home

 

 


Mr. Philippe Benitez
Vice President of Marketing and Business Development
Secure Transactions, North America
Gemalto, Inc.
www.gemalto.com
Paris: GTO.PA

SecurityStockWatch.com: Thanks for taking the time to talk with us today. Can you give us a little background about your role at Gemalto to start things off?

Philippe Benitez: Certainly. I am focusing on next-generation payment solutions in North America. Specifically, I am working on EMV migration in the US – the migration from magnetic strip cards to chip-and-pin cards, and on mobile payment solutions.

SecurityStockWatch.com: While you focus on payment solutions, Gemalto offers products and services in several different markets – including Telecommunications, Financial Services and Retail, Government and Transport. Can you give us a brief understanding of how Gemalto serves all these different markets?

Philippe Benitez: Gemalto works with its customers across all business units at a fundamental level – the digital security level.  We focus on helping banks, telecom operators, governments and corporations provide better, more convenient and secure services to their customers. In Telecommunications, for example, we provide SIM cards as well as the remote administration Over the Air (OTA) infrastructure that enables mobile subscribers to surf, make calls and pay securely from their cell phone. In the government space, we work with the Department of Defense to provide secure access to buildings and computer networks with the common access card (CAC Card). We also manufacture the new e-Passports. Any citizen that has requested a passport in the last few years has received a document that contains a microprocessor chip, which speeds entry into the US and prevents forgery of passports. For banks, the area that I focus on, we provide EMV payment cards, which use a secure chip, and the personalization and fulfillment services to get the cards into user’s hands. Gemalto also offers NFC mobile payments services, and the technology to secure access to e-banking sites. We are a trusted partner to all of our customers who rely on us to facilitate the digital transactions consumers perform every day.

SecurityStockWatch.com: As the world becomes more digital, are you finding that some of the markets Gemalto serves, that have historically been separated, are merging? Or at least starting to overlap?

Philippe Benitez: Absolutely. We see quite a bit of convergence between all of our business units. Payment capabilities are becoming ubiquitous. For example, the CAC card could support payments in the future. There is a trend towards multi-application cards, for example adding payment capability to an employee ID card. In the mobile space, there is a convergence of all sorts of applications, especially payment and e-banking.

Even though the markets we've been talking about started off separate, they are converging in the digital world. Gemalto is uniquely positioned to help its customers provide converged services, by taking the expertise it has developed over the past 20 years.  Each of these verticals has its own needs, language, culture, and applications – and serving them requires very specialized expertise. Gemalto has the unique ability to supply products and solutions that meet all the relevant standards and security requirements in these markets. We are an intermediary that helps these verticals cross into each other's domains as painlessly and securely as possible to offer new services. For example, our SIM cards help billions of mobile subscribers stay connected, and new generation SIMs will enable them to pay securely, using their phone.

SecurityStockWatch.com: It is interesting that you work on both mobile payment and EMV chip-and-pin payment solutions, as these two standards are experiencing very different levels of acceptance – especially globally. Do you see any connections between these two areas of payment?

Philippe Benitez: There is a definite connection between the two – and a historical analogy as well. In the mobile world, carriers in the U.S. aligned with TDMA and CDMA to provide wireless phone service. Globally, another standard called GSM was developed and deployed. As a result, American travelers couldn’t use their phones overseas. This led to U.S. carriers offering GSM or Travel Friendly mobile phones to its affected customers.

In the payment world, we are seeing a very similar situation with magnetic stripe – U.S. travelers are having cards refused because old magnetic technology is riskier to accept for foreign retailers than EMV enabled cards. So we are seeing American banks launch EMV-enabled traveler cards for customers who travel frequently. History is repeating itself.

Coincidentally, the fundamental security component in both markets is built on smart card technology (SIM cards for Mobile and EMV cards for payment). And for mobile payment to become a reality, banks need a place to store credit card information on the handset. The SIM card –a “secure element”, as it is called within the industry – is a very natural place to store the payment data. Secure elements are usually based on smart card standards and can take various other forms, such as being embedded in the handset itself, or included in a removable SD card. Gemalto supports any of these options. This is an area where our work as a trusted partner in both banking and telecom markets is essential because we understand, at a fundamental level, how any secure element is going to work and how to communicate with it remotely to activate the phone’s payment capability. Gemalto is able to reach out and activate the payment function via the secure element, no matter where the user is located on the network, because of our experience and unique understanding of how telecommunications, payment and digital security tie together.  From the bank to the mobile network to the secure element, Gemalto provides bridging technologies that secure and interconnect the three.

SecurityStockWatch.com: Do you think there is room for the telecommunications industry to learn from the evolution of the credit card? Learn from the migration to EMV?

Philippe Benitez: The mobile space has already gone through several major technology shifts, while magnetic stripe credit cards haven't changed in over 40 years. Mobile operators have always had security as a key feature. Where they can learn from the EMV migration is through all the standards that have been put in place to ensure an interoperable, globally accepted payment solution. Gemalto is part of EMVCo and Global Platform, the global standards bodies that define smart card payment security requirements, and we are part of ETSI and the GSM Association, the global telecom standards bodies. We are helping to build a solid standards-based foundation for mobile payment.

SecurityStockWatch.com: Do you think, then, that EMV is helping mobile payment progress?

Philippe Benitez: I definitely think the global adoption of EMV is helping mobile payment progress. EMV has worked through the majority of the interoperability problems in the payment space. Really, all mobile payment needs to do now is port the EMV solution onto that secure element.  The network and infrastructure has already been built out – and the network will just see a mobile payment as another transaction – it won’t differentiate between a payment coming from a mobile device or one coming from an EMV card. Once the cardholder taps his device to pay at the point-of-sale, the payment network will process the transaction as it would any other card payment.

SecurityStockWatch.com: What is holding EMV back from deployment in the U.S.? Do you think the U.S. will also fall behind in offering mobile payment solutions?

Philippe Benitez: In order to understand why EMV hasn’t seen the widespread adoption in the U.S. that it has seen globally, you have to understand that the U.S. credit card payment infrastructure was developed around convenience and a post-fraud detection philosophy. The industry developed ways to detect fraud after it happens – on the network - and has developed sophisticated mechanisms to limit exposure by limiting fraud after it takes place.. Online authorization was selected in the U.S. largely because local communications are free, so verifying transactions online is cost effective. Globally, where local communications are not free, the US methodology is much more costly. In Europe, they were trying to minimize the amount of communication needed to finalize a transaction, so banks used smart cards as a fraud prevention measure. Smart cards add several security features, such as an offline card PIN, that help reduce exposure to fraud without the need for continuous, real-time verification of transactions on the network. Therefore the US didn’t embrace EMV in the beginning. Now, due to the global acceptance of EMV, we are beginning to see a change in US banks’ thinking as lack of WW acceptance could impact revenue moving forward.

As far as mobile payment is concerned, no, I do not think the U.S. will lag in this space. On the contrary, I believe the U.S. can build on its early mobile payment trials and its current projects to shape the future of mobile payments. U.S. companies are more sensitive to the impact of global standards on their business and now develop technologies with global standards and the global marketplace in mind.

SecurityStockWatch.com: If the infrastructure is already in place, why has mobile payment seemingly been such an uphill battle?

Philippe Benitez: I think there has been some debate around who the mobile payment customer belongs to, and the players need to define that before they are able to build services to meet that customer's needs. I see the formation of Isis as a huge step forward for mobile operators. Now there is a unified group of operators working to develop solutions rather than one operator forging a path alone. The question still remains, who handles the security keys – who will unite the different entities required for a successful mobile payment solution – banks, mobile operators, or a third party? That is where Gemalto can help.

 SecurityStockWatch.com: Is mobile payment a target market for Gemalto at this time?

Philippe Benitez: Yes, most definitely. Gemalto is a perfect fit to provide digital security for mobile payment deployments. We are already working with all the players in the ecosystem and are a natural trusted partner as a result. We have a TSM business unit, which has the capability to offer trusted service management to enable secure download of credit card information into mobile devices. And we have already won several commercial references in this space where we are deploying the technology. We have also invested in Trusted Logic, a company that develops a trusted execution environment – a secure compartment inside the phone, so to speak, where payment applications can run securely, protected from mobile viruses and other malware.

 SecurityStockWatch.com: Before I let you go, is there anything that you can touch on in regards to trends to watch for this coming year in regards to EMV?

Philippe Benitez: Philippe Benitez: I think that 2011 will see a few more steps towards EMV adoption in the US. I believe the conversation between financial institutions and mobile service providers will result in usable solutions for consumers to access mobile payments on a national and international level.  Our two neighbors, Canada and Mexico, already use EMV, and the European Central Bank is talking about eliminating the magstripe from payment cards in 2012, and China will follow in 2015, so there are compelling reasons for the US to make the transition. And the first US banks have already begun doing so.

 SecurityStockWatch.com: Great, Philippe. Thank you for taking the time to talk with us.