In The Boardroom With...

Mr. Jack Jania
Vice President and General Manger
Secure Transactions Business Unit
Gemalto, Inc.
www.gemalto.com


SecurityStockWatch.com: Thank you for joining us today, Jack.  Please give us an overview of your background and your role at Gemalto.

Jack Jania: We organize our business units around our three major markets, Telecom, Security and Secure Transactions.  I head up secure transactions for Gemalto North America. The secure transactions team drives all business activity in the banking and credit/debit card sector, including both contactless payment and smart card-based bankcards now being deployed in Canada. Prior to my current role, I spent several years within the mobile telecom business unit at Gemalto, and was involved in the launch of 3G smart card technology and NFC mobile payment.  My early background was in semiconductor component test engineering and system-level architecture.  This allowed the opportunity to participate in the design and implementation of the high-speed information systems for the American Stock Exchange, the Chicago Board of Trade, the Chicago Options Exchange and other stock exchanges. My career started in the broadcast industry, and worked with leading broadcasters and events around the world. 

SecurityStockWatch.com: One will read on Gemalto.com that, “More than one billion people worldwide use our products and services for telecommunications, financial services, e-government, identity and access management, multimedia content, digital rights management, IT security, mass transit and many other applications”.  Please give us an overview of Gemalto solutions.

Jack Jania: Gemalto is the world leader in digital security solutions.  We make a wide range of secure personal devices like EMV payment cards, SIM cards for cell phones, contactless payment cards, electronic passports and other government identity credentials.  Our roots are in smart cards, so all the devices we make are derived from that microcomputer technology, although of course there are many forms other than just cards.  They all have a secure microprocessor and special software that we develop.

We also provide the software platforms, industry grade systems and services our customers need to have a complete solution.  For example, in telecom we provide the world’s largest installed base of over-the-air (OTA) computer platforms, managing about 800 million mobile phones on behalf of 400 operators around the world. 

Another example is in banking, where we provide personalization and fulfillment services to customize each bankcard.  That’s not as easy as it might sound, because there is a great deal of security technology and operational processes required to create a confidential, unique data set for each contactless payment or smart card that is matched to the account holder and issuer.

The difference we see between the digital security sector and the IT security industry is that we are creating a personal security device.  It is inside something a consumer carries, like a credit or debit card, passport or cell phone.  And it helps give people the freedom to communicate, travel, shop, bank, entertain and work—anytime, anywhere— in ways that are convenient, enjoyable and secure.

SecurityStockWatch.com: What are your target markets in the Secure Transactions Business Unit and what is your perspective on the market drivers at this time?

Jack Jania: Contactless payment, smart EMV credit/debit cards and open loop contactless transport are our most important target markets today.  Examples of contactless payment include American Express ExpressPay, Chase blink, MasterCard PayPass and Visa payWave.  Most large cities in the United States and elsewhere are also in various stages of implementing open loop contactless payment systems for their metropolitan subway and bus transit systems.  The contactless payment market driver for consumers is greater convenience and transaction speed.  For card issuers and merchants, it is increasing the penetration of electronic transactions versus cash.
Canada and much of the rest of the world are migrating to contact smart card technology for credit and debit cards, following a global standard called EMV. This migration in Canada is a top priority for my team right now, because by 2010 all new cards being issued must be EMV compatible and we have already deployed to cardholders tens of millions of EMV cards. Multiple countries in Latin America have also made the decision to migrate to EMV cards.
The main drivers are credit card fraud and identity theft. For example, in Brazil skimming and cloned card fraud grew at a 43.5 percent CAGR between 2004 and 2006, according to a representative from Banco Real ABN Amro at last year’s CTST and Smart Card Alliance annual conference. This trend prompted them to implement a pan-Latin America liability shift that protects the party that has upgraded to EMV smart cards or terminals if fraud occurs.

SecurityStockWatch.com: How has the worldwide financial meltdown affected your business?

Jack Jania: Gemalto finished 2008 in a strong position that was sustained even in the second half.  If you look at our full year results, we reached €169 million in adjusted operating income, twice that of 2007.  We also achieved our goal of 10% adjusted operating margin target we had set for ourselves, one year ahead of schedule and even posted a combined second-half operating margin of 11.2% in our three main segments.  So you can see we held up well despite the current economy.

I think one reason is that we are tied into some very resilient parts of the global economy, like wireless services and government identity programs.  Within banking, one of the hardest hit sectors of the global economy, we are involved with credit and debit cards.  Traditionally this is a high profit segment for banks and has remained a good sector for Gemalto.

Another factor keeping us strong is that demand for digital security is tied into people’s need to move about but still have convenient and secure access to information and communications.  And the need to do more online but strengthen security, which is a driver that is behind a number of e-government and healthcare identity programs.  These are powerful, long term trends that keep us moving upward even in today’s difficult economy.

SecurityStockWatch.com:  We understand that you will be speaking at the upcoming CTST The Americas Conference (www.ctst.com/CTST09/).  May we have an overview of the subjects you will be discussing?

Jack Jania: As I said, Canada is starting to migrate to chip and PIN bankcards based on the EMV standard.  So is a majority of Latin America.  Europe, which largely already uses smart cards for its credit and debit cards, is moving into a new generation of stronger security technology.  Yet many U.S. issuers and merchants do not understand why and have a lot of misperceptions about the costs versus the benefits.

My CTST presentation will review EMV basics, explain what new forms of EMV cards Canada is mass deploying, and examine the security and convenience benefits this program brings to all of the stakeholders—consumers merchants and card issuers.

One very important aspect of this discussion is how this could benefit issuers and merchants in the US and how to make this change gradually so it costs less.  Another key theme is how the work we are doing with contactless payment can take us down the path of higher security for payment cards at the same time.

SecurityStockWatch.com: You said EMV migration is an important market driver.  In addition to Canada, where else is Gemalto getting business from this?

Jack Jania: All of our regions are benefiting from EMV migration.  For example, Gemalto was selected by Royal Bank of Scotland, to carry out the migration to microprocessor EMV credit cards across three markets in Asia: Indonesia, Taiwan and India.  Like Latin America, fraud reduction is the major driving force behind Asia’s commitment to EMV migration.  According to the Indonesian Credit Card Association, credit card fraud in the country amounted to 35 billion rupiah (approximately 2.3 million Euro) in 2007.  Gemalto has already successfully completed the migration to EMV cards for three of four banks in Indonesia, well ahead of the 2010 migration mandate set by the Bank of Indonesia.

Another example is Venezuela, where our local partners estimate that eight million EMV cards will be issued in the first year starting this June. 

In Europe, VISA and MasterCard have mandated that all EMV cards move to a high-end security technology by 2011, something called Dynamic Data Authentication or DDA.  This requires changing the smart card technology in the bankcards, which will further strengthen the dynamics of our EMV market in that region as well.

SecurityStockWatch.com: Barclays, one of your important European banking customers, has stated publicly that their customers who use a security solution from Gemalto to access their online bank accounts have had zero fraud.  Without divulging any proprietary or confidential information, of course, can you tell us more about the solution Gemalto provided here?
 
Jack Jania: I give Barclays a lot of credit for sharing their experience with other banks, because this is a great success story that directly addresses the serious problems of online account fraud due to phishing or passwords stolen by keyboard loggers or other spyware. 

Barclays calls the product PINsentry.  It is a smart card device about the size of a calculator with a PIN pad and display.  Barclays’ customers insert their usual chip-enabled bankcard into the PINsentry reader from Gemalto and type in their card Personal Identification Number (PIN) code.  That generates a unique, one-time only password to authenticate them when they login to their bank account online.  That makes the login super secure, because each login is unique so even if someone steals your password they cannot login to your online account because they would need your bankcard and PIN.

They also use PINsentry to sign transactions, which provides a much higher level of security.  This enabled Barclays to increase the maximum amount for personal online funds transfer transactions tenfold, for example.  Customers carry the devices with them and can perform these secure online transactions from any personal computer. 

Gemalto produced a unique looking device for Barclays, customized with their corporate visual identity.  The Gemalto solution also includes a fulfillment service, which is not as easy as it sounds because the security has to be strictly managed and personalized for each Barclays’ customer.

Barclays started deploying its strong authentication program in July 2007 and has more than a million devices in use.  As you said, they have stated publicly that not one PINsentry online customer has suffered fraud since then.  They also reported extremely positive user feedback and customer acceptance.

SecurityStockWatch.com: Gemalto also recently announced that its Ezio Thin Reader  (www.gemalto.com/brochures/download/pocket_reader.pdf) is fully certified for MasterCard CAP and Visa DPA.  How does that relate to what Barclays implemented?
 
Jack Jania: This is one of our latest innovations.  Ezio Thin Reader is similar in that it works with smart bankcards to provide online authentication and signature capabilities, but it is thin enough to fit in your wallet. 

It also complies with the latest banking industry standards for OTP authentication – MasterCard Chip Authentication Program (CAP) and Visa Dynamic Passcode Authentication (DPA).  MasterCard and Visa developed these authentication standards to make it easy for any bank issuing smart card-based credit or debit cards to use them for online banking security.

Gemalto can also provide a complete online banking authentication solution around these MasterCard and Visa standards including our Ezio strong authentication server as we recently did for Vietnam’s largest bank, the Bank for Foreign Trade of Vietnam (Vietcombank).

SecurityStockWatch.com: What resources are available for end-users on the Web?
 
Jack Jania: Actually we launched an entire Web site this year for consumers called JustAskGemalto.com.  Current research showed 73 percent of U.S. consumers don’t know where to go to find information on using digital devices and services.  As a global leader in digital security, we saw this as an opportunity to help consumers fully enjoy their digital lifestyle and learn how to protect their personal information as they buy, surf, communicate and travel.
 
The site www.JustAskGemalto.com is a place where people can go for expert advice on topics such as Internet security, online payment, password management, credit card fraud, cell phone usage, identity theft and more.

The Web site’s Q&A formatted content is organized along six themes: Buying, Surfing, Traveling, Communicating, Working and Personal Data.  It also features how-it-works tutorials with 3-D graphics, news, articles, videos and a way to JustAskGemalto questions about these topics.  Written in plain speak, it introduces terms people need to know, explains the benefits as well as risks and offers advice on how to protect oneself.

SecurityStockWatch.com: Thanks again for joining us today, Jack, are there any other subjects you’d like to discuss?


Jack Jania: Your readers know the world is increasingly digital, wireless and interconnected.  What they may not have realized before is how Gemalto is at the center of it, providing personal digital security devices that give people convenient and safe ways to communicate, pay and travel. 

Our clients are primarily blue-chip companies and government agencies, and our technologies and solutions are critical to their operations.  We have a clear view of our role and contribution to society, and a strong base of knowledge and resources to build upon.  Gemalto is a financially strong company and our future prospects are bright. 

I would really like to encourage your readers to learn more about Gemalto, and we just published our 2008 annual report ( www.gemalto.com/investors/).  It is full of really interesting examples of our digital security projects all over the world.  I want to thank SSW for this opportunity to tell your readers a part of our story today.

 

 

 


All trade and service marks are the property of their respective owners

setstats