Both of these issues are getting a lot of coverage in publications and Internet news forums, and are also being debated within legislative subcommittees in Washington, DC. Payment fraud and immigration reform are two seemingly polar opposite problems with very different social and economic implications. What these two issues have in common is this–they both rely on smart cards to devalue the “treasure” that the criminals want to steal, rather than build thicker walls to keep the “treasure” protected from the inside, where it is vulnerable.

In the case of payments fraud, criminals want the valuable cardholder transaction data that is either temporarily stored or shipped to a third party processor from every retail store or online shopping site. What is protecting this data from the criminals who want to steal and sell it, is a set of onerous data security rules called PCI DSS. These rules create thicker, but not impenetrable,walls around the data. with the intent to slow the bad guys from getting the “treasure” and monetizing their gains on the black market with a flood of cloned cards and fraudulent transactions. EMV seeks to replace the “treasure” by rendering it value-less by adding dynamic data elements to the cardholder transaction data. With dynamic, transaction-specific data, any stolen data can’t be turned into cloned payment cards or used for fraudulent ATM transactions.

Member Profile

This month Smart Card Talk spoke with Chris Williams, with SAIC Corporate IT. Mr. Williams has been involved in the IT Security field since 1994 in a combination of US military and civilian positions. He is currently employed by Science Applications International Corporation, focusing on identity management, smart cards, and policy compliance issues. He has worked with the US Army, Defense Information Systems Agency, Department of State, and Defense Intelligence Agency using public key infrastructure, Smart Cards, and Identity Management technologies. At SAIC, he manages the company’s internal smart card and public key infrastructure programs, providing over 44,000 employees worldwide with multi-factor authentication and secure communications technologies. Mr. Williams holds a Bachelor’s of Science degree in Computer Science Engineering from Princeton University.

Science Applications International Corporation (SAIC) is a FORTUNE 500® scientific, engineering, and technology applications company that uses its deep domain knowledge to solve problems of vital importance to the nation and the world, in national security, energy and the environment, critical infrastructure, and health. We do this with the constant and deliberate commitment to ethical performance and integrity that has marked SAIC since its founding.

Feature of the Month

Medical Identity Theft in Healthcare

While identity theft is a global issue that garners much media attention, most do not realize that medical identity theft is a serious and growing threat. Many authorities consider medical identity theft one of the fastest growing crimes in America. With the digital age of healthcare upon us, the risks are expected to increase as electronic medical records become more prevalent and the exchange of this data over expanding networks becomes more pervasive. Heightened concern over personal data security and privacy highlight the importance of having secure electronic medical identities.

1.5 Million Victims of Medical Identity Theft

According to a recent Ponemon Institute study, nearly 1.5 million Americans have been victims of medical identity theft with an estimated total cost of $28.6 billion–or approximately $20,000 per victim. [1] Further evidence of the significance of the medical fraud problem is the allocation of $1.7 billion for fraud detection in the 2011 U.S. Health and Human Services Department budget. [2] In 2009, 68 reported healthcare data breaches in the U.S. put over 11.3 million patient records at risk of exposure. [3] Two notable instances are the Health Net breach and the Virginia Department of Health Professions breach.

• Health Net (a Connecticut-based health insurance plan) reported the loss of a hard drive containing seven years of personal and medical information on about 1.5 million Health Net customers. They reported the lost drive six months after it disappeared.[4]
• Virginia Department of Health Professions was the victim of a $10 million extortion plot to expose over 8 million patient records and 35 million prescriptions. [5]

New CSCIP Accreditations

Congratulations to the LEAP members who have successfully completed the requirements for professional accreditation as Certified Smart Card Industry Professionals. Most recent additions to CSCIP certifications listed in bold type.
	Deborah Baxley, Keypoint Edgar Betts, Smart Card Alliance Dana Blegen, Paragon Application Systems Douglas Deckert, Booz Allen Hamilton John Fessler, Exponent, Inc. Dale Grogan, LifeMed Card, Inc. Sarah Ming Hsi, MARTA Bryan Ichikawa, Unisys Michael Magrath, Gemalto Brad McGoran, Exponent, Inc. John McKeon, IBM Robert Merkert, Sr., CardLogix Barry Mosteller, Oberthur Technologies Ken Pantin, The Bank of New York Mellon Neville Pattinson, Gemalto Myles Roberts, FAA Michael H. Smith, Montner & Associates, Inc.
Click here for more information about LEAP and CSCIP certification program.