MK Smart is honored to be in the attends “Vietnam ICT ... · Viet Nam that owns the technology...

MK World of Cards ©2017 MK Group [email protected] www.facebook.com/mkgroup1999 (84-24) 6266 2703 - 513

Certificates & Industry membership

Internal Newsletter of MK Group

MK WORLD OF CARDS Editor-in-chief: Ms. Phan Thi Quynh Hoa – MD of MK Group

Note: All information and images in this internal magazine were collected and edited from various reputed sources by MK Group and used for knowledge -sharing purposes only.

| Email: [email protected]

Headlines:

❖ MK Smart is honored to be in the

TOP 15 global payment card

manufacturers

❖ Banks face new Red Alert

❖ Facial recognition ATMs mandatory

for mainland Mastercard, Visa

cardholders in Macau

❖ Identity fraud reaching ‘epidemic’

levels in the UK

❖ Remote KYC: A competitive

advantage for mobile only banking

Issue #22 | October 2017

MK Group attends “Vietnam ICT Summit 2017” MK Smart is honored to be in the

TOP 15 global payment card manufacturers



MK NEWS

MK Smart is honored to be in the TOP 15 global payment card manufacturers

On September 18th 2017, Nilson Report

announced the list of the leading card

manufacturers in the world. Accordingly, MK

Smart ranked in the TOP 15 manufacturers of

payment cards with 59 million and ranked 8th

in the Visa and MasterCard production.

‘

(*) The illustration provided by Nilson Report Issue 1116 –

September 2017

‘



Nilson Report, in its 46th year of publication, is the most respected source of news and analysis of the global card and

mobile payment industries. Nilson Report has provided a large number of exclusive statistics as well as brief news

detailing the worldwide progress of card issuers and bank card payment, providers and service providers.

Periodically, Nilson Report publishes the world’s largest card issuers and card acquirers, from which provides an

overview of the entire card payment industry and its changes and challenges that the credit, debit and prepaid

industry have to face up with.

In 2016, the card manufacturers shipped 6.43 billion payment cards worldwide, up 3.6% over 2015. Categories shown

here include: MasterCard and Visa credit, debit and prepaid cards; UnionPay credit, debit and prepaid cards;

American Express, Diners Club, Discover, JCB, RuPay, Maestro and ATM and local-market-only credit, debit and

prepaid cards; and retail, oil, medical, airline, fleet and other private label credit and debit payment cards. The

issuance of EMV cards also reduced the number of mag-stripe cards being produced in 2016.

In the card payment field, the top eight manufacturers maintained their same rankings as in 2015. As a group, these

manufacturers shipped 3.7 billion payment cards in 2016, a decline of 366.4 million units, or 9.1% compared with

2015.

One of the striking points of this reports is that MK Smart – a member of MK Group – was named to be one of the

companies with impressive growth in the number of cards produced in 2016 (up 58.2 million), followed by Toppan

Printing, Japan (up 27.5 million), Rosan Finance, Russia (up 11.7 million).

According to Nilson Report, MK Smart ranked in the TOP 15 manufacturers of payment cards in 2016 with 59 million

cards, surpassing DZ Card Thailand to become the largest card manufacturer in Southeast Asia. Especially, MK

Smart was the 8th in the list for Visa and MasterCard payment card production . In 2016, the total cards produced by

MK Smart were 167 million with more than 60% of which exported to Japan and many Asian and Latin American

countries.

After 14 years of development, MK Smart became one of the reputable names in the card industry, keeping up with

the long-standing manufacturers in the developed countries, such as Gemalto, Oberthur, Giesecke & Devrient,

highlighting Vietnam in the map of major card manufacturers in the world.

MK Smart was founded in 2003 as a member of MK Group. Currently, MK Smart is the leading company in

Southeast Asia in the field of smart card manufacturing for the telecommunication sector (SIM card), banking –

financial sector (mag-stripe card and chip card), enterprises and organizations. MK Smart is the unique company in

Viet Nam that owns the technology and experience in chip cards, SAM cards, encryption and security fields.

MK Smart owns the two card plants located in Quang Minh Industrial Zone in Hanoi and Saigon Hi-Tech Park in Ho

Chi Minh City with the largest and most modern in Vietnam as well as in the region. With Visa, MasterCard, JCB,

UnionPay financial card manufacturing certificates, MK Smart has been trusted by the most banks in Vietnam as well

as in Asia – Pacific for the high quality, reasonable price and fast delivery time.



MK Group to attend The International Smart City Conference and Japan ICT Day 2017

On October 25th – 26th, 2017, the two important events of Vienam’s IT industry, including The International Smart

City Conference and Japan ICT Day 2017 will be taken place in Sheraton Saigon Hotel. These two events are

organized by the Ministry of Science and Technology and Asia - Pacific Oceania Computing Association. The event

has attracted the attention of many prestigious local and foreign IT companies, such as Microsoft, IBM, Amazon,

FPT, VNG, MK Group and other companies from Japan, such as Japan External Trade Organization (JETRO), IT

Services and Technology Association of Japan (JISA), Kansai Electronic and Information System Association (KEIS),

Japan Embedded Systems Technology Association (JASA), Information Industry Association of Tokyo (IIT) and

Japan Information Service Innovation Partners Association (JASIPA).

The International Smart City Conference held on October 25th, 2017, the main theme will focus on a number of

issues related to the orientation and strategy of building smart city. For example, research and analyze the

opportunities and challenges on building smart city; Develop evaluation index and measurement method of smart

city and build the operating center of the city.

At the Japan ICT Day 2017 held on October 26th 2017, there will be a series of seminars on improving the close

cooperation between Japan and Vietnam IT companies under the new technology trends, such as modernizing IT

infrastructure, ensuring IT security and building sustainable IT human resources. One of the highlights of the event

is the announcement of the list of top 50 ICT companies in Vietnam 2017, in which MK Smart – a member of MK

Group – will be honored.

In the framework of these two events, MK Group – MK Smart will join a showroom to introduce Smart solutions for

Smart City to Southern companies as well as the partners from Japan and Asia. Comprehensive solutions, such as

smart card ecosystem including a variety of solutions, ranging from data management, issuance to the research and

development of in-built card application; authentication and secure data widely applied in almost online activities,

e-government; Smart Solution for Transportation including card issuance solution and automated fare collection,

built on the basis of contactless smart card technology and compatible terminals, ensuring the smooth traffic flow

and bringing the convenience to modern life.

MK Group hopes that through these events, the products – solutions exhibited and introduced at the event will help

strategic planners and IT companies to have more effective and suitable choices fitting with their goals and budgets

in finding Vietnam IT company partners as well as to implement projects related to smart city as well as to improve

security of the organizations.



Entrust Datacard, a leading provider of trusted identity and secure transaction technology solutions, announced the introduction

of the Entrust Datacard ioTrust security solution. The solution delivers a secure and trusted digital infrastructure that safeguards

data between devices, sensors, and backend platforms connected within an Internet of Things (IoT) ecosystem. By applying

digital identities managed through definable policy — the ioTrust security solution allows companies to do business in new

ways and create the trusted products and experiences that these environments demand.

Today, digital businesses are striving to create new business models that turn stand-alone products into highly interactive and

connected services, but are faced with a variety of challenges ranging from complicated integrations and extended deployment

timelines to mitigating safety and privacy concerns. The ioTrust security solution is based on enterprise-grade encryption

technologies and leverages Entrust Datacard’s 30 years of expertise in establishing identity-based, trusted infrastructures for the

world’s most secure environments. With capabilities such as identity, authentication and authorization, credential lifecycle

management, and secure communications the ioTrust security solution helps organizations securely connect the people, applications

and devices that power the connected world. The ioTrust security solution speeds deployment timelines, allowing organizations to

more quickly realize business value in areas such as process optimization and automation, supply chain visibility, and delivery of

new services. The Entrust Datacard ioTrust security solution is designed to secure IoT data across a variety of industries including

industrial control systems, automotive, telecommunications and manufacturing supply chains.

“Unlike existing solutions that have been simply repurposed from IT environments, Entrust Datacard has spent several years

working with customers and ecosystem partners to design a solution that recognizes the unique needs of IoT environments and

incorporates sound security practices,” said Josh Jabs, vice president of PKI and IoT for Entrust Datacard. “We’ve created a solution

that allows organizations to enhance their service offerings, improve the user experience and enable new business models while

leveraging a trusted infrastructure.”

The ioTrust security solution provides a trusted Internet of Things by:

• Enabling a secure and trusted ecosystem of people, applications and things throughout the IoT value chain

• Providing greater visibility into the security of the supply-chain, spanning from device manufacturer to the final product

• Reducing time-to-market and total cost of ownership by helping organizations to develop solutions based on

heterogeneous device categories and profiles

• Empowering organizations to leverage existing infrastructures and devices, while supporting new products and services

without the need to “rip and replace”

• Facilitating the secure and timely delivery of data and outcomes generated by trusted people, applications and things to the

value-creation engine.

(Entrust Datacard)

Entrust Datacard Drives Trusted Business Outcomes and Secures the

Internet of Things through ioTrust™ Security Solution

PARTNER NEWS



VIETNAM NEWS

Banks face new Red Alert

The Authority of Information Security (AIS) released an official document warning financial institutions and commercial

banks of a malicious code Red Alert 2.0 on Android-powered devices.

Android trojan Red Alert 2.0 is the latest- and growing-threat to online banking applications and is being sold on the dark

web at $500, AIS said. While other banking trojans are developed from older ones, Red Alert 2.0 is newly coded. It is able to

steal login information, SMS and contacts as well as fake and overlay installed apps on users’ devices. Moreover, Red Alert

2.0 can intercept and record calls from banks and financial institutions to clients to prevent them from receiving account

hacking alerts. Experts said at least 60 online banking and social network apps were targets of the malware, the Tin tuc

(News) reported.

According to the AIS, Red Alert 2.0 appears on third-party app stores disguising popular apps such as WhatsApp or Viber

as well as update versions of Flash Player. Once downloaded and installed, Red Alert 2.0 waits to launch when users open

up a banking or social media app, then adds an overlay on top of the original app stating that there has been an error and

requesting customers to re-authenticate their account. Usernames and passwords entered by victims are recorded by Red

Alert 2.0 and transmitted to its command and control server to hijack the account. Additionally, the malware is

painstakingly coded to suffocate two-factor authentication techniques by intercepting text messages on infected phone and

allowing attackers to enter the secondary code sent to users.

Red Alert 2.0 is sophisticated enough to easily steal users’ information. Since it is being sold on hacking forums and the dark

web, criminals may buy it to operate attacks targeting Vietnamese banking accounts.

The AIS warns users not to download and install apps from third-party app stores and suppliers. Simultaneously, they need

to check app copyrights before installation.

Users should not arbitrarily enter username and password or answer questions of banking accounts and credit cards. They

also should use reliable anti-malware firewalls and follow authorities’ warnings and instructions.

To banks and financial institutions, the AIS recommended users check their apps and send warnings to their users of Red

Alert 2.0. In case of emergency, they can also contact the AIS via 024.3943.6684 or email [email protected] for assistance. Since

the beginning of 2017, experts have detected several attacks targeting Android apps, especially online banking platforms.

In Vietnam, many banks have launched their own mobile banking apps including Vietcombank, BIDV, Agribank or

Techcombank.

(Vietnamnews)

❖ From October 1st – November 31st, 2017, in order to pay

tribute to customers who have used the previous version of

VCB-Mobile B@nking service, Vietcombank runs the special

promotion programs for individual customers with unique

activation status at the previous version of VCB-Mobile

B@nking on September 30th 2017 based on the data recorded

on Vietcombank’s system. Accordingly, customers will

receive a free of charge for the maintenance service of VCB-

Mobile B@nking in the next 3 months.

❖ From October 2nd to November 30th 2017, PVcomBank

implements the program namely “Fun in the right place,

swipe the right way” for customers newly opening

PVcomBank Mastercard credit cards with various appealing

incentives.

❖ From September 25th to November 25th 2017, MB Bank

credit card cardholders will be reimbursed up to 5%

(maximum 500,000 VND per card) when shopping at Pico

supermarket nationwide with the invoice from 5,000,000

VND.

❖ National Payment Corporation of Vietnam (NAPAS)

cooperated with Highlands Coffee, GongCha, Golden Gate

restaurant chains to implement the program namely

“Experience Samsung Pay – Touch to pay and get incentives

with local ATM cards” for customers of Vietcombank, BIDV,

Vietinbank, Sacombank, Shinhan Bank, ABBank from now

until December 31st 2017 with many attractive vouchers.

(Collected from Internet)

VIETNAM NEWS IN BRIEF



BIOMETRIC NEWS

The Monetary Authority of Macau (AMCM) has made facial

recognition technology a mandatory requirement for all

mainland withdrawals made by Visa and Mastercard

cardholders at automated teller machines (ATMs) starting in

September, according to a report by Macau Daily Times.

Currently, there are several ATMs in Macau that are using

facial recognition technology for Union Pay customers in an

effort to combat money laundering as well as the central

government’s strategy to prevent capital outflows from the

mainland.

Now, these regulations will reportedly be extended to

mainland cardholders of other major card-issuing companies.

The practice has led to an increase in withdrawals at Hong

Kong’s ATMs by banking clients using China UnionPay bank

cards.

Local residents that are using cards registered to a Macau

account will not be subjected to facial recognition technology

when withdrawing cash from ATMs.

The banking industry in Hong Kong believes that if Macau

implements the policy mandating facial recognition scanning

for all Visa and Mastercard cardholders at ATMs the

government will be able to fully supervise mainland

residents withdrawing money in Macau.

Facial recognition ATMs mandatory for

mainland Mastercard, Visa cardholders in Macau

An ATM equipped with facial-recognition system in Macau.

In addition, some believe that adopting facial recognition

technology can help the supervising entity and the Macau

government to learn more about mainland residents’ capital

flow abroad.

AMCM requested in early July that any ATMs not equipped

with know-your-customer (KYC) technology to cease cash

withdrawal services for mainland China UnionPay (CUP)

cards to provide legal safeguards for financial institutions and

CUP cardholders, as well as increase the effectiveness of

monitoring ATM cash withdrawals by mainland CUP cards.

(Biometricupdate)



SECURITY NEWS

The UK saw a record 89,000 cases of identity fraud in the first six

months of the year, according to Cifas.

Cifas said the crimes were taking place almost exclusively online,

and that the vast amount of personal data available on the

internet and as a result of data breaches “is only making it easier

for the fraudster”.

Simon Dukes, the Cifas chief executive, said: “We have seen

identity fraud attempts increase year on year, now reaching

epidemic levels, with identities being stolen at a rate of almost

500 a day … Criminals are relentlessly targeting consumers and

businesses, and we must all be alert to the threat and do more to

protect personal information.”

Identity fraud is one of the fastest-growing types of cybercrime,

and experts say criminals are using increasingly sophisticated

tactics. Fraudsters have increasingly been hacking into email

accounts and then posing as a builder, solicitor or other

tradesperson that the consumer has legitimately employed. Some

customers have lost considerable sums after being duped into

sending money to the bank accounts of criminals.

In many cases, victims do not even realize they have been

targeted until a bill arrives for something they did not buy, or

they experience problems with their credit rating when applying

for a mortgage or loan.

Identity fraud reaching 'epidemic' levels in the UK

To carry out this kind of crime successfully, fraudsters need

access to their victim’s personal information such as name,

date of birth, address and bank. Fraudsters get hold of this

in a variety of ways, from stealing letters and hacking emails

to obtaining data on the “dark web”, and exploiting some

people’s willingness to share every detail of their life on

social media.

Experts say that the public needs to change their behavior to

prevent such attacks.

Phil Beckett, Managing Director of Global Disputes and

Investigations at Alvarez and Marsal, said: “The UK anti-

fraud organization Cifas recently released statistics

highlighting that identities were being stolen at the rate of

almost 500 a day. This is a truly shocking statistic and

highlights how much at risk we are all in in today’s online

world."

"More importantly than anything is not to get complacent or

be ignorant of the threat. A good starting point on this is to

perform a holistic vulnerability assessment based on one of

the well-defined frameworks that provides an organisation

with a benchmarked assessment of their controls and

readiness as well as a path to improvement."

(Securitydocumentworld)



CARD & PAYMENT NEWS

State Bank of India issued a statement on Monday urging

customers to apply to receive an EMV bankcard to replace their

existing magnetic stripe card. SBI asked customers to apply via

online banking.

SBI said in the statement that:

“All esteemed customers of State Bank of India are hereby

informed that it has been decided by the bank that all the

magstripe debit cards which are in blocked state as on Feb. 28,

2017, and to all such requests for blocking thereafter will remain

blocked permanently. …

Instead, free EMV chip cards have to be issued to them. The

affected cardholders are to be advised to apply for replacement

EMV chip card through internet banking or by approaching their

home branch.”

In 2016, SBI blocked millions of its debit cards as a precautionary

step after reports of suspicious transactions. According to the

National Payments Corp. of India, as many as 641 customers of

19 banks were duped of 1.3 crore rupees ($202,900 ) using stolen

debit card data. The breach reportedly involved approximately

90 ATMs.

(ATMmarketplace)

State Bank of India permanently

blocks non-EMV cards

KFC has rolled out Alipay's facial recognition technology at a

restaurant in the Chinese city of Hangzhou, enabling hungry

patrons to pay for their chicken with a smile and their mobile

phone number.

At the restaurant, customers place their order by scrolling

through a menu on a large touchscreen before looking at a 3D

camera and then entering their mobile phone number to

authenticate payment.

The camera scans the customer's face and uses a "live-ness

detection algorithm" that can detect things like shadows to

prevent people from using photos and videos to trick the

system.

The technology, first demoed by Alibaba chairman Jack Ma in

2015, is currently only in a single KFC KPRO healthy-eating

restaurant but more deployments are set to follow.

(Finextra)

Alipay 'Smile to Pay' tech

comes to Chinese KFC



The required procedures for Know Your Customer (KYC) have finally broken free of branch-based

face-to-face meetings, and now enable banks to use videoconferencing and biometrics to verify a

customer’s identity remotely. This is a big deal; early implementation of new KYC processes can

seriously enhance the mobile banking customer user experience, making services more attractive

and convenient with the added bonus of being a much more cost-effective alternative.

In today’s digitized world, where mobile banking now exceeds branch banking and consumers

manage a vast array of daily tasks directly from their devices, it seems curious that they should still

be required to visit a bank branch to open an account. As regulations change, each European Union

country has its own Anti Money Laundering (AML) Authority regulations relating to identity

verification, meaning banks in some countries can now offer alternative remote identity checks.

Balancing security and convenience in different KYC models

Remote KYC: A competitive advantage for mobile only banking

Performing KYC has, traditionally, been a face-to-face affair. This process of identity

verification, which enables banks to ensure that a customer’s commercial interactions are

accurately attributed to that individual, has historically required customers to take paper-

based ID into a branch, where a bank representative will judge if they are indeed the same

person that is pictured on their ID credentials.

Widely known as in-person KYC, this process is not only inconvenient for customers, it is

also questionable from a security perspective. In-person KYC relies completely on the bank

representative. Human error introduces opportunities for fraudsters to present tampered ID

credentials, for example, or for criminal collusion to take place between the bank

representative and the applicant.

Beyond the branch

As mobile adoption has grown, banks have been under increasing pressure to find digital

alternatives to in-person KYC. According to CACI research, consumer visits to retail bank

branches are set to drop 36% between 2017 and 2022, with mobile transactions rising 121% in

the same period. Specifically, in the next five years, CACI estimates that 88% of all

interactions will be mobile.

The level of engagement that mobile apps can enable between a bank and its customers is

incredible, so the race is on for banks to develop a seamless digital customer experience,

particularly when onboarding new customers. Effective remote KYC will provide a

competitive advantage for true mobile banking.

Videoconference KYC: the next step

Videoconference KYC implementation usefully offers banks the chance to verify the

applicant’s identity remotely, but remains dependent on the operator’s human capacity to

match the person to their documentation, and also to identify when fraudulent activity is

taking place.

While videoconference KYC undoubtedly makes the KYC verification process easier for the

customer, it can make things harder for the bank. The complexity of the process is increased

because the operator has had no physical contact with the customer. Each country has its

own technical requirements for videoconference KYC. To maintain security controls are in

place and tampering with the image quality will lead to rejection of the application and

require the customer to visit a store.

Both face-to-face and videoconference KYC depend on a weak point in the verification

process: the human validation of the applicant’s identity.



One mitigating step is to implement automatic biometric face recognition within videoconference

KYC. This has serious potential. It can combat many of the model’s security frailties and enable

banks to embrace this model as a stepping stone toward the delivery of a fully remote KYC

solution.

Fully Remote KYC

This process utilizes automated controls for identity verification and provides the highest level of

convenience for customers. By replacing human judgement with other identity technologies, higher

levels of verification accuracy can be achieved in a fraction of the time. The lack of regulation,

however, coupled with regional variations in this area, are making the industry reluctant to engage,

meaning that live implementations of secure, seamless and fully remote KYC remain scarce.

Biometric technology is a true enabler

In all cases, the introduction of automated biometric verification technologies is the key to making

KYC faster and more convenient for customers. For each model, technologies such as digital face

and fingerprint recognition systems can provide additional security, either by replacing the

operator’s judgement entirely or by confirming their judgement and alerting them to anomalies

that may otherwise have gone undetected.

A face matching score can be used as a risk indicator during Videoconference KYC, for example. If

the matching score is low, the bank representative could ask the applicant to produce additional

forms of ID. Conversely, if the score is high, the identity verification process could be streamlined.

Furthermore, the validation will be completely transparent for the users, improving their overall

service experience.

The sophistication of Biometrics technology is increasing rapidly and is now widely accepted by

customers, gradually removing the need to remember strong passwords. Hacking the system is not

impossible. Indeed in May, the Chaos Computer Club in Germany posted a video showing that it

could fool the retina scanner using a photo and a contact lens. Clearly investment in friendly

hacking must continue if consumers are to be kept safe, but nonetheless, it is proof that the

technology is now becoming mainstream in preventing massive identity theft attacks. New

biometrics technologies are in constant development and, over time, will become increasingly

accessible to the consumer.

Fingerprint scanners, for example, are evolving to map the whole hand, not just read the

fingerprint. Comparatively, the finger is a small area, and when combined with the vein

structure another layer of security can be established. Hackers recently proved they could

hack the fingerprints displayed in celebrity photographs. Such a move would be far more

difficult to recreate if the celebrity’s fingerprint had to be combined with their unique vein

structure.

This type of payment authorization technology, known as naked payments, is already being

trialled in Chicago where palm secure touchless readers use infrared to take a photo of the

vein structure to enable consumers to pay for items such as their morning coffee or

newspaper. This removes the need to carry cards and cash as well as your mobile phone.

There is little doubt that the deployment of biometric readers in bank branches would surely

help combat in-person KYC fraud. However, it remains expensive and in many ways fails to

answer the remote access needs of today’s digital customer.

If banks are already trusting remote biometric technology to authorize payments and account

access, why should it not also be used as a form of fully remote KYC? Here, the customer’s

biometric verification takes place on their device and requires no human validation. In this

model, the possibility for human error is mitigated and the desired remote customer

experience can be achieved. The complexity of this solution lies in the verification of the ID

document itself.

What is the answer? A step by step approach

To answer the needs of an increasingly digitized customer base, banks must move toward a

fully mobile and digitized service experience, one that includes a fully remote ID verification

process that enables them to onboard new customers.

This will not happen overnight, however. In the meantime, videoconference KYC can

provide an interim solution which, despite being cumbersome to manage from the bank’s

perspective, could reduce time-to-market.

Biometric verification technologies are key enablers of digital and remote KYC and can be

used to replace or augment KYC processes that depend on human judgement.

Fully remote KYC, powered by biometrics, is the future. There is little doubt that banks that

can develop and harness this technology quickly stand to gain an early-mover competitive

advantage in the new era of digital financial services.

(Paymentscardsandmobile)

Remote KYC: A competitive advantage for

mobile only banking (continued)



Copyright© 2017 by MK Group www.mk.com.vn | [email protected] | www.facebook.com.vn/mkgroup1999 Hanoi: F11th, TTC Tower, 19 Duy Tan Str., Cau Giay Dist., Hanoi, Vietnam | Contact: (84-24) 6266 2703 Ho Chi Minh City: F7th, Thien Son Building, 5 Nguyen Gia Thieu Str., District 3, HCMC, Vietnam | Contact: (84-28) 3930 5023

MK Smart is honored to be in the attends “Vietnam ICT ... · Viet Nam that owns the technology...

Documents

Transcript of MK Smart is honored to be in the attends “Vietnam ICT ... · Viet Nam that owns the technology...