Card, mobile credential, payment and security
Frequently, campus administrators struggle with the decision to add a banking partner or other off-campus functionality to their campus card. How will it affect spending on campus? Will it cost me more or will it generate revenue? What will happen to our card’s stored value accounts?
According to several colleges that have chosen to add banking and other off-campus functionality to their campus ID cards, the advantages for off-campus card use far exceed the disadvantages. In the end, these colleges agree that students love the extra choices available to them and that pays off in the long run.
“One of the questions we get asked frequently is: ‘Will adding a banking partnership reduce the dollars being spent in the campus stored value accounts?’” said Whitney Bright, vice president and general manager for Campus Banking with U.S. Bank. “Experience has shown that by adding a banking partner, students see their card as more of a financial tool. Most of our campuses haven’t seen a decrease in on-campus spending. In fact, it can have an opposite effect, because students end up using the card more often for all kinds of functions.”
“If they really analyze it, they’ll find that a banking partnership is a greater value to students and a greater financial value to the campus. But they must have an effective communications plan so students understand the difference between their on-campus account and their bank account … and where they can use those different accounts,” she said.
Sean Glass with Higher One agrees. His company, a provider of refund management and banking services for colleges and universities, has found that “with our ID card clients, the banking and refund management program helps to increase the amount of on-campus spending through our Campus Autoload feature.”
The program “lets students choose to have money automatically transferred from their OneAccount checking account whenever their on-campus flex account drops below a certain level,” says Mr. Glass. “One of our earliest clients, University of Wisconsin-Stout, (found) that adding our service improved the economics of their previous flex account system.”
Blackboard study quantifies this ‘growth for all’ phenomenom
What has been the impact on on-campus spending levels via the card following the launch of Blackboard’s BbOne off-campus program at client institutions? CR80News posed this question to Pedro Marzo, Director, of BbOne.
“This is the number one question we get asked by prospect clients so two years ago we decided to conduct a study among our clients to find out conclusively. We found out that on-campus spending increased on average 25% over three years,” said Mr. Marzo.
“For every dollar that is deposited into the flex account, about 2/3 gets spent on-campus, and only 1/3 goes to off-campus merchants,” he continues. “In other words, the size of the pie gets bigger, and often on-campus locations keep the biggest slice.”
The study showed that deposit levels increased as well … “on average 85% over three years,” according to Mr. Marzo. “The increase was significantly higher at institutions with brand new deployments and closer to 20% at schools with mature card programs.”
Creighton University sees overall growth through the banking addition
Omaha, Neb.-based Creighton’s banking relationship with U.S. Bank “is a win/win/win for all. We get help providing goods and services to our patrons without having to capitalize from a shrinking budget,” said Brenda Hovden, Creighton’s director of card services. “We’re not any different from any private institution. We come back with all these ideas, but our budgets just don’t have the ability to keep up. U.S. Bank gives us marketing opportunities and support. From our experience there are definitely benefits to having both a banking relationship and an off-campus program.”
She added: “Our community members are in need of financial transaction services beyond our campus fringe and that’s what the bank is looking to provide. The student or employee, the university, and the financial institution are looking for a long-term relationship that continues to be mutually beneficial. With U.S. Bank as our partner, Creighton University community members have access to personal financial coaches and local services.”
Creighton’s off-campus program “creates for merchants’ opportunities to reach our campus population,” she said. “One benefit is it offers our patrons the flexibility to choose from multiple payment methods. It’s this same flexibility that boosts our participation levels in both the number and balances carried in our JayBuck$ (declining balance) program.”
Does the banking functionality take away from the off campus merchant program? “Definitely not,” said Ms. Hovden. “While they both offer a mechanism to make off-campus transactions and the ability to monitor and budget student spending they also have different features and functionalities that we feel complement one another. With U.S. Bank’s Student or Workplace Banking our community members also have access to an array of services whose borders stretch beyond our campus fringe or functionality. We’re simply extending to our community members an opportunity to access those services using our ID Card.”
The 7,000 student-strong Creighton, with another 2,500 faculty and staff, uses BB One from Blackboard and currently has about six outside vendors, she said.
The student card can double as an ATM and PIN-based debit card. “It doesn’t have a Visa logo and you cannot perform signature-based transactions, in other words, no credit capabilities. So if the card is lost, it becomes ineffective immediately unless that person has your PIN number,” added Ms. Hovden.
Wisconsin campus finds similar growth with off-campus declining balance program
Having an off-campus program at the University of Wisconsin-Stevens Point has been a blessing since the school’s student union is undergoing construction. “Students still have increased opportunities for their dining and other needs,” said Jerome B. Lineberger, associate director University Centers. “Actually, they currently complement each other very effectively.”
He added: “There are cost and service level benefits to each program. In the long term, as payment media technologies merge and become more transparent to the user, it may become less of an issue.”
The university started its off campus program about five years ago, through Student Advantage. “When they were purchased by Blackboard, it was rolled into a Blackboard off-campus program,” said Mr. Lineberger.
He said when the university first implemented its off-campus program, the concern was “that we might cannibalize our on-campus sales. The college uses what it calls “PointCash,” a cash equivalency not tied to any meal plan. The college’s foodservice operator was concerned that all this PointCash money would go to the off campus merchants. “But our deposits went up, not down,” he said.
The university currently has about 15 off-campus merchants to service its 8,200 students. Merchants include food, laundry and dry cleaners.
Conclusion
The concerns are out there and campus card administrators will almost certainly face the questions when a new payment option is added to a card program. Will an off-campus program impact on-campus spending? Will a banking partnership impact on-campus and/or off-campus declining balance spending? Are we cannibalizing our revenues? The campuses and vendors interviewed for this article seem to agree that more options make for better usage, and better usage means more spending across locations and payment vehicles.
Perhaps Mr. Glass sums it up best when he stresses that you are not replacing the on-campus program when you add a banking partner. “When the school didn’t have banking on the campus card, students still had bank accounts … so adding banking won’t change how they access their money, it just makes it more convenient that they can do it all through one card.”
Mr. Marzo sums it up from the BbOne perspective, “perhaps the best evidence in favor of off-campus programs is that in all the years we’ve been managing (them) we’ve never seen a client re-evaluate their decision to go off-campus.”
University of Washington selected CBORD’s Foodservice Suite to serve its 40,000 students and 4,700 board plan participants. The school will make use of modules for “menu management, inventory management (including PDA-enabled data entry for onsite inventory tracking), CBORD’s nutrient database, nutritional accounting, event management, and interfaces for order transmissions to outside vendors, point-of-sale terminals, and accounts payable.”
CBORD welcomes the University of Washington
University purchases Foodservice Suite to improve margins and efficiency
Ithaca, New York: The CBORD Group, Inc. is pleased to announce that the University of Washington recently selected the company as its foodservice technology provider. The university purchased Foodservice Suite®, a modular software package designed to improve margins and increase customer and employee satisfaction by automating campus foodservice operations.
The University of Washington’s use of Foodservice Suite includes modules for menu management, inventory management (including PDA-enabled data entry for onsite inventory tracking), CBORD’s nutrient database, nutritional accounting, event management, and interfaces for order transmissions to outside vendors, point-of-sale terminals, and accounts payable. The school is also a user of CBORD’s Odyssey HMS™ housing management system, including its Judicial module.
The University of Washington was honored in 2003 by the National Association of College & University Food Services (NACUFS) with the Loyal E. Horton award in recognition of its eclectic and innovative food court, the Husky Den.
“We looked for a company that offered modern solutions for growth and sustainability to support our diverse lines of business, as well as one that could provide the service and support needed to effectively train users and implement the system,” says Anita Bowers, Assistant Director of Housing and Food Services at the University of Washington. “We found CBORD and its staff to best fit our needs.”
“The University of Washington has long been respected in the college and university foodservice industry for its innovations in campus dining,” says Peg Lacey, National Market Manager, Colleges & Universities, The CBORD Group, Inc. “We are very pleased to assist the university in further refining its already impressive operations.”
The University of Washington currently enrolls 40,000 students. It has a residence hall population of 4,900, with 4,700 students on board plans.
About The CBORD Group
The CBORD Group serves colleges and universities, corporations, healthcare facilities, chain restaurants, supermarkets, and a host of other market segments. CBORD’s products are used in foodservice, catering, nutrition services, online ordering, meal plans, campus ID card privilege control, access control, electronic security, housing services, and other institution-wide activities. The CBORD Group serves more than 5,000 clients in the U.S., Canada, Europe, South Africa, the Middle East, New Zealand, and Australia, including more than 850 colleges and universities.
By Andy Williams, Contributing Editor
When PricewaterhouseCoopers went from 13 different buildings down to one at its Zurich, Switzerland office, many of its 1,200 employees were using different ID cards providing only limited uses. So why not switch to one multi-function card?
That’s what the company went searching for. “We’ve always tried to look for state-of-the art systems and we found this card,” explains Corina Gerber, facility management, senior manager, for PricewaterhouseCoopers Switzerland (PwC).
This card Ms. Gerber refers to contains a chip manufactured by fellow Switzerland-based LEGIC Identsystems that handles everything the company needs with room for expansion.
Called an “all-in-one” card, it’s not new. Actually, it has been around about 10 years, said Bob Fee, general manager, Business Unit, for LEGIC in North America. But with the demand for more applications on one card, a multi-function type card is starting to come into its own.
PwC’s applications include building access, print management, an e-purse for cafeteria usage, garage and elevator access, and more, said Ms. Gerber.
For the time being just the Zurich office has the new card. “We moved into the new building about a year ago. Before that we had 13 different buildings. Just from a logistics (point of view) it was not working out correctly. We all moved under one roof in November, 2005 and had to design our own solutions for our cards,” said Ms. Gerber.
Secure document management provides a key application
PwC is a professional services firm best known for its auditing and accounting capabilities. One of the biggest demands the company had for its card is what Ms. Gerber calls “follow me” or “follow&secure” printing. Obviously a company dealing with tax returns and other sensitive data doesn’t want documents spit out by one of the company’s 60-plus multi-function printers/faxes/scanners just lying around until the person who sent the documents to the printer shows up to claim them.
“Secure means you have to physically go to the machine and, using your badge, release your documents,” said Ms. Gerber. “You always have things you don’t want lying around. You have the whole Human Resources department that prints out things such as salary schedules. This was one functionality we needed.”
With “follow&secure”, the job is sent to the printer, but it’s not printed until the document’s owner shows up at one of the company printers and flashes his card to the machine. That unlocks the printer and the job, which has been stored in a queue. Once the printing is finished, the person puts in his card again, which locks the printer.
The “follow” aspect of the solution is that the print job can follow wherever you happen to be.
“We have about 62 machines in the building and I can use any of these machines. I have my office on the first floor and I may have meeting on the fifth floor. That makes it very convenient. I don’t have to go to a particular printer. I can use the one on the fifth floor,” said Ms. Gerber.
“It’s also, a cost factor,” she added. “We used to have printers and copying machines. Printers aren’t that expensive but maintenance of copiers can be quite high. With the multi-function devices, costs are quite lower. We can print, scan, copy, and fax. Scanning is really great. You go there with your badge and once the device knows it is you, you put in the papers to be scanned and within one minute it’s in your mailbox.”
Access control via contactless and biometrics
Physical access control is another key component of the card. During normal business hours, only the employee’s ID badge is needed to gain access. “But after hours and on weekends, we go to biometrics,” specifically a fingerprint, said Ms. Gerber. The fingerprint template, added Mr. Fee, is stored on the 1 kb contactless chip.
Employees have to use a separate entrance in this case, where they have to produce both their badge and their finger. They then enter through a turnstile-like door that allows just one person in at a time. That, of course, prevents one employee from letting in several others with his badge and fingerprint.
Nothing’s perfect, however, so PwC also has 24-hour security in place as well, she said.
“When biometrics was first introduced, we thought maybe employees wouldn’t want to give us their fingerprint. But it’s just to gain access and it only covers five points. It’s not like the fingerprints police take. It’s the lowest type of fingerprint,” she added. “So nearly all of our employees gave us their fingerprint.”
The smoothness of the transition to the new system was brought about by “all the communication we did with our employees before we moved into the new building. We showed them what we intended to do with biometrics and how it works and how the multifunction devices would work,” she said.
PwC has offices in 149 countries; and some 140,000 employees. “In Switzerland, we have about 2,500 employees in 14 offices and 1,200 employees at the Zurich office,” she said.
Different vendors, different applications, but a single card …
“What we’re trying to make people understand,” said Mr. Fee, “is that different applications from different vendors doing different things can be stored on the card and be totally independent of each other. We have 50,000 customers. About half of them use more than just one application, usually two or three on average,” he added. The applications, like PwC, include access control, cashless payment, time and attendance, and the follow and secure print concept.
“About five Legic partners offer the ‘follow me print’ application. This particular application is being sought after more and more,” he said.
What PwC is utilizing on its all-in-one card is just the tip of the iceberg. German automaker BMW, serviced by LEGIC, “has 17 applications on their ID card. Airbus has 12,” said Mr. Fee. “They’re actually saving money because they’re using one card and it gives them more flexibility.”
The 13.56 frequency LEGIC contactless smart card uses encryption in the transmission. Data from the different vendors are encrypted from reader to the card and also on the card itself. “It provides a higher level of security. If a person loses the card there is nothing that can be accessed,” said Mr. Fee.
In fact, added Ms. Gerber, anyone finding a lost card won’t even know that it’s from PwC. There is a separate company name (Interlock) on the back of the card, and a telephone number. People can use that as a means of returning the card.
“We chose the name of the company which makes the card,” she added. “It’s a card maker here in Switzerland that we use.” When the card is lost, she said, it’s locked out of the system, but the money in the e-purse portion of the card is gone. Employees can load about 100 Swiss francs on the card that is usable in the company’s cafeterias or vending machines.
Originally, PwC had an ID card with no functions on it. “It was just a card that showed you were working at PricewaterhouseCoopers,” said Ms. Gerber.
While the Zurich office was the first with this type of card, other PwC offices are starting to come on line. “Geneva is starting up with the multi-function machines. We have to provide a card so an employee in Geneva, when he comes to the Zurich office, can still use the same card. Geneva is the first that has started doing this, but we’re working slowly with other (PwC) locations,” she said.
However, these cards carry only building access capabilities and aren’t yet all-in-one cards, she added.
From Zurich to the PwC world?
Ms. Gerber estimates that each card produced by PwC costs about 10 Swiss francs, but that includes the cost of the machine as well. “We produce our own cards for obvious security reasons,” she added.
Added Mr. Fee about the all-in-one card installation: “We relied on our partner network who did the installation and integration. We acted as a consultant and helped them understand how best to use the technology. We provided the oversight, the RF module and the transponder.”
He cited the PwC installation as “an excellent example of how an organization can utilize an all-in-one card. It reduces costs, increases security and gives them the flexibility to do more down the road … to use technology to enhance the organization. They can easily add or remove applications a year from now or five years from now. We’ve had customers using the technology for the last 15 years. It’s very secure and very flexible.”
Keeping track of the bad cards–those that were printed but never issued–is just as important as tracking the good cards when managing your ID card system.
For John Ekers, Fargo Electronics’ director of product marketing for software and services, it has become something of an evangelization issue.
“One of the things we’ve been trying to promote, which comes from working with security bureaus, is that it’s not just about your cards, but about your duplicates as well, your bad cards and how you are managing those,” said Mr. Ekers.
“…particularly in the ID market with desktop printers, you see a huge gap. No one is managing the bad cards, the ones that had to be remade,” he stresses. “Not many have software in place to tell you we made four copies of Jane’s ID badge and the fifth is what we sent out.”
What’s needed is something that will help organizations to do a reconciliation to match bad cards against the inventory and produce an audit trail. “The bad cards don’t necessarily have to be kept on file, but a supervisor needs to look at them, check them off (that they actually reviewed them) and then the cards can be destroyed,” said Mr. Ekers.
It’s all about hardening your security. The card may not have been encoded yet, but the picture is still there, the name is on the card and it could still be used fraudulently.
Fargo and others have tools that can secure the issuance process. “We’re trying to manage the issuance of both good cards and bad cards,” explained Mr. Ekers.
A recent presentation at a National Association of Campus Card Users (NACCU) conference on the issuance process ended, “with most of (the 40 college attendees) wanting to get back to their offices as soon as possible,” said Mr. Ekers. “These were people who initially felt their offices were pretty secure,” he said. “You need to know who has access to your card issuance system. Can someone come in over the weekend and produce fraudulent cards? And what is your liability if that happens? Fear drives a lot of this.”
If you’re providing a system to manage access, but you’re not managing the security of the issuance process, you could still be liable for any breakdown that occurs, he said. For example, someone could print out a fraudulent card that allows him to gain access to a secure building.
One preventative measure organizations can take is to utilize a tool that can lock down their printers. “If you have an application running on your PC, the only way the printer will work is if you present the printer password. That’s more widely accepted in the education market. In a lot of cases,” said Mr. Ekers, “you have students doing the badging process. At least over the weekend no one can come in and access the printer.”
Complementing that system, he added, would be a notification application. “An individual who comes in over the weekend who wanted to print badges and if the printer wasn’t locked up, the printer would send out a message over the network or cell phone and let the manager know that someone is trying to print something,” said Mr. Ekers.
Another possible security gap is the data itself that’s used to print the badges. “We recommend that you don’t maintain that data any longer than you need it. If you look at Visa or MasterCard, they’re not allowed to maintain account information for more than seven days. You don’t have to maintain a local database,” said Mr. Ekers.
Computer advancements have also led to more security holes. The simple USB port provides quick access to data on the computer. “A lot of corporations are not buying computers with USB ports,” he said.
Even if you don’t have the means to implement a sophisticated issuance security and card inventory system, “you can at least have an Excel spreadsheet where you log in the number of cards, cards you’ve printed, and so forth,” said Mr. Ekers. “You really need to manage that inventory.” Or, you could go low-tech with a simple pencil and paper method, he added.
“So many colleges today seem to be overwhelmed with operational requirements. Historically, they’ve let a lot of these things go just to get the cards out the door. But I think they’re starting to understand that there’s a lot more at stake,” said Mr. Ekers.
Part of the AVISIAN Publishing Expert Panel series to be published throughout December 2006
Kathleen Phillips, Vice President, Sales and Marketing
Fargo Electronics
While the implementation of HSPD-12 has been the card-related news to watch in 2006, its effects will be felt in other areas as well throughout 2007.
HSPD-12 mandates the badging of all federal employees and contractors under guidelines formed by the National Institute of Standards and Testing. While this is a landmark move for the federal government, the impact of established standards for smart card credentials on state government, university and corporate markets will have a more far-reaching effect.
For the first time, mid- to large-card program managers have a comprehensive template to guide them in designing and implementing a secure smart card credential program. The NIST standard provides all the criteria program managers should evaluate when creating their programs. While not every feature of the NIST standard may fit their individual programs, the standard provides a thorough checklist for consideration.
Two highlights of the NIST standard are important for other markets:
The impact of the NIST standard, in combination with more readily available, off-the-shelf smart card software applications and overall lower technology card prices will make a higher-security smart card program more reachable for mid to large corporations, state agencies and universities.
And while HSPD-12 was conceived to address security issues, the impact of productivity and efficiency will be seen in applications such as local area network logon, email signature, Web portal usage, etc. Market leaders who demonstrate a return on investment to private sector customers will see a higher adoption rate of their smart card solutions.
Compare FIPS 201 Products
Acquisition brings personalization to HID to “complete the identity management equation”
By Andy Williams, Contributing Editor
HID Global’s president and CEO, Denis Hébert, calls it “completing the equation.” That’s one way of looking at the company’s recent purchase of Fargo Electronics because it now gives the company a firmer hold on the complete credential management process, from creation to issuance.
Asked about the importance of this acquisition, Mr. Hébert said, “One of the key factors in our decision to make the acquisition was Fargo’s ability to complete our offerings in supplying credentials and ID devices to customers overall. It’s one thing to manufacture them and another thing to personalize them.”
“We saw an opportunity to complete the identity management equation by joining HID’s manufacturing of credentials and Fargo’s ability to personalize the credentials,” he added. “By combining our technologies with their processes, we are able to provide a more complete solution.”
California-based HID Global, a leading manufacturer in the access control industry, finalized the acquisition of Fargo Electronics, an Eden Prairie, Minn. company, in early August after meeting regulatory approvals. Fargo develops secure technologies for identity card issuance systems, including card printer/encoders, materials and software.
Similar cultures, similar missions
“With the completed acquisition, we are now positioned as a leader in the rapidly-growing market for secure issuance of corporate and national ID credentials,” said Mr. Hébert after finalization of the purchase. “Controlled access to materials, intelligent hardware that notifies authorities of misuse, and other enhanced process security features will set a new standard for performance in the industry.”
Mr. Hébert described the long-standing relationship between Fargo and HID: “When we saw the opportunity to merge the two companies, things moved relatively quickly,” he said. Both are now part of the ASSA ABLOY Group based in Stockholm, Sweden.
“One of the nice things about the two organizations is that we’re similar in culture,” said Mr. Hébert. “This is not a scenario of trying to fix things. We’re both well-respected brands working in the marketplace.”
What caught HID’s eye was the fact that Fargo has successfully transitioned from an equipment provider to a solutions provider in the past 18 months by actively addressing the end-issuer’s need to tighten the credential process. This fits nicely with HID’s approach to offer a secure, integrated identity management solution.
One of Fargo’s offerings that addresses the card issuance process is its SecureMark® Technology, which integrates and enhances the security and functionality of the Fargo Card Identity System. Combining hardware and security software, SecureMark is designed to lessen a card identity system’s vulnerabilities by reducing the risk of counterfeiting and unauthorized issuance of cards.
Locking down the card printing process
Fargo’s secure software suite can also protect against unauthorized users printing ID cards. The software tracks who printed the card and when. Last year, the company introduced a hardware aspect of its security system that protects the printer and the materials. SecureVault™ is a physical safe that can house cards, special inks, and other card-making materials.
“We’re trying to provide a closed loop around the entire issuance process from storing blank ribbons to password-protecting printers. SecureVault is an ID management system that controls and protects a critical and often overlooked part of an issuer’s card identity system … the materials,” said Mr. Hébert.
Put another way, he said, “We have a more seamless solution. If I have the ability to program a printer (which Fargo offers), I can provide a better service for end users.”
Does he anticipate changes at either organization?
“There are no real changes anticipated from an organizational perspective. Fargo has been very successful at building its brand and is a well-recognized player in the printing environment, while HID is well recognized in access control, both physical and logical, from a card and reader perspective,” he said.
“Fargo’s experience is with photo IDs and it will continue catering to its channel,” he added. Yet, while both companies, “follow different channels, there are also some areas we can explore together.”
Looking to government, university markets
Moving forward, Mr. Hébert said Fargo will continue to conduct business as an independent unit within HID Global and “both companies will work together to solidify potential synergies and identify opportunities for future digital identity and managed access solutions. The aim is to provide a unique value proposition for high security credential issuance and applications, from process to verification to authentication.”
In the post-merger arena, he sees “some great prospects for both of us. Clearly, both the government and university markets are keenly aware of the issuance process and are migrating towards technology cards. On the university side, there are tremendous opportunities to have more encompassing solutions.”
While the university market has been primarily based on mag stripe cards, from physical access to library management, “the future opportunity is to move towards smart cards and a more decentralized environment, producing more intelligent cards with greater capabilities,” Mr. Hébert said.
At the federal level, with HSPD-12, the issuance process again takes center stage. “It’s a large portion of credential management and what Fargo can produce in the physical and logical access areas melds nicely with HID’s capabilities,” he added.
Government business is, obviously, an important one for both Fargo and HID. Both companies have FIPS 201-compliant products in their lines.
Mr. Hébert foresees federal credential standards being adopted at state and city government levels. “We’re likely to expand into state and municipal governments as well as the commercial arenas,” he said.
For now, both companies are content with adding to an equation in which the whole is greater than the sum of the parts … and one that could result in great opportunities for both companies.
Compare FIPS 201 Products
Some of the contactless world’s best new products were on display at the HID Partner conference in San Diego in October. On display were at least thirty contactless offerings from companies around the world. HID Connect, the company established to help partners of HID Global in their efforts to bring supporting products to market, held their iNNOVATION awards competition. Winners included products that enable wireless physical access control, converge physical and logical access, identify a vehicle and its driver at long range, and facilitate easy creation of contactless applications and products.
AVISIAN Publishing’s editorial team served as judges for the awards. To evaluate the twenty entrants and determine the awardees, a scoring system was developed by the judges based upon the following measures of ‘innovation:’
“The field of products was exceptional making our selection process challenging,” said Chris Corum, Executive Editor of AVISIAN Publishing and one of the award judges. “The ultimate winner, the AIR ID Converter from RF IDeas, scored high in all categories and really defines innovation.”
“As an OEM module, it facilitates the launch of new iCLASS-enabled products … In fact, a number of the other products in the competition rely on the AIR ID Converter,” he added. “Plus, it enables integrators and end issuers to rapidly build custom applications that capitalize on the HID credential for use beyond physical security into logical access and multi-application environments.”
The iNNOVATION 2006 event provided a great showcase for emerging contactless solutions. Said Debra Spitler, HID Global’s executive vice president of HID Connect, “it is rewarding to see partners develop solutions to support end-user requests … that leverage the use of existing HID credentials to solve business problems.”
First Place:
AIR ID Playback Converter
RF IDeas, Inc.
Accepting the award: Greg Gliniecki, Vice President
RF IDeas AIR ID Playback Converter permits users of HID’s iCLASS read/write readers, such as the RW400, to quickly deliver solutions. It is currently in use in truck scale, manufacturing and kiosk applications interfacing to backend systems. According to Mr. Gliniecki, “the converter completely removes all software development tasks and allows OEMs and end users alike to quickly bring out full solutions for nearly all applications in as little as an hour.”
The AIR ID line opens iCLASS to any operating system, including Windows, Unix, Linux, Macintosh as well as embedded applications, enabling support for existing applications under these environments. The converter expands the RF Ideas line beyond the PC, to non-desktop and outdoor environments. The AIR ID Playback converter is available today in USB or RS-232. The USB converter outputs as keystrokes while the RS-232 output ASCII characters.
Second Place:
Nedap Transition Booster
NEDAP AVI
Accepting the award: Gorm Tuxen, Business Development the Americas
Nedap’s AVI (Automatic Vehicle Identification) Boosters are in-vehicle reader transmitters, that allows a driver to use a standard building access credential such as an HID prox, iCLASS, ISO 15693, and ISO 14443 card for vehicle access. The card’s output is ‘boosted’ distances up to 33 feet and can be read at speeds in excess of 125 Mph. The Combi Booster adds an imbedded vehicle ID to the personal credential ID, enabling identification of both the vehicle and its driver. Visit www.tuxen.us/nedapavi for more information on driver based vehicle access.
Third Place:
Sig-Tec Convergence Solutions
Sig-Tec
Accepting the award: John McGuire, Regional Director
Sig-Tec’s Convergence software enables both logical and physical security using iCLASS cards, proximity cards, biometrics, and tokens. Added to the company’s prior solutions that addressed logical access security, print security and remote desktop access security is a physical security based on HID’s Vertex controllers and iCLASS credentials, Omnikey readers, and Sargent door locks. According to Mr. McGuire, the solution is extremely scalable and cost effective enabling convergence solutions within the reach of small and mid sized organizations.
Honorable Mention:
Wireless Access Management Solution (WAMS)
OSI Security Devices
Accepting the award: Derek Trimble, President
The WAMS solution provided end-to-end (door to host) wireless communications using OSI’s Omnilock battery powered reader/lock units and HID credentials. Combining battery operated lock mechanisms with the installation and communication ease of wireless cuts the costs and disruption of retrofitting access control environments. The user gets the functionality of a software-based system at a lower cost with little or no interruption to their business. With no controllers required, no modifications to doors, and no electrical needs at the door, the system is easily added to and can be removed and re-installed in another location.
Understanding who pays, who gets paid, and how to make sure your cardholders win
ATMs are a convenient and quick source for cash. But they also can be expensive if you’re using an ATM that is not owned by your bank. For a college student on a budget ATM fees, even at $1 or $2 a pop, can add up. Understanding the various types of ATM fees, including foreign fees and surcharges, can help campus administrators select the best bank partner to serve their students via the campus card program.
ATM fees explained …
ATM fees are usually levied when you attempt to use your bankcard at an ATM machine owned by another bank. Typically, your own bank will charge you a fee, called a “foreign fee,” to cover the costs they are charged directly when you use an ATM owned by another financial institution. Additionally, the bank that owns the machine may charge a fee, known as a “surcharge fee,” for using its ATM. In essence, when you don’t choose the ATM carefully you may be paying two fees for a single transaction.
The first thing to consider are the parties involved in an ATM transaction: the cardholder’s bank, the ATM network, and the ATM owner. Each of these parties incurs costs when a cardholder uses an ATM. It is only logical that each of these parties levies fees to cover their costs and make money.
When a cardholder uses an ATM that is owned by their bank, the transaction is called an “on us” transaction. No other bank or ATM owner is involved in the transaction so only the ATM network and the cardholder’s bank are entitled to fees.
When a cardholder uses an ATM that is owned by another bank or private ATM owner, the transaction is called a “foreign” transaction. In such a case, all three parties incur costs and thus levy fees. The ATM owner has the costs associated with deploying and maintaining the machine, the network uses its infrastructure to route the transaction, and the cardholder’s bank must approve and moderate it.
With “on us” transactions, the costs are most often absorbed by the cardholder’s bank as a service to their customer. Foreign transactions, however, typically result in two separate fees to the cardholder.
First, a fee called a surcharge is levied at the time of the transaction. This fee is detailed on-screen at the ATM, usually taking a form such as, “the owner of this ATM charges a $1.50 fee for use of the device.” The cardholder is asked to accept or decline the fee and, subsequently, the transaction. This fee is shared between the ATM owner and the network.
A foreign transaction also commonly results in a second fee assessed by the cardholder’s bank. This fee appears in the monthly statement and is designed to cover the expenses that the cardholder’s bank incurs during the transaction. This fee is set by the cardholder’s bank though a portion of it is shared with the ATM owner.
For years there have been consumer complaints that ATM owners were, in essence, double-dipping by surcharging and sharing in the foreign fee collected by the cardholder’s bank. There were pushes to ban surcharging brought from many levels (in fact, surcharging was not allowed in the early days of ATMs).
The reality, however, is that this it is the surcharge that has enabled ATM deployment to proceed to the extent it has occurred. Without surcharges, it would be difficult to make money deploying and operating the devices. The surcharge has changed this and created a major business in ATM operation. This has led to significant convenience–with an ATM on almost every corner. Consumers can avoid fees by using devices deployed by their bank, but they can also benefit from the convenience of ready access if they are willing to pay the additional fees.
Evaluating ATM networks for your campus card program
“Students love to use ATM machines, but they hate to pay fees,” says Whitney Bright, vice president and general manager for U.S. Bank Campus Banking. She suggests that ATM availability and fee structures should be one of the issues a college examines when evaluating a potential bank partner. Not only should the college ask the bank if it will provide ATM machines on campus (that should be a given), but what kind of network does it have beyond the campus.
Will students be able to access ATM machines–without paying a fee–when they go home for the summer? “As you’re evaluating a potential banking partner, you should look for one with a large ATM network,” Ms. Bright advises colleges.
“When we partner with a school like Northwestern University, with students who come from all over the country, they want to be able to use their U.S. Bank account tied to their WildCard when they go back home, thus avoiding fees,” she said.
But, it’s not always that simple. The on-campus bank may not have branches or ATMs in all communities. That leaves the student with limited options: Open two accounts, one back home and one on campus, or sign up with a bank that has branches in both locations.
Or, choose door No. 3. Even though your on-campus bank may not have a branch back in your hometown, it could be a member of a network that specializes in offering surcharge-free ATMs.
Surcharge-free ATM networks
U.S. Bank chose that option last year when it purchased Genpass, owner of the MoneyPass Network (www.moneypass.com), a system of more than 7,000 surcharge-free ATMs. In addition, the student checking account at U.S. Bank waives the first four foreign ATM transactions per month giving students and option to use MoneyPass ATMs with zero fees across the country.
“This is a big advantage for students who want to use their account with no fees anywhere they travel in the country,” said Ms. Bright.
The bank’s membership in the Moneypass network adds another 7,000 ATMs that U.S. Bank customers can access, even if there isn’t a U.S. Bank in their hometown. The bank also operates some 5,000 ATMs that its customers can already use fee-free.
MoneyPass isn’t the only surcharge-free network, or even the largest. That honor goes to Allpoint (www.allpointnetwork.com), which offers some 32,000 ATMs. Another is NetBank (www.netbank.com/bankingcardsatm_free.htm) which has the nation’s second largest bank-operated ATM network.
Alliance One (www.atmallianceone.org/AllianceOne) is a nationwide group of select-surcharge ATMs in 37 states, Puerto Rico and the District of Columbia. Alliance One is a nationwide cooperative group of credit unions, community banks and thrifts that have joined forces to let their cardholders access each others’ ATMs without having to pay ATM surcharge fees.
Student-friendly ATM fees should be a part of a sound bank partnership
“If you’re considering a banking partnership with your campus ID, look at the many different things that can make a bank partnership successful with the university long term,” Ms. Bright advises colleges. A surcharge-free ATM network can go a long way towards keeping your students happy, while saving them money.
Sweden’s Göteborg University deploys a visual challenge and response solution from Entrust
By Andy Williams, Contributing Editor
You log in with your password, then you’re met with another screen with the following: A3, F4, J5. No, you’re not playing Bingo. It’s part of an authentication system created by Dallas, Texas-based Entrust. To supply the correct answers to A3, F4 and J5, you need a grid supplied by the company. It’s a security solution that one Swedish university has chosen to protect its student records.
“Grid authentication is about an X-Y coordinate lookup system,” said Steve Neville, senior manager of ID products and solutions for Entrust, Inc. a secure digital identity provider. “It’s like reading a map and it’s about being able to respond to the random challenges of a coordinate on a grid.”
To help prevent attacks on student data and protect the records of its 60,000 students and faculty while facilitating access for authorized parties, Göteborg University in Sweden recently implemented Entrust’s IdentityGuard. The campus, one of the largest in Scandinavia, joins a Tokyo college and “several others across Europe (that) are using it for their students and faculty also,” said Mr. Neville.
A cost-conscious option for multi-factor authentication
The two-factor authentication system requires a password, plus the grid that’s often printed on the back of a student’s or faculty member’s identification card, said Mr. Neville. It’s a standard student card that’s usable not only for identification but for other things, like accessing foodservice.
“Some organizations provide more flexibility and allow their customers to print out the grids, or store them and send them, via SMS, to their phone,” he added.
Either way, the grid is useless without the password and the password useless without the grid. The grid is the ‘something you have’ and the password is the ‘something you know’ in the multi-factor authentication scenario.
This kind of authentication “has been a bit more accepted in the rest of the world than North America,” he said. “North America has always lagged in deployment of second factor authentication. In Europe it’s been accepted and understood as a requirement for many years. I expect to see these things in North America take hold there soon.”
“We wanted an authentication solution that would provide strong security but also would be easy to use for our students and faculty and also be economical to manage,” said Sven-Elof Kristenson, IT manager at Göteborg University. “Because we can combine the Entrust IdentityGuard grid authentication capability with the identity cards we already issue to our students and faculty at the beginning of the school term, it fit seamlessly into our existing system and will give us the ability to make even more services available online for everyone.”
The university also chose IdentityGuard because its grid authentication capability can be used to access records, file storage, reports, e-mail and calendar functions, said Mr. Neville. “It was a natural choice for stronger authentication. Ease of integration and usability also were factors that led to the decision to implement Entrust IdentityGuard.”
Adding ‘machine fingerprinting’ to the grid authentication
“ID Guard in and of itself is a platform for authentication,” said Mr. Neville. It comes in six different flavors–authentication options–ranging from the non-intrusive like machine fingerprinting and grid authentication to one-time password tokens, he added.
“One of the reasons Göteborg liked grid authentication is that it also delivers the flexibility to input other types of authentication. Inside our license model we don’t force them to track which authentication they’re using. They can choose which ones they want to use to protect student data,” said Mr. Neville.
A risk can be assigned to student data to determine the type of authentication needed, he added. “It can be a simple process, like this type of information requires the grid and machine authentication. For students, the grid is totally fine because they’re roaming around,” said Mr. Neville.
ID Guard is a “software server based product that can also provide strong authentication for remote access,” he added.
“What we’ve done is open platform. We support adding different authenticators. You can add machine fingerprinting, literally being able to capture parameters of an individual machine such as its IP address and its browser settings. If that person is coming in from a registered machine, on subsequent authentications it can transparently check.” If not, he’ll be prompted for more security, such as a password.
“It’s all about increasing the security of a machine without affecting the user,” said Mr. Neville.
“When they (Göteborg University officials) were looking at security solutions, they were very sensitive to cost and how much change would be required. They looked at ID Guard as a very attractive solution versus one that could only be deployed to faculty alone because of the cost. It was also something they found very unique and something they could trust.”
Are displays for smart cards finally more than just talk?
Marisa Torrieri, Contributing Editor
It’s your credit card … spiked with something extra … a thin, flexible display with a readout similar to that of a calculator. But you don’t just make transactions with this card. With this baby you make them two-factor style, fusing something you know (your card number), with something you definitely have in your possession (your card).
Why would a cardholder care?
Here’s one reason: in growing digital-transaction real-world scenario, where more and more purchases are made online, the party on the other end receives your card number and security code, but there’s no way of knowing that you actually are the one holding the card. No biggie … until some ID-stealing thief’s trying to purchase a dozen iPods online using your number.
Fortunately, this new kind of card is on the horizon, and will allow consumers to conduct secure transactions with two-factor authentication with ease. A growing number of companies are developing thin, password-generating card displays that can be incorporated into your trusty cards. Equipped with displays, that can now be mass-produced at rapid speed, these new powerful cards generate single, numeric pass codes that change at the push of a button, transaction to transaction. In the future, people will be able to
view things such as recent bank transactions and credit card balances – on the cards themselves.
Because U.S. consumers and the financial institutions that serve them continue to resist technologies such as One-Time-Password tokens, that make consumers do more work to secure their transactions, display-equipped cards are generating a great deal of interest as an alternative for secure two-factor authentication.
In the next six months, a number of companies working with electronic displays, like Aveso Inc., SmartDisplayer, and InCard Technologies, are hoping to see their slender, powerful, high-tech wares bear fruit.
Financial applications are, arguably, the hottest and most promising markets for display technology cards, thanks to nearly one-year-old Federal Financial Institutions Examination Council (FFIEC) guidelines, recommending that institutions to bear the burden of incorporating two-factor authentication methodologies into their offerings to enhance security.
“This is another hardware or token format,” says Emily de Rotstein, executive vice president of marketing for Aveso Inc., a company that develops printed electronic displays. “If you’re a bank in America, you can brand the card, personalize the card, and add OTP functionality to the card itself. It’s the logical next step in the evolution of a payment card for secure online authentication.”
According to Ms. de Rotstein, technology such as Aveso’s allows for easy integration of electronic displays into high-volume printed products such as credit cards and packaging labels. Because displays are produced using existing print-manufacturing techniques, display devices can be scaled cost-effectively in the hundreds of millions of units, volumes required to support a global industry standard for the electronic display card.
How the technology works, why it makes transactions better
Sure, the form factor – a slender, powered card that give you a one-time-password, and may even be able to display credit card balances – is a sexy proposition. Especially in light of the FFIEC guidelines. But what about the technology?
To get an idea of how a thin electronic display works, one must first understand that it is just one of three critical components of a display card: the other two are the battery (the power source, which allows for a number to be generated), and the microprocessor (the chip that runs algorithmic applications to generate numbers).
Display technology allows for a one time passcode to be generated and show up, on a card’s surface, within seconds. So a person holding the card possesses two-factor authentication – something they know (secret password), and something they have (the card itself). The combination lessens the likelihood of identity theft.
And that’s just for starters.
The display card will potentially be able to display all sorts of information to its users; numeric, electronic displays give numeric information, for example.
“Thin and flexible electronic displays enable new applications that have not been possible displays that have not been possible in the past due to the limitations of the traditional, glass-based displays,” says Ms. de Rotstein, referring to glass-based, liquid crystal displays found in such applications as watches and phones. “Traditional displays are often too thick or too fragile for integration into the standard credit card. By overcoming these hurdles, plastic, flexible displays will transform the payment card and deliver benefits to consumers and card issuers alike.”
It’s those applications Innovative Card Technologies (InCard) is banking on in a series of pilots set to begin in the fourth quarter of 2006, says CEO/Founder Alan Finkelstein.
“The world is becoming aware that a random generator is the fastest, most cost effective way to get secure technology to the mass market,” says Mr. Finkelstein.
InCard is the exclusive provider of a flexible display technology called SmartDisplayer, developed by the Taiwanese company of the same name, as it relates to displays placed in a card form factor.
InCard Technologies recently created its DisplayCard with OTP and it plans to pilot the card later this summer. The card, via an embedded chip and an display, generates an OTP at the push of a button. Then, the card is authenticated by a secure server to confirm that the genuine cardholder is the one making the transaction.
So, by the time cold snow has replaced this slip-and-slide summer, will interest in these cards generate a new kind of heat? InCard, for one, is crossing its fingers. “When we started to look into this three or four years ago, we met with everybody who was trying to develop technology and components like these,” says Mr. Finkelstein. “From the time they showed us a display that was working, it still took three years of R&D and many millions of dollars.”
Still, the bottom line comes down to consumer behavior, the perceived
necessity of two-factor security, and, according to Mr. Finkelstein, the question: “Do you want to carry two or three of those tokens or would you rather put a card (with a flexible display) in your wallet?”
