February 27, 2006 - NY Times
Cyberthieves Silently Copy Your Passwords as You Type
Most people who use e-mail now know enough to be on guard against "phishing" messages that pretend to be from a bank or business but are actually attempts to steal passwords and other personal information.
But there is evidence that among global cybercriminals, phishing may already be passé.
In some countries, like Brazil, it has been eclipsed by an even more virulent form of electronic con — the use of keylogging programs that silently copy the keystrokes of computer users and send that information to the crooks. These programs are often hidden inside other software and then infect the machine, putting them in the category of malicious programs known as Trojan horses, or just Trojans.
Two weeks ago, Brazilian federal police descended on the northern city of Campina Grande and several surrounding states, and arrested 55 people — at least 9 of them minors — for seeding the computers of unwitting Brazilians with keyloggers that recorded their typing whenever they visited their banks online. The tiny programs then sent the stolen user names and passwords back to members of the gang.
The fraud ring stole about $4.7 million from 200 different accounts at six banks since it began operations last May, according to the Brazilian police. A similar ring, broken up by Russian authorities earlier this month, used keylogging software planted in e-mail messages and hidden in Web sites to draw over $1.1 million from personal bank accounts in France.
These criminals aim to infect the inner workings of computers in much the same way that mischief-making virus writers do. The twist here is that the keylogging programs exploit security flaws and monitor the path that carries data from the keyboard to other parts of the computer. This is a more invasive approach than phishing, which relies on deception rather than infection, tricking people into giving their information to a fake Web site.
The monitoring programs are often hidden inside ordinary software downloads, e-mail attachments or files shared over peer-to-peer networks. They can even be embedded in Web pages, taking advantage of browser features that allow programs to run automatically.
"These Trojans are very selective," said Cristine Hoepers, general manager of Brazil's Computer Emergency Response Team, which runs under the auspices of the country's public-private Internet Steering Committee. "They monitor the Web access the victims make, and start recording information only when the user enters the sites of interest to the fraudster." She added: "In Brazil, we are rarely seeing traditional phishing."
According to data compiled by computer security companies in 2005, the use of "crimeware" like keyloggers to steal user names and passwords — and ultimately cash — has soared. The crimes often cross international borders, and they put Internet users everywhere at risk.
"It's the wave of the future," said Peter Cassidy, the secretary general of the Anti-Phishing Working Group, a consortium of industry and law enforcement partners that fights online fraud and identity theft. "All this stuff is becoming more and more automated and more and more opaque."
Mr. Cassidy's group found that the number of Web sites known to be hiding this kind of malicious code nearly doubled between November and December, rising to more than 1,900. The antivirus company Symantec has reported that half of the malicious software it tracks is designed not to damage computers but to gather personal data. Over the course of 2005, iDefense, a unit of Verisign that provides information on computer security to government and industry clients, counted over 6,000 different keylogger variants — a 65 percent increase over 2004. About one-third of all malicious code tracked by the company now contains some keylogging component, according to Ken Dunham, the company's rapid-response director.
And the SANS Institute, a group that trains and certifies computer security professionals, estimated that at a single moment last fall, as many as 9.9 million machines in the United States were infected with keyloggers of one kind or another, putting as much as $24 billion in bank account assets — and probably much more — literally at the fingertips of fraudsters. John Bambenek, the SANS researcher who made the estimate, suggested that the infection rate was probably much higher.
In most cases, a keylogger or similar program, once installed, will simply wait for certain Web sites to be visited — a banking site, for instance, or a credit card account online — or for certain keywords to be entered — "SSN," for example — and then spring to life.
Keystrokes are saved to a file, Web forms are copied — even snapshots of a user's screen can be silently recorded. The information is then sent back to a Web site or some waiting server where a thief, or a different piece of software, sifts through the data for useful nuggets.
The Federal Deposit Insurance Corporation, responding to the growing threat of cybercrime to the financial industry, stiffened its guidelines for Internet banking in October, effectively ordering banks to do more than ask for a simple user name and password. But it stopped short of requiring, for instance, the use of electronic devices that generate numeric passcodes every 60 seconds, which many experts say would help foil much online fraud, including the use of keyloggers.
Technology for grabbing text and screen images is not new — or particularly sophisticated. Keyloggers are even sold commercially, as tools for keeping an eye on what children are doing online, or what a spouse might be doing in online chat rooms. And while most experts agree that data-swiping software is spreading rapidly, there are some who say the problem has been exaggerated.
"I get concerned that we're scaring people off the Internet," said Alex Eckelberry, the president of Sun-Belt Software, a maker of antispyware software based in Clearwater, Fla. Mr. Eckelberry believes that the infection rate is probably far lower than most estimates indicate, in part because the trend is hard to measure and so many computers are already protected.
"There's a lot of hyperbole out there," he said, adding that his company has identified only about 30 keyloggers over the last six months, most being variations on a piece of code known as Winldra.exe.
That code proudly bears the copyright signature of its creators, "Smash and Sars," who also happen to be the proprietors of a Russian site, RATSystems.org, which is well-known among traders at online swap meets like theftservices.com and carders.ws/forum that traffic in confidential personal data — or the means to steal it.
"Smash is one of the revolutionaries," said one member of a trading site, who insisted on anonymity because the sites are often watched by law enforcement. "If you're entry-level and want a keylogger, that's who you're going to go to," he said, adding, "It's a simple, cheap way to make money."
In fact, keylogging's simplicity may be why it is suddenly so popular among thieves. "Phishing takes a lot of time and effort," said David Thomas, the chief of the computer intrusion division at the Federal Bureau of Investigation. "This type of software is a much more efficient way to get what they're after."
The programming, too, is often trivial. "These can be developed by a 12-year-old hacker," said Eugene Kaspersky, a co-founder of Kaspersky Labs, an international computer security and antivirus company based in Moscow.
Being wary of unfamiliar Web links sent via e-mail is a first-line of defense, according to experts, as is avoiding questionable downloads and keeping up to date with Windows patches and antivirus updates.
It is worth noting, however, that in a test of major antivirus programs conducted by Ms. Hoepers's group in Brazil last fall, the very best detected only 88 percent of the known keyloggers flourishing there. In this country, victims of fraudulent money transfers are typically limited to $50 in liability under the Federal Reserve's Regulation E, so long as they report the crime quickly enough — within two days. If they report it within 60 days, their liability is capped at $500.
One Florida man has had trouble getting that kind of protection. In a closely watched case, Joe Lopez, the owner of a small computer supply company in Miami, sued Bank of America after cybercrooks were able to use a keylogging Trojan planted on his business computers to swipe bank account information and transfer $90,000 to Latvia.
Bank of America says it does not need to cover the loss because Mr. Lopez was a business customer — and because it is not the bank's fault that he did not practice good computer hygiene. Mr. Lopez claims he did, and that in any case, Bank of America should have done more to warn him of the risks of computer crime. That risk is one that Mr. Kaspersky believes is in danger of getting out of hand.
"I'm afraid that if the number of criminals grows with this same speed, the antivirus companies will not be able to create adequate protection," said Mr. Kaspersky, who added that the time has come for increased investment in law enforcement and far better cross-border cooperation among investigators, who are overwhelmed by the global nature of cybercrime.
"There are more criminals on the Internet street than policemen," he said.
Beating the credit card fraudsters
It's been a long time coming, but South Africa's fraud-prone mag-stripe credit cards will soon be a thing of the past. A well timed media briefing by Nedbank this week showed that EMV technology is scheduled to make its presence felt — and it's not a moment too soon, as credit card fraud cost the industry an estimated R100-million last year alone.
Getting to this stage though has been a frustrating battle for the sector that has had to contend with extended delays in the introduction of smartcard technology.
18 months late
EMV (acronym for developers Europay, Mastercard and Visa), the global standard for secure microchip embedded credit and debit cards, should have been implemented in South Africa more than 18 months ago. Well-placed industry sources say implementation could be further delayed to Christmas unless the industry cooperates to sort out technical hitches more quickly.
Implementation requires an upgrade of all point-of-sale (POS) devices at retail outlets to enable them to read microchips embedded in the cards.
"We were ready to roll out the first cards in September 2003, we had promises and commitments from our competitors for a sector-wide launch in May 2004, that was pushed out to November that year, not everybody has kept to their promises," says Walter Vonke general manager, Group Payment Systems at Absa, who also chairs the local EMV Forum Steering Committee which is looking at industry-wide implementation.
Deadlines came and went during 2005, and it seems likely that the latest self-imposed deadline of February 2006 will also be missed.
The success of the initiative requires industry-wide implementation and means no single bank is willing to break ranks with the other for fear of compromising the long term public image of the new products.
None of the banks admits to being a laggard in implementation. All say they expect to be ready within months.
Banking Association CEO Cas Coovadia, whose body represents the umbrella interests of the sector, says the industry is committed to the EMV standards but describes implementation as "very challenging".
"There is no 'go-live' date as yet but the banks are intent on having the basic systems and compliance procedures in place as soon as possible so that the standards can be rolled out with the least possible disruption of services to clients," says Coovadia.
The newly appointed card division head at Standard Bank, Barry Fergus, who previously headed up the Barclaycard JV, was instrumental in the implementation of EMV in the UK market. He says it's unlikely to happen in South Africa before the third or fourth quarter this year.
SA has its own message format
"It's been a bigger challenge than anyone expected. The problem is that South Africa has its own message format and EMV can't be automatically transposed onto local systems as was thought originally," says Fergus.
Banking group Nedbank, which has the smallest retail footprint of the big four South African banks, says it plans to be ready by the beginning of the second quarter.
"Efforts are focused on high volume merchants as a first priority," says head of card innovation at Nedbank, Joy Rees.
American Express transactions
Settlement of American Express chip card transactions however will be addressed separately — Nedbank does not disclose the technical detail, but says the Amex issue, possibly because of its US base with other technical considerations beyond what is being built in Europe, will be addressed only after the mainstream products are EMV compliant.
It has taken more than seven years to develop the systems and specifications to allow transactions between chip cards and terminals on a global basis, and South Africa will be a beneficiary of that global experience.
Next generation cards have loop aerial
While the new smartcard technology offers the very latest in cutting edge security, a new generation of cards is already being developed that have an embedded inductive loop aerial which allows them to work in proximity to a contactless card reader.
At present EMV cards have a chip that must come into contact with the reading device, but the new generation cards are already in use in Europe with various toll roads and public transport systems, including the London Underground making use of them.
PATH to go 'smart card' route soon
Tuesday, February 21, 2006 By TOM DAVIS STAFF WRITER
When he's at a turnstile, Blair Sadewitz wishes he could pull out a plastic card, hear a "beep" and hop on a PATH train to New Jersey.
"I don't understand why they don't have a more permanent card," said Sadewitz. "The cards they have now bend, and they get lost easily."
In June, Sadewitz may get his wish. The Port Authority of New York and New Jersey plans to roll out its $73 million "smart card" system that's expected to make traveling easier for more than 210,000 daily riders on the PATH.
On Monday, the Port Authority demonstrated how the card, which contains a computer chip, will eventually replace the magnetic-strip technology at the turnstiles.
Similar to E-ZPass, the turnstiles now have sensors that read the card -- no direct contact is necessary -- and deduct money from a prepaid account.
The cards can be read through clothing and can work as much as six times faster than MetroCards or QuickCards. The Port Authority hopes to attract people who won't ride the PATH because they're fed up with finding change for a fare.
"Our job is to move people around the region," Chairman Anthony Coscia said. "We think ultimately this will pay for itself many times over."
Though the World Trade Center station was nearly empty, some holiday travelers stopped to watch a Port Authority representative on Monday wave the card over a "touch here" sign to activate a turnstile.
Some riders asked Marc La Vorgna, a spokesman for the Port Authority, if they could buy one from him. Not until the summer, he said. "I've worked at jobs where they have it. It's so much better," said Sadewitz, who travels to New Jersey once a week to visit friends, or go to the doctor.
The Port Authority also has upgraded its ticket machines to allow riders to add single or multiple fares to their smart card accounts. Eventually, the cards could be linked to a credit card and replenished automatically when balances run low.
If a card gets lost, they'll get replaced, Lavorgna said. Customers won't lose money from their prepaid account.
The Port Authority recently entered a "test phase" by presenting the cards to 10 senior citi-zens. So far, it's working, Coscia said. "You test the living daylights out of it before you implement it," Coscia said.
The Port Authority hopes to eventually expand the system to link to NJ Transit, the Metropolitan Transit Authority, the Long Island Rail Road and Metro North.
NJ Transit officials have expressed some concerns about the project's costs. Last year, however, the agency signed a "memorandum of understand-ing" with the Port Authority and MTA to move forward with developing smart card technology.
"We're trying to use state-of-the-art technology," Coscia said.
State Department issues first e-passports
WASHINGTON, Feb. 22 (UPI)
The State Department has started issuing electronic passports on a trial basis.
Diplomats received the first e-passports containing radio frequency "contactless chips" and face recognition technology in late December. The e-passport contains a chip, which is embedded into the cover of the document and includes a digital image of the traveler, as well as their name, date and place of birth, gender, passport number and dates of passport issuance and expiration, GovExec.com reported Tuesday.
Privacy advocates have raised concerns over the possibility of someone in close proximity to the passport-holder who could use a chip reader to "skim," or steal, personal information from passports.
Low-frequency RFID chips be read from up to 20 feet, but the department has maintained e-passports would include chips that only can be read from "approximately four inches" away from the source.
To ensure privacy and safety, the department said the front covers of e-passports have a built-in anti-skimming device. It is akin to "wrapping them in tin foil to prevent the radio frequency signal from getting through," Jay Stanley, communications director at the American Civil Liberties Union's Technology and Liberty Program, GovExec.com said.
The e-passports also are equipped with an encryption feature to prevent the interception of information by a third party, it said. The estimated cost for the government to produce e-passports would increase from the current $2.40 to more than $10 each, according to documents obtained by the ACLU. Applicant fees for new paper-based passports currently total $97 each. When e-passports are issued to all later this year, the passport fees for first time applicants will remain the same, according to the State Department.
Chip and PIN to guard e-commerce at home Monday
February 20, 11:01 AM
Following the chip and PIN deadline for high street stores, APACS last week said that it is now working on ways to transpose the system for internet shopping to combat web-based fraud.
The payment authentication organisation expects online fraud to rise as a result of the high street rollout, which it initiated. Sandra Quinn of APACS said that it is currently involved in discussions with merchants and financial institutions in an effort to reach agreement on a web version. This would see users connect a device such as a card reader to their home PC, to verify online transactions.
"Chip and PIN will provide us with the main platform [for preventing online fraud] and in a couple of years time we will have handheld devices [to achieve this]," Quinn said. "We have already finished developing standards for the terminal, because it has to be attractive for the customer to use."
However, Steve Carr from payment solutions provider eFunds argued that many online merchants are discouraged from deploying fraud prevention solutions because of the impact they may have on the user experience. "As a retailer you want internet shopping to be a smooth, pain free and reliable experience for the customer, he said. It's a balancing act between the cost of fraud to them, the cost of a [cure] and the need for an acceptable level of customer quality.
Carr also saw problems with achieving a single solution. "The question is who is responsible [for a unified service]. It is likely that the banks will compete on the services they can provide and the large retailers go it alone," he added.
Nathan Jackson of software verification specialist CyberSource said there were also question marks over who would manufacture and distribute the necessary hardware.
Instead, Jackson said he supported two-factor authentication systems such as MasterCard's SecureCode and Verified by Visa, which rely on an additional password to authorise online transactions. "Payer authentication initiatives[ like these] are an evolution in the right direction," he added. "The good thing is that they don't require extra devices, use globally accepted methods and protocols, and our figures show they are [gaining in popularity]."
However, merchant uptake in the UK has been low so far, while the system is limited to Visa and MasterCard payments. Ian Tansley of John Lewis Direct said the company is currently signed up to Verified by Visa and MasterCard's SecureCode schemes, although he recognised that the card giants have not promoted their services very actively up until now. "But we are aware of bank trials [of chip and pin devices] and would welcome any developments to make transaction seven more secure," he added.
Comment by PHILIP Andreae
The person quoted here is under the misguided assumption that SecureCode and Verified by Visa represent two factor authentication. They do not, they are simply a convergence of two pieces of information in the context of "what I know" a form of single factor authentication.
See FDIIC Article below
Momentum Building Towards a "Cashless" Society
New Research From TowerGroup Explores Market-Ready and Evolving Technologies
Driving Evolution of Consumer Payments Landscape
Monday, 20 February 2006
While futurists have spun predictions of a "cashless" society since the middle of the last century, momentum is gathering that may turn this vision into reality in as little as 10 years. New research from TowerGroup finds that a combination of market-ready and emerging technologies is aligning to drive a majority of consumer payment transactions from cash toward other payments "form factors" - including the Internet, mobile and contactless payments.
"By 2015, a substantial share of consumer payments globally will have moved from cash to other payment mechanisms," said Theodore Iacobuzio, managing director in TowerGroup's Executive Research Office and content lead on the European Banking & Payments practice at TowerGroup. "Many of these new form factors are already being tested in broad consumer settings in countries around the globe - from contactless payment terminals and fingerprint recognition payments, to mobile and micropayment roll-outs."
Highlights of the research include:
"Ultimately, control of the payments network itself will be more important than changes in the form factor of payments," said Iacobuzio. "While certain non-traditional players may make headway in taking share of new payments mechanisms, TowerGroup believes that the payments network as a whole will remain firmly in the grip of financial services institutions - though the definition of what constitutes such an institution is currently in flux. The nature of payments form factors should ultimately be irrelevant to financial institutions, as long as they are willing to engage in innovative partnerships to keep up with both technology and consumer desires. If they ignore the issue, however, they could lose the ball."
A smart card that does it all
February 17, 2006
For students upset with long queues, lengthy forms and infuriating admission procedures, Mumbai University has a cure-all: smart cards.
The cards, which will be introduced in June 2007, will function as a debit card, library card, gate pass and will also have a brief CV of the student embedded in it.
The card is being introduced as a part of the university’s plans to upgrade its IT capability by implementing Enterprise Resource Planning (ERP). The upgradation will make admission, examination and administration procedures more efficient.
“Even students with institutes affiliated with the university can use the facilities like the university library, online admissions, and fee submissions after the smart card is introduced,” said Dushyant Kothari, honorary co-ordinator of the University Computerisation Centre, who is overseeing the entire project.
Fourteen vendors including Wipro Technologies, HCL, TCS, Patni, L&T and Siemens have submitted their bids for the tender.
Difficult to institute
However, students aren’t upbeat about the card. “The computer literacy rate in all the streams is dismal. Commerce and arts students receive computer education only at the third year level. The upgradation will benefit very few students,” says Awesh Bhornya (19), SYBSc, Elphinstone College.
Adds Kavitha Mishra (20), a MA II student, “It will obviously benefit students, but I don’t know how many students are skilled enough to use the facility.”
On the anvil is a system whereby students will be able to receive exam alerts, form-filling deadline alerts on SMS after registering on the university’s website.
Canada: MasterCard moves on chip cards
February 17, 2006
According to Card International, for quite some time, card industry observers have expected Canada, one of the world's most plastic-laden societies and among the first countries to embrace PIN-based debit, to pioneer chip cards.
Apparently, the waiting is over, MasterCard is set to introduce chip cards in Canada through 12 of its card issuers and five leading acquirers by 2010. MasterCard, which has 17 commitments to date on the migration to chip, has an early stranglehold on the chip-enabled market in Canada.
"The time was right," said William Giles, vice-president of emerging technologies at MasterCard Canada. "We've learned a lot from our chip card roll-outs around the world and we'll use what we learned as we migrate in Canada from magnetic stripe to chip over the next few years."
Giles said that rather than roll out chip cards in phases, MasterCard Canada will work in unison with issuers, acquirers and consumers to overhaul Canada's card acceptance infrastructure.
The Canadian MasterCard issuers are: ATB Financial; BMO Bank of Montreal; Canadian Tire Bank; Capital One Canada; Citibank Canada; Credit Union Electronic Transaction Services; GE Money Canada; HSBC Bank Canada; MBNA Canada; National Bank of Canada; People's Trust; and President's Choice Bank. The acquirers are: First Data Loan Company; Global Payments; Moneris Solutions; Paymentech Canada; and United Network Payment Solutions.
The new cards will use EMV, the international smart card payment standard, and cardholders will use PIN numbers to authorize transactions on the cards. As of year-end 2004, there were 28.5 million MasterCard cards issued by Canadian financial institutions. MasterCard Canada's goal is to completely migrate to chip by 2010.
Earlier this year, Visa Canada announced a move to chip by 2010 as well, as responsibility for fraudulent activity shifts to the retailer if it has not installed compatible terminals by this date. Visa Canada recorded the first chip-to-chip transaction in 2005 and the program is expected to pick up speed by 2008.
Historically, Canada has rapidly embraced new banking technologies and the high rate of card penetration in the country makes it an ideal choice for expanding the chip-enabled empire. There are about 35 million debit cards in circulation in Canada, in addition to a combined total of 53.4 million credit cards issued by both Visa and MasterCard, according to the Canadian Bankers Association.
Interchange Caps Not Wanted, C-Stores Chief Tells Congress
(February 15, 2006)
The battle over interchange, which has already spawned some 47 antitrust suits against the bank card networks and major banks, reached the U.S. Congress today as advocates for both retailers and banks traded sometimes barbed arguments before a panel holding a one-day hearing to look into the networks’ pricing mechanism. Members of the Subcommittee on Commerce, Trade, and Consumer Protection of the House Committee on Energy and Commerce heard a merchant representative deny retailers are seeking price controls and accuse the card associations of engaging in price fixing and of keeping secret key rules affecting merchants’ acceptance costs. On the other side of the divide, a speaker for the associations charged that the plaintiffs in the suits filed so far “probably assume they can extort a settlement” from the bank networks.
In fact, this remark from former Federal Trade Commission chairman Timothy J. Muris provoked the most comment from members of the panel, some of whom called it extreme. Muris, now with O’Melveny & Myers LLP, a Washington D.C. law firm, testified on behalf of the Electronic Payments Coalition, an organization recently formed by the payment networks. He told the panel that, instead of trying to end the price fixing arrangement they allege lies behind interchange, merchants are actually seeking price caps. “It’s not that they don’t want prices fixed, it’s that they want them fixed [at a lesser rate],” he said. “Such caps will inevitably increase card prices to consumers.”
But Henry Armour, president and chief executive of the National Association of Convenience Stores, countered that far from seeking price regulation, merchants want a stronger negotiating position with respect to the banks, which he said are able to virtually dictate terms because of their hammerlock on the general-purpose card market. “We’re not talking about price controls or caps,” he told the panel, pointing out that Visa USA and MasterCard International refuse to disclose their operating rules and regulations, leaving retailers in the dark when it comes to practices that could affect the rates they pay for card acceptance. Armour’s association, along with three other retail trade associations, sued Visa, MasterCard, and several major banks over interchange last September (Digital Transactions News, Sept. 26, 2005). He said U.S. merchants pay among the highest interchange rates in the world, despite high volumes of transactions, cost-efficient technology, and low fraud rates.
Muris disputed this claim, arguing that rates in the U.S. are lower than in all but three other countries, which he did not name. Muris also said the merchants’ demand for “transparency” with respect to network operating rules is a “smokescreen.” “They know what the interchange fee is,” he said. On the question of merchants’ negotiating position, Muris took issue with the concept of a monolithic bank card interchange rate, arguing that merchants pay different rates depending on their size and ability to negotiate with acquirers. “It’s simply wrong that individual retailers haven’t negotiated [better rates],” said Muris.
Questioned by members of the panel, Armour said his association has looked into the idea of forming a competing payments network as an alternative to litigation, but so far finds the idea impractical. “We’ve had those discussions for six years,” he said. “The economics of it are just cost-prohibitive to launch a competitive product. We continue to look at it.”
The subcommittee, which has oversight responsibility for the FTC, is chaired
by Rep. Cliff Stearns, R-Fla.
2000 Purchase Street
Purchase, NY 10577-2509
February 16, 2006
Dear MasterCard Shareholder,
I want to update you on our progress with the implementation of our new governance and ownership structure.
Since Baldo Falcones and I wrote to you in August 2005, I am pleased to report that we have made excellent progress. As you know, we presented our proposals to you for approval in November 2005 and received your overwhelming support. Since then, we have made progress on all aspects of the transition including identifying our first independent directors and forming a new MasterCard charitable foundation. Overall, we were on track to complete the transition to our new governance and ownership structure in the first quarter of 2006.
In the midst of this smooth progress, I received some personal news that I want to share with you, and which we expect will delay our transition to a new structure until the second quarter of 2006. I was recently diagnosed with prostate cancer, which many of you probably know is a particularly common form of cancer among men over the age of 50. I was fortunate to have been diagnosed at an early stage when the prospects for a full recovery are excellent.
This week, I underwent surgery and I am delighted to inform you that the operation was successful. I am already at home and my prognosis is excellent. I will work from home over the next couple of weeks, with strong support from a highly experienced management team. I expect to be back in the office in early March.
While I have already resumed my normal responsibilities, I have been advised not to undertake a demanding travel schedule, such as a road show, over the next couple of months. We expect that this, combined with the timelines for our first quarter results, will mean a delay in our transition to a new structure until the second quarter of 2006.
As Baldo and I mentioned in our previous letter to you, the new structure will mark the start of a new chapter in MasterCard’s history. I am personally looking forward to leading us there, to bringing even greater value to our customers and to delivering excellent business results.
The management team and I appreciate and thank the Board for its full support.
President and Chief Executive Officer
Labor worried by Medicare smart card
February 17, 2006 From: AAP - Australia
OPPOSITION foreign affairs spokesman Kevin Rudd said he is worried the issue of a Medicare smart card will turn into a ``de facto identity card debate''.
Under plans to be considered by Federal Cabinet, patients will be able to
get instant Medicare rebates by swiping their cards in the EFTPOS machine at their doctors' offices.
The smart card proposal, pushed by Human Services Minister Joe Hockey, could be funded in this year's Federal Budget.
Mr Hockey said it would improve service delivery.
But Mr Rudd said Labor was worried about the plan and had not given it the
Mr Hockey said there would be ``basic information'' on the card.
``(But) we haven't settled on the identifiers yet,'' he said.
However, he said he did not want to end up like Britain, which had recently voted to introduce a national ID card with 13 identifiers, including 10 fingerprints and two eye retina scans.
``There's no way we are going as far as that,'' Mr Hockey said.
``My card is focused on service delivery first and proof of ID second.''
The Law and Economics of Interchange Fees
February 15, 2006
Witness List & Prepared Testimony
The Honorable Timothy J. Muris Of Counsel
Mr. Henry Armour
Ms. Karen Kerrigan
Mr. Edmund Mierzwinski
and no one succeeded back then!
What about after EMV and the central Bank or the Mint says its Ours, we produce the money - physical or electronic?
The Myth Of The Cashless Society
Liz Moyer, Forbes 02.14.06, 12:00 PM ET
NEW YORK - Every day, $3 trillion passes through the trading desks and clearing operations of JPMorgan Chase, and that's just one of thousands of U.S. banks. It's not money in the sense most of us understand; it's computer data. But it's good enough for the world governments, major corporations, fund managers and others who need banks to move their money around and park it where it belongs.
Money is becoming much more of a concept than a physical entity, and most ordinary mortals haven't really noticed the switch. People are using credit and debit cards in more and more everyday situations, from meals purchased at fast-food restaurants and fuel purchased at gas stations to movies, groceries, sundries, highway tolls and clothing. Even New York City taxicabs are rigged with electronic card readers.
Increasingly, paychecks are electronically deposited, and the money for the bills they pay--mortgages, utilities, cable and phone--are paid electronically as well. Banks offer incentives to consumers for using these direct-pay options, which allow them to keep better tabs on their customers and their money. Welfare and food stamps are issued on cards, which can be downloaded at the register or through an automatic teller machine.
The Federal Reserve Bank said 2003 was the year electronic payments trumped checks as the method of choice. That year, there were 44.5 billion e-payments, compared with 36.7 billion checks.
The $100 bill exists, but many retailers won't accept it. The $50 is heading in that direction, too, and there are periodic cries for the elimination of the lowly, yet annoying, penny.
Still, there is something compelling about cold hard cash. You can count it with your hands. You can roll around in it and make origami with it. It's the currency of choice for tooth fairies and grandparents, panhandlers, migrant laborers and off-the-books household staff. Let's not forget mobsters and drug lords.
In the years since the Sept. 11, 2001, terrorist attacks and the 2003 blackout, people on Internet chat boards have typed up a storm about how they are preparing for a national emergency. One of the enduring themes: Most are stowing away a big wad of crisp $20s. If bribes are going to be needed in a post-Armageddon world, they're probably not going to be offered with a credit card.
There is a lot of cash to go around. Some $731 billion worth of Federal Reserve notes are in circulation, mostly in $100 bills ($529 billion of them), followed by $20, $50 and $10 notes. The $1 bill trails all of them in terms of bills outstanding.
Paper currency in circulation has climbed steadily through the decades, according to the U.S. Treasury, totaling just $81 million in 1975, which was about $380 for every person in the United States. Last year, the total added up to about $2,578 in circulation for every American. The calculations are adjusted for population growth. There is an additional $35 billion of U.S. coins floating around, not counting those owned by collectors.
Why is all this cash around when we're supposed to be moving to a digital economy? Cash is anonymous, untraceable and perfectly negotiable. Aaron McPherson, the research director for payments at Financial Insights, explains, "It's less efficient, but there are still a lot of people who just prefer it."
In the last few years, there has been an ever-louder drumbeat of pundits saying the world is moving to eliminate cash, but the many businesses that have popped up in the hope this would come true--Bitbux, Digicash, CyberCash, Flooz, Netchex and PayPal, to name but a few--have found only limited success, or have died, or have been merged into other companies.
Privacy (or the lack of it) is an issue. These chip cards, debit and credit cards and other forms of cashless payments are huge opportunities for data gathering, and indeed, behind-the-scenes marketing firms are scraping off Internet sites as much information on individual spending habits as they can.
To combat terrorism and counterfeiting, the federal government has put more monitoring and restrictions on cash transactions, forcing banks to disclose far more about customer-account activity than ever before.
The Fed has reissued what currency collectors call the "big-headed" bills, complete with magnetic stripes and watermarks, the better to foil counterfeiters. Check-cashing storefronts, the financial institution of last resort for the millions of Americans who lack bank accounts (the so-called "unbanked"), are drawing scrutiny for usurious lending practices and are being forced to reform.
But as much as the government is pushing for the acceptance of digital payments as a substitute for cash, in a way it is against its own interests to do so. Private-payments companies threaten to take away the government's ability to control the money supply and benefit from seigniorage, the difference between the cost to produce the money and its face value. That's potentially a huge source of income loss to an already strapped federal government.
US Warms to Mobile Commerce
Research firm predicts the digital wallet will be a reality in the United
States by 2007.
After a decade of false starts, the era of the electronic wallet may be finally dawning in the United States as mobile commerce moves beyond ringtones and wallpaper, a research firm said Tuesday.
While consumers in Japan, South Korea, and the Philippines have grown increasingly accustomed to making payments using their mobile phones, the practice is not common in the United States.
That will change beginning in 2007, said Dan Schatt, the senior analyst at Boston-based Celent who wrote the report. Celent predicts that the mobile commerce market in 2006 will be worth $24 billion, with Japan and South Korea accounting for nearly 60 percent of the total.
In 2008, that figure is expected to more than double to $55 billion. And with four out of five Americans subscribing to mobile service by then, the United States will take a larger share.
Driving the trend is the growing number of so-called 3G handsets, which carry
more data. The number of 3G phones in the United States has finally topped 50 million, creating
what Celent calls “critical mass.” The report came as mobile firms gathered at the 3GSM World
Congress in Barcelona to plot the industry’s future (see Skype Moves to 3G Phones).
Exploit or Miss
The rise of mobile commerce represents a large opportunity for banks and carriers to either exploit or miss, Mr. Schatt said. If banks cede ground to upstarts like Google on mobile transactions, the forfeited profits could be huge.
More than $1 trillion of commerce is completed each year with a “ticket” size of $10 or less, according to Celent. The shifting landscape poses a similar challenge for carriers. Cooperation between banks and carriers is the solution, Mr. Schatt said.
“Anyone who bets against bandwidth is going to lose,” he said.
Startups will have a chance to profit as well. Companies that help banks and carriers stave off irrelevancy at the hands of Google or Paypal/Skype will find a ready market, said Mr. Schatt.
“There’s a place for technology that can insert itself in the ecosystem and help facilitate mobile commerce,” Mr. Schatt said.
Celent’s prediction that commerce over the handset is gaining traction in the United States jibes with what Vesta, a Portland, Oregon-based company that provides remote handset payment technology for carriers is seeing.
“This year we expect several implementations from major carriers,” said Matt Hall, Vesta’s vice president of business development.
Inconsistency Threatens Contactless-Payment Rollouts, Expert Warns
(February 16, 2006)
For all the progress banks and merchants have made so far with contactless payments, further success is threatened by inconsistent approval criteria for components ranging from chips to readers, an expert in radio-frequency-based payment warns. That inconsistency, he says, is driving up costs and breeding frustration among vendors. “It’s just very confusing to a lot of folks,” says Erik Michielsen, director of RFID and M2M research at ABI Research, Oyster Bay, N.Y.
Michielsen says banks and their card associations should work now on improving communication among themselves to bring greater consistency to the way they certify contactless-system components. “It’s important the market gets streamlined,” he says. “It’s better the industry confronts this issue now rather than wait another year.” Otherwise, he warns, the problem will only magnify as shipments build up to meet the demand expected on current trends. According to figures ABI has compiled, there are now at least 120,000 contactless readers in place at retail outlets. Between 11 million and 12 million cards and other specially equipped tokens were issued last year to consumers, a number Michielsen says will “more than double” in 2006.
Although Visa USA, MasterCard International, and American Express Co. have based their contactless programs on the ISO 14443 standard, which permits interoperability between the systems, Michielsen says the card companies apply different criteria in evaluating inlays, tokens, and other equipment. He expects Discover Financial Services LLC to begin rolling out the technology, as well, which could exacerbate matters. The need to comply with inconsistent criteria, he warns, forces parts makers to build units in smaller batches, undermining the economies of scale that normally stem from commercial rollouts. “Companies have to do smaller-batch designs,” Michielsen says, while “everyone is begging for lower prices and higher-performance products.”
Michielsen says he has spoken to about 48 component companies, with at least half of them citing the problem. “They’re frustrated,” he says. While he doesn’t advocate a cross-network committee or other group to work out the issues, he says the card companies are going to have to learn to communicate with one another more effectively. “There has been some cooperation,” he says. “There needs to be more cooperation.”
In contactless-payment systems, which began to see commercial rollouts last year, consumers pay at the point of sale by waving or tapping a card or other token near or on reader that receives radio waves from the token. These waves carry card-account data, with the radio link-up replacing conventional card swipes. The technology, which is now migrating to mobile phones as well, is seen as a means of replacing cash transactions at high-throughput outlets.
Four More Counties in Sweden Join Regional Smart Card Transit Fare Collection System; ``Resekortet'' System Will Connect Rail and Bus Services Throughout Southern Sweden
SAN DIEGO--(BUSINESS WIRE)--Feb. 14, 2006--
Cubic Transportation Systems Limited, a subsidiary of San Diego, Calif.-based
Cubic Corporation (AMEX:CUB), has received contracts totaling approximately 73.3 million SEK or
US$9 million from four additional counties in Southern Sweden to provide smart card fare collection
systems that will link the counties to "Resekortet," the multi-modal smart card-based fare collection
system that will connect rail and bus services throughout Southern Sweden.
This expands Cubic's contracts in Sweden to cover five counties, and increases the contract value to $31 million. These contracts were executed as options through Skanetrafiken, the transit operator for Skane, Sweden, the region's largest county.
Cubic is designing and delivering a system for Skanetrafiken that will connect all rail and bus fare collection operations for public transport in Skane through use of a common smart card for fare payment.
The four additional counties that have joined Resekortet are Blekinge, Kronoberg, Halland and Jonkoping.
Each of the counties will receive fare collection systems similar to Skane's, which will include software, a communications network, back office computer systems and equipment for processing fare collection on the buses and trains and at rail stations. The processing equipment comprises driver control units; smart card validators and ticket issuing modules for buses; and ticket vending machines, platform validators and handheld devices for rail.
All five counties -- Skane and the additional four -- will cooperate with the new contactless smart card fare system and will be able to provide complete interoperability within all the participating counties in Southern Sweden.
"By joining the regional system, each of the participating counties is making a commitment to greater access and convenience for their customers," said Nigel Bryant, managing director of Cubic Transportation Systems Limited. "Resekortet provides the infrastructure used in emerging smart card systems around the world for seamless fare collection and revenue management that will strengthen services in Southern Sweden."
These contracts serve as the most recent example of Cubic's presence and dedication to the Scandinavian transit industry. Cubic acquired the Danish company ScanPoint in 1994 and renamed it Cubic Nordic. ScanPoint had long been a major supplier of automatic fare collection systems in Scandinavia.
Cubic Transportation Systems, Inc. is the world's leading full-service systems provider of automated fare collection systems for public transport, including bus, bus rapid transit, light rail, commuter rail, heavy rail, ferry and parking. Cubic's solutions and services include system design, back office computer systems, support equipment, equipment design and manufacturing, device-level software, integration, test, installation, warranty, maintenance, computer hosting services, call center services, card management and distribution services, financial clearing and settlement, multi-application support and outsourcing services.
Every year, nearly 10 billion rides are taken worldwide using Cubic fare collection systems. Cubic has delivered over 400 projects in 40 major markets on five continents. Active projects include London, New York/New Jersey region, Washington, D.C./Baltimore/Virginia region, Los Angeles region, San Diego region, San Francisco, Minneapolis/St. Paul, Chicago, Atlanta, Vancouver and Edmonton, Canada, Brisbane, Australia, Singapore, Bangkok, Thailand, China and Scandinavia.
Microsoft promises Passport redux with ‘InfoCards’
Saving Howard Ting
Published Tuesday 14th February 2006 20:06 GMT
Chairman Bill Gates began his speech today at the RSA security conference with a joke. “I am really happy to be here at RSA,” Gates said. “My other invitation was to go quail hunting with Dick Cheney. I’m feeling very safe right now.”
(An interesting crack for a man who hands out tons of money to Republican politicians.)
This quip garnered a fair amount of applause from the RSA crowd here in San Jose. Gates, however, spent the next hour trying to avoid the usual rounds of snickers and giggles that accompany any Microsoft security presentation. It was Gates the straight man all the way.
“I think we are making progress, but it is a very big challenge to make sure security is not the thing that holds us back,” Gates said.
Much of Gates’ security pitch centered on advances customers should see in the upcoming Windows Vista operating system and complementary “Longhorn” Server. In addition, Microsoft plans to go after the multi-factor authentication market with force by making its OS, database and identity management packages work well with technology such as smart cards and trusted web sites.
For example, Microsoft presented one demo in which a poor chap – Howard Ting in the Windows Server Group – lost his laptop, smart card and cell phone at the same time. Instead of being defeated by his incompetence, Ting turned to Microsoft’s tools for help.
In the make believe demo world, Ting’s manager tossed him a one-time password, which the employee used to set up his own smart card at a Microsoft campus kiosk. Ting entered the password and had Microsoft’s Certificate Lifecycle Manager, which is in beta today, retrieve certificates from Active Directory and place them on the card.
“In the past, you had to wait for an hour or even several hours while someone manually provisioned the card,” Ting said.
Next, Ting popped the smart card into an old laptop. Security tools in Vista communicated with Longhorn Server, notifying Ting that his laptop did not have the software updates needed to bring the system in line with Microsoft's network security standards. (The laptop must have been at least a week old.) Using Microsoft’s NAP (Network Access Protection), the laptop automatically retrieved the updates in a quarantine mode and gave Ting access to the network. This allowed Ting to start working again without needing to bother an administrator.
BoFHs everywhere rejoiced.
In the last step, Ting visited a cell phone seller’s web site, which recognized his identity automatically. (More on how this was done later.) Without entering a user name or password, the site authenticated Ting and picked out a phone that matches Microsoft’s spending policy for such a device. Presto! Ting was back in action.
“Thanks to Microsoft my day just got a little bit better,” he said.
We’ve all had the same thought so many times.
This heartwarming tale highlighted how Microsoft’s upcoming technology can help out the average user. Even if you are a total dolt, you can just keep clicking and recover from total catastrophe. It’s the stuff that dreams are made of, although Gates insisted such technology is just around the corner.
Another major item Microsoft pushed is the concept code-named InfoCards. These online profiles should provide easier log-ons to various kinds of web sites.
You can think of an InfoCard as a type of virtual business card. Each card contains basic information about you such as your name and contact information. Thing is, you have more than one InfoCard, and each one contains different levels of data.
When, for example, you travel to Amazon.com, an InfoCard window will pop up to ask if you’d like to log-on to the site. If you’ve already created a username and password in the past, you simply click “OK.” The InfoCard handles the log-on without requiring you to reenter the information. This no doubt sounds familiar to anyone who lets their browsers manage usernames and passwords on certain sites.
Higher-level InfoCards then handle more important tasks. One of your InfoCards might have your social security number stored, and this card might require a PIN before being using on banking sites, for example.
This seems to be Microsoft’s Passport replacement. Instead of storing everything in one place, Microsoft has used a divide and conquer approach to make you feel safer. And your data is on your PC instead of a Microsoft server.
The InfoCard software runs in a separate, secure compartment from the main operating system, meaning it should be inaccessible to most malicious web sites and script kiddies.
“InfoCard will be delivered as part of WinFX, Microsoft's managed code programming model, and will support Windows Internet Explorer 7 on Windows Vista, Windows XP Service Pack 2, and Windows Server 2003 Service Pack 1 and R2,” Microsoft said.
With Vista, users should find that Microsoft has taken security to “another level,” Gates said. He pointed to a type of multi-tiered browsing scenario where users can set what types of functions they want t work in certain surfing modes. The safe mode might, for example, not allow Active X.
Microsoft will also finally turn off admin mode for most functions in Vista. Users will be able to perform basic tasks in a “standard user” or “protected” mode. Anyone not using a Microsoft operating system will already be well acquainted with this idea.
Vista will also include smart card support and have tools for preventing people from accessing your data if you lose a laptop.
Lastly, Microsoft announced the “availability of the second beta of Windows Defender for existing Windows systems, which includes several enhancements and new functionality that reflects ongoing input from customers. The free beta download is now available for customers running Windows XP, Windows 2000 and Windows Server 2003.”
Of course, the security panacea Microsoft presents at these shindigs never seems to materialize. Anyone watching the demos could see a future full of even more annoying queries and requests doled out by Windows. Clippy may be welcomed back with open arms after you’ve faced InfoCard hell. ®
MULTOS smart card OS gets new owners and new mission
Tuesday, February 14 2006
Holding company, StepNexus, readies the OS for broader application
At the close of 2005, Keycorp Ltd. united with Hitachi Ltd, MasterCard International
and Oak Hill Venture Partners in a joint venture to develop the MULTOS smart card operating system
(OS). Keycorp’s 18 percent stake in the new company amounts to $2.41 million. Hitachi will also
take an 18 percent stake, MasterCard is set for 20 percent and Oak Hill will provide the remaining
The focus of the new company is the continued development of MULTOS (www.multos.com), a multi-application, open source and high security OS for smart cards. MULTOS was initially conceived for Mondex International’s electronic purse technology. MasterCard acquired Mondex and the MULTOS OS in 1996 but handed over the responsibility for MULTOS development to the MAOSCO consortium, a group of smart card and chip companies developing MULTOS compliant products. MasterCard, however, maintained ownership of the original MULTOS intellectual property.
From its inception, MULTOS was designed for use with financial cards. Over
the years, however, its use in non-financial applications grew. A November 30 press release suggested
that expansion into these other markets could be expedited through the new ownership. It is likely
to result in increased financing for development – obviously because of the venture investment
but also because two of the partners (Hitachi and Keycorp) have extensive product portfolios that
rely on OS. Any company would be more willing to fund a technology in which it has ownership,
then one with IP owned by another.
StepNexus is born …
The new holding company will be called StepNexus (www.stepnexus.com). “STEP” is an acronym for Secure Trusted Environment Provisioning and “‘Nexus’ refers to the Trust Centre that provides the key management for Secure Trusted Environment Platforms such as MULTOS smart cards and other new environments that will be announced in the near future,” according Tim France-Massey, MULTOS’ VP Smart Card Marketing & Business Development.
Although the holding companies’ four partners own the intellectual property rights to MULTOS, Mr. France-Massey says “changes to the MULTOS OS specification continue to be managed as an open standard by the 15 members of the MAOSCO consortium as it was before.”
The new company, with offices in San Francisco, Washington D.C. and Asia,
will assume management of the MAOSCO consortium and will explore new markets for MULTOS such as
transit systems, identification cards and electronic passports.
“Right now the biggest growth areas are in finance with our new ‘MULTOS step/one’
product for EMV migration and in the identity space for national ID cards and passports,” says
Mr. France-Massey. “MULTOS is being used for identity documents by a number of governments,” he
adds, “including the Hong Kong Government who is implementing MULTOS for its national ID card
project (and) also for its ePassport project.”
What's in the cards for MULTOS and StepNexus?
It seems that in addition to a life beyond financial cards, MULTOS may have a new life beyond smart cards. “The intellectual property of MULTOS defines not just an OS, but also a trusted mechanism for the secure installation of new application content to secure devices using asymmetric cryptography,” says Mr. France-Massey. “This "StepNexusTM" mechanism can be applied to any trusted environment, whether it be a MULTOS smart card, new trusted smart card run time environments, or completely new secure execution environments such as trusted computing platforms in PCs or PDAs.”
Thales, ASK help tourists get around at Winter Olympics
Tuesday, February 14 2006
Those attending the 2006 Winter Olympics in Turin, Italy are able to get
around quicker, thanks to smart cards provided by ASK that can be used both for public transit
and tolls. Another French company, systems integrator Thales, was involved with a 13 kilometer
transit line in the heart of the city, an important requirement that helps the city cope with
the influx of Olympics-bound visitors.
Thales secures Turin's first metro line network for Olympics
The completion of the advanced access control and ticketing system for the new City of Turin metro in time for the 2006 Winter Olympic Games underlines Thales's ability to deliver world-leading transport systems for major events.
The Turin metro consists of a 13 kilometer line linking the northwest commuter belt of Collegno, with Porta Nuova, a central station in the heart of the city. The addition of this new line was an important requirement for Turin being chosen to host the 2006 Winter Olympics so that the city could cope with the influx of visitors. In the long-term, it will also provide the residents of Turin with a viable public transport alternative to driving into the city. This system will also be the first in Europe in which public transport ticketing has been integrated with car park ticketing, allowing customers to use one ticket for both travelling and parking.
Thales had just one year to deliver the ticketing systems before the start of the Winter Olympics in February 2006. Thales has successfully achieved this, providing the automated ticketing equipment, which has been installed in 15 new unmanned stations built along Line 1. Thales won this contract in February 2005 based on its high score from the technical evaluation, as well as demonstrating successful delivery of similar projects in Naples, The Netherlands and Denmark.
The system Thales has implemented in Turin is comprised of access control equipment with tickets and card readers at all sites and intrusion detection systems. The system, operated by a central server based in Collegno, consists of 183 access control gates, 183 magnetic ticket handling units, 183 contactless card and ticket handling units and 36 automatic ticket vending machines.
As well as the technical considerations, Thales had to take into account specific requirements linked to the Paralympics, which are to take place after the Olympics. Having worked with the Italian association for disabled people to access the needs of this group when travelling by metro, Thales designed the first ever access gate to accommodate disabled people, especially those who are blind or partially sighted. This includes wider gates, a buzzer to warn the passenger and a monitoring device on the floor that reacts to the approaching person, essential in unmanned stations.
In December 2005, Thales received an additional order from the customer, Gruppo Torinese Trasporti (GTT) to equip one of the operator's 20 car parks with a ticketing system that is fully integrated with the transport network. Passengers leaving their vehicles at this car park can now purchase a magnetic ticket at the car park that will cover both the parking and the use of the metro. After delivery of the first car park system in just one month, Thales will now work with GTT to implement the same system in the other car parks and expand it to include contactless tickets. This is the first time such a system has been installed in Europe. The approach has already proven very successful and popular in Hong Kong.
ASK cards drive transit and toll collections
ASK cards and tickets are being used by Gruppo Torinese Trasporti (GTT) and Societa Italiana Traforo Autostrade del Frejus (SITAF) to drive an innovative ticketing and fare collection system during the 20th Winter Olympic Games in Turin, Italy.
GTT led the project to provide a pioneering payment system in the Turin region using ASK's TanGO-based CT4002 contactless smart cards and C.ticket contactless paper tickets. The unified ticketing system provides seamless mobility from SITAF highway toll to city car parks and public transport (Trenitalia and 27 private operators).
Take TanGo for multi-application mobility
SITAF's new "SI.PASS" card, is a multi-application, multi-modal dual interface card that offers a cluster of services for greater mobility in and around town. SI.PASS is branded with 5 different logos and has already been sent to VIPs and the Olympic family. It will also be available from toll booths and railway stations. With a SI.PASS card, visitors can cruise through automatic tolls on the A32 highway or in the Frejus tunnel and make contactless payments in car parks before boarding on GTT public transport.
"We are one of the first companies in the world to offer contactless smart cards for both toll payment and public transport, says Ugo Jalasse, director, SITAF. "The versatility of ASK's TanGO platform allows us to combine GTT transport services with our own, making public transport at this year's Winter Olympic Games a smooth and uncomplicated experience."
Scammers skimming at SilverCity
Friday, February 10, 2006 16:28
SilverCity customers who may have used their debit cards at the theatre to
purchase express movie tickets recently should double-check their financial statements to make
sure there are no unauthorized withdrawals.
According to Pat Marshall, a spokesperson of Cineplex Entertainment, the
company that owns SilverCity in Sudbury, customers at the local cinema may have been the victims
of debit card fraud, or skimming.
“We have been contacted by one of the local banks in Sudbury to advise that
some debit cards may have been compromised from one of our ATMs (advanced ticket machines) located
at our SilverCity Sudbury location,” Marshall said.
Her company was contacted by Interac Association. It had been informed of
the skimming situation by Caisse Populaire.
“We don’t know who is doing this but what we can say from what we know from
working with Interac and local banking associations is that this is generally done by organized
crime,” Marshall said.
“They put in a unit (scanner) that is identical to the unit that is in place,
they might be in for as long as five minutes or two hours, and they’re able to capture data,”
from the debit card.
Because they don’t know how long the skimmers were in place, Marshall said
she isn’t sure how many people may have been victimized or how much money may have been lost.
Greater Sudbury Police Cst. Bert Lapalme, said the bank, not the customer,
ends up being the victim. Customers who notice unauthorized withdrawals in their accounts can
report it to their financial institution and will be refunded.
“In Sudbury, the banks are not putting in formal complaints, they have their
own investigators doing the work,” said Lapalme.
“Some of these financial institutions do not want to let their customers
know that maybe it’s not safe for you to use your bank card. And that’s why most of them will
not file formal complaints.”
Interac is very secure, said Tina Romano, public relations manager for Interac.
“More than 99.9 percent of transactions go through problem free every year.”
“There are incidents of debit card fraud, but customers are protected by
the Debit Card Code of Practise so they will be reimbursed...”
According to Romano, $60.2 million was reimbursed to victims of debit card
fraud in 2004. “If you put this perspective, that is less than 0.1 percent of all transactions.
“Fraudsters use high-tech equipment to copy information from the card, and
in some instances they’ll use hidden cameras to copy the PIN number,” Romano said.
“The most important thing for consumers to do is to protect their PIN.
By Tom Anderson and Steve Gothard
Published: 12 February 2006
Millions of Britons face chaos at the tills next week as "chip-and-pin" credit card technology becomes compulsory for all transactions. From midnight on Tuesday shoppers using plastic will have to enter a four-digit personal code rather than sign for purchases.
Consumer groups said yesterday that management of the changeover to the new cards was "appalling".
The move comes as a survey by a credit card insurer has found half of Britons cannot remember their pin numbers. An estimated half a million people have not received chip-and-pin cards while 13 million old-style cards are still in circulation.
The National Consumer Council attacked banks and retailers for complacency over the new rules. A spokesman said: "We have been calling for over a year for the new chip-and-pin system to be publicised and nothing has been done. It is an appalling situation."
A spokesman for the Association for Payment Clearing Services (Apacs), which is responsible for the change, last night denied Apacs had been complacent. He said: "The programme has been heavily communicated to customers and 98.5 per cent of debit card holders are using their pin all the time."
Millions of Britons face chaos at the tills next week as "chip-and-pin" credit card technology becomes compulsory for all transactions. From midnight on Tuesday shoppers using plastic will have to enter a four-digit personal code rather than sign for purchases.
Consumer groups said yesterday that management of the changeover to the new cards was "appalling".
The move comes as a survey by a credit card insurer has found half of Britons cannot remember their pin numbers. An estimated half a million people have not received chip-and-pin cards while 13 million old-style cards are still in circulation.
The National Consumer Council attacked banks and retailers for complacency over the new rules. A spokesman said: "We have been calling for over a year for the new chip-and-pin system to be publicised and nothing has been done. It is an appalling situation."
A spokesman for the Association for Payment Clearing Services (Apacs), which is responsible for the change, last night denied Apacs had been complacent. He said: "The programme has been heavily communicated to customers and 98.5 per cent of debit card holders are using their pin all the time."
Beyond The MetroCard
by Bruce Schaller
Tired of the “please swipe again” message on subway turnstiles? The Metropolitan Transportation Authority has announced a pilot program to let customers get through the gate quickly and reliably by simply tapping their credit card on a turnstile.
While only a test of a new technology, the pilot program opens possibilities as revolutionary as the MetroCard.
The MTA’s experiment uses an existing technology, the MasterCard PayPass, which is already used at McDonalds, various drugstores and with vendors at the PGA Tour and other sporting events. Citibank MasterCard PayPass credit card holders enrolled in the pilot program will be able to use their credit card or a tag that can be hung on a keychain to zip through the turnstile. In the pilot, every sixth ride will be free as with a pay-per-ride MetroCard. The test is not compatible with unlimited ride passes and will not offer free transfers to buses. Participants will be billed on their monthly credit card bill.
Citibank is footing the cost of installing PayPass readers at 23 stations on the Lexington Avenue line and one station each in Brooklyn and Queens. Only trial participants will be able to use their PayPass-enabled cards or keys in the program. According to the MTA, the test is intended to determine how well the technology works in the New York City subway environment and whether riders would like to use this kind of payment. Experience in Chicago and Washington DC, both of which are far ahead of New York in contact-less fare payment, suggests that riders will flock to more convenient ways to pay the fare. Transit systems in both cities have been offering contact-less “smart cards” for several years. The cards work similarly to a MetroCard in that riders add value to the card at subway stations. There is a $5 fee for purchasing the cards, which can be recharged indefinitely. (The fee has been waived during introductory periods in Chicago.) Like the MasterCard PayPass, smart cards are tapped rather than swiped at the turnstile.
In Washington, over 800,000 plastic rechargeable smart cards have been sold and are used by one-third of Metro rail riders. The cards can also be used on the Metro rail and bus system and at Metro parking lots, and will be expanded to other rail systems in the DC area. DC area riders can now get a Citi MasterCard that doubles as a transit smart card as well. Chicago’s smart cards can be used on the city’s buses and trains and also on the suburban bus system, becoming the first multi-agency smart card in the country. When transit fares paid in cash – but not with smart cards – were raised in January, Chicago’s smart cards became so popular that local retail outlets ran out of them. Even before the fare change, 250,000 smart cards had been issued.
Chicago has two versions of smart card. One version is recharged at subway stations; the other is recharged via the users’ credit card. Like EasyPass tags used to pay bridge and tunnel tolls, Chicago Card Plus accounts can be managed on-line and the account can be automatically replenished when it runs low. The Plus card can be used to pay both per-ride fares and as a 30-day pass. Riders choosing the 30-day option can also “pass back” the card when traveling with others and are charged a separate per-ride fare for those trips.
The PATH system and transit systems in Hong Kong, London, Los Angeles, San Francisco, Boston, Houston, Seattle, Orlando and other cities are in various stages of smart card development and deployment. The PATH system is currently testing its smart card technology in a program that is not directly related to the MTA test.
The smart card systems currently in place or being tested show two approaches to smart card deployment. The primary approach continues the MetroCard concept of having a dedicated transit system payment card that may also be used for parking and other purposes. Like the MetroCard, it requires users to acquire the card and learn how to use it. For regular riders, transit system smart cards offer the convenience of quick entry and all the fare options of plastic fare cards like the MetroCard. Transit system smart cards can be implemented regionally so that travelers need not purchase separate fare media for subway, commuter train, parking lots, etc. As in DC, smart cards can offer the convenience of automatic replenishment.
The MasterCard PayPass is a different and intriguing approach, relying on credit cards that riders may already have in their pocket. It would seem particularly apt for visitors and occasional users who are not likely to want to bother with having a permanent smart card issued by the transit agency. Whether smart cards issued through private banks could or should ever replace the MetroCard – or could have all of the MetroCard’s capabilities such as free transfers and unlimited ride passes – does not seem to be addressed in this pilot.
The two approaches use the same RFID (radio frequency identifiers) technology. The cards use radio frequency to send encrypted account information to readers integrated with the turnstile. The same technology (though different encryption methods) are used by MasterCard, American Express and Visa. Thus, a turnstile programmed to accept MasterCard could also be programmed to accept other credit cards and smart cards issued by transit agencies.
Perhaps the best system would be a combination of transit system-issued smart cards and commercially issued cards. Regular riders would want the dedicated card with the full range of fare payment options. But the visitor could dispense with figuring out the local transit system’s arcane fare rules and just tap their credit card at the turnstile. These riders might not always get the best fare deal, but they probably would not be using the subway enough to want to worry about it.
Either way, the next generation of fare collection technology offers increased convenience and ease of fare payment for transit riders. As is the case now for motorists with E-Zpass, riders will almost never need to think about paying the fare wherever they travel. This will be good for both riders and for transit systems, which are likely to enjoy increased patronage from making their systems easier to use.
Bruce Schaller, who has been in charge of the transportation topic page since its inception in 1999, is head of Schaller Consulting, which provides research and analysis about transportation. He is also a Visiting Scholar at the Rudin Center for Transportation Policy and Management at New York University.
Cash to become a thing of the past?
Published: Friday 10 February 2006
Half of European consumers believe cash will be almost obsolete within 10 years, a study suggests.
Out of the 3,000 debit card holders surveyed, 52 per cent said Europe will be cash free by 2016 but 48 per cent said they would still carry paper and coin currency.
Eric Tomlinson, senior vice president of MasterCard Europe, who commissioned the study, said: "Our research also shows that eight out of 10 still carry up to €50 in their wallets on an average day. Cash remains the fall-back position for too many of the Europeans we surveyed.
"The challenge the payments industry faces is increasing both merchant acceptance and the level of consumer comfort with using debit for lower value transactions, to the point where people don't need to carry cash."
The survey was carried out by KRC Research – a sub-company of MasterCard's UK PR company.
MasterCard is currently pushing its contactless payment product, One Smart PayPass. Using a card or token, consumers can tap a pay point to pay for goods.
Last year one silicon.com reader said people who carry contactless payment cards could be putting their money at risk.
He said: "This introduces a whole new area for fraud - why steal something when you only have to stand within reader distance of someone's wallet or purse?
"Just think, there you are, crammed on the tube - how many of your fellow passengers are surreptitiously querying your contactless credit card? Breaking the encryption of a popular credit card would seem to have a certain potential payback - enough to warrant significant effort I would have thought."
RFID payments on track in Scandinavia
Published: Tuesday 1 November 2005
Ticketing on public transport in Norway and Sweden is being revolutionised by the introduction of a new payment system using RFID smart cards.
The scheme, planned to go live in 2006, is a further endorsement for contactless payment which is growing in popularity, especially in public transport.
With similarities to the Oyster Card programme running in London, the system being introduced on Norwegian State Railways (NSB), by Arcontia and Unified Consulting, will see commuters able to pay for travel using RFID-chipped smart cards.
Unlike Oyster Cards there will still be human interaction with train conductors, who are being equipped with 1,000 pocket PCs with card readers for collecting payment and validating e-tickets.
Benedicte Overgaard, project manager for mobile terminals at NSB, said in a statement: "Working in the train validating and selling tickets is a different environment from sitting in front of a computer in an office. Therefore we depend on ergonomic equipment adapted to the conductors working environment. We are very happy with the slim design and the light weight of the smart card reader from Arcontia that will simplify the work in the train."
Some shops lacking chip and pin
By KBC Business ( Monday, February 13, 2006)
Around one in 10 of the UK's tills will not have been switched to chip and
pin by the deadline on Tuesday night, the group behind the programme has said.
Apacs, which represents banks and credit card companies, said 770,000 out
of 860,000 tills had been upgraded to chip and pin so far.
Businesses which do not have chip and pin are liable for credit card fraud carried out on their premises.
But some small independent shops do not intend to switch to chip and pin.
Smaller retailers who have to buy their own equipment are less likely to switch because of the
up-front costs involved, according to the Association of Convenience Stores (ACS), which represents
Chip and pin cards aim to cut fraud by including a smart chip, which can
store more information than the usual magnetic strips, and also by having users verify transactions
by keying in a pin number rather than signing a receipt.
Over the past two years card issuers have been busy replacing credit and
debit cards in the UK.
But not everyone has been issued with chip and pin cards. Cardholders who
have an old-style chip card and are awaiting a new-style chip and pin card can continue to use
their signature on receipts when making payments.
Shane Brennan, an ACS spokesman, said: "Chip and pin has had massive success
on cutting down on card fraud, but there is growing concern amongst our members that the card
fraud crime is being displaced to other kinds of crime, like theft against retailers."
He urged independent retailers to upgrade to chip and pin where possible.
But overall it seems the majority of businesses will meet the deadline for
Most members of the British Retail Consortium, which represents more than
80% of the UK retail market, have the new system up and running, the body said.
A spokeswoman said: "People have been gearing up to it for a couple of years
now and we've got to the point where we had to put a date on it.
"Our members are ready. It will speed up transactions, especially in places like supermarkets."
Fri, February 10, 2006
Next stop: Smart cards TTC to unveil new fare system, making life difficult for counterfeiters
The move to a smart-card fare system by the TTC would put fraud artists out of business, tech experts said yesterday.
Transit tickets, tokens and Metropasses could be made obsolete by a piece of plastic the size of a credit card, said Catherine Johnston, president and CEO of the Advanced Card Technology Association of Canada.
"Think of it as a computer inside a plastic card," Johnston said. "It has proven to be very counterfeit-proof."
The TTC will unveil the details today of an international fare scam that has cost Toronto taxpayers more than $2 million.
Officials at the transit system haven't discussed details of the latest fare
fraud but a 2004 investigation uncovered a counterfeit ring that was producing $2 million a year
in phony TTC tickets.
TTC chief general manager Rick Ducharme has warned against thinking of smart cards as the cure to counterfeiting but Johnston said the computer chip technology is far more secure than the older magnetic strip found on the back of many credit and bank cards.
In fact, Johnston said banks are quickly moving to smart cards as a replacement for the magnetic strips.
And the higher costs of implementing the system and issuing the cards could be offset by savings realized by eliminating the need to count and handle coins and tokens.
The province will begin to issue the GTA Fare Card -- good for use on transit systems across the region -- early next year, a transportation ministry spokesman said.
The card will have embedded security features, significantly deterring fraud.
Smart card technology is already in use in transit systems around the world including Washington, San Francisco, Hong Kong and London.
But in 1994 Burlington was the first system in North America to fully introduce the technology, said Donna Clegg, the city's director of traffic and transit.
The card has cut down on fare administration costs and allows two-second boarding on the city's buses, said Clegg who is eager to see the technology in use across the GTA.
Sprawl & Crawl - The card alliance -
Published: Thursday, February 9, 2006 7:37 PM EST
It probably won't come as a surprise to find out there's an organization centered around electronic, or smart card, technologies that is located here in Washington. The Smart Card Alliance watches the goings-on at our Metro system very closely and touts many of the advantages of the SmarTrip card. A key component is the ability of SmarTrip and similar cards to collect parking fees electronically, which a study by the American Bankers Association says can increase revenues for the managing institution. Another value is increased customer satisfaction.
The rush to catch trains
On the issue of converting some of Metro's escalators to stairs at some stations, Tom writes: "I can't speak for peoples' experiences at all stations, but have you ever tried to get to the train platform without an escalator just as a crowded train has opened up? When one stairway or escalator/stairway gets crowded, the passengers will head up the other one, leaving me with no way to get to the train, unless I want to wait until it empties, or fight the crowd. I really don't think we can count on the people to have manners and allow for traffic coming in the opposite direction, especially if they are in a hurry.
Pay per parking space
Mark writes in with a truly brilliant idea: "Why not establish taxes on parking spaces to provide the dedicated funding source for Metro? A simple monthly tax of $5 per parking space that each business owns [excluding housing-provider businesses, such as apartment complexes], plus $0.05 per hour for metered parking spaces, would probably go a long way toward providing the dedicated funding needed to sustain Metro. The tax on businesses, public garages, employer-provided parking spaces for employees, customer parking spaces for hotel, retail, restaurant and entertainment establishments, etc. would be easy to calculate: Just count their number of off-street parking spaces and multiply by $5. Whether the space is occupied at any time during the month would be irrelevant. The businesses could then determine whether to pass along this cost to their consumers. Ideally, this tax should be charged to government institutions, but such cross-jurisdictional taxes are probably against current laws.
"Such a tax might give businesses the necessary incentive to promote greater use of public transportation for their employees and customers so that they could reduce their number of available parking spaces."
Gatineau police investigate debit card scam
Last updated Feb 8 2006 08:43 AM EST CBC News
Gatineau police are investigating a debit card scam after more than 200 cards were cloned at a business in the area.
The scam, which happened sometime over the weekend, involved a Royal Bank Interac machine at one business.
The cards were probably copied with a swiping device that duplicates a magnetic strip and registers the PIN number as the client punches it in.
Some of the cloned cards were used to make purchases in other parts of the province.
Most of the affected cards belonged to customers of Desjardins.
Police received about 20 complaints, but the caisses populaires decided to deactivate a couple of hundred cards.
They are investigating to determine where the scam took place and whether the owner or an employee was involved.
PayPass comes to Malaysia
February 10 2006
THREE financial institutions have signed up with MasterCard International for the issuance of MasterCard’s “contactless” payment system called PayPass that replaces cash transactions and reduces purchase time for low value purchases.
MBF Cards (M) Sdn Bhd, RHB Bank Bhd and Southern Bank Bhd are among financial institutions in Malaysia to join their counterparts in the US, Japan, Taiwan, Thailand and the Philippines in offering MasterCard Paypass — the industry’s first globally inter-operable contactless EMV (Europay-Mastercard-Visa) payment solution.
Mastercard International vice- president and country manager (Malaysia and Brunei) Jim Cheah said there are a few more financial institutions which are keen to issue the card in Malaysia.
For a start, over 30 merchant chains in Malaysia will accept PayPass, including Starbucks Coffee, Carrefour Group, MPH Bookstores, Tower Records, Express Rail Link (that operates KLIA Express and KLIA Transit), Airport Limo, Farmasi Vitacare and Isetan.
“The potential is huge as the current working population in Malaysia is about 11.5 million people.
“Generally, the take-up rate for a new technology in Malaysia is pretty quick,” he said in a pre-launch interview in Kuala Lumpur yesterday.
Later, Domestic Trade and Consumer Affairs Minister Datuk Shafie Apdal officially launched the MasterCard PayPass card. Also present were MasterCard key officials from Japan, Taiwan, Thailand, Japan and the US.
When making purchases, MasterCard Paypass cardholders only have to wave or tap their cards on a specially-equipped merchant terminal without having to sign any receipt.
From market trials conducted in Orlando and Dallas in the US in 2003, PayPass has been proven to increase transaction volume, replace 80 per cent of cash transactions under US$25 (about RM93.7) and reduce purchase time of between 12 and 18 seconds compared to cash.
PayPass is an enhanced payment card that features an embedded computer chip and hidden antenna. It is built around globally inter-operable standards to transmit data via radio frequency.
Cheah said since the pilot trials, over five million MasterCard PayPass cards are in circulation globally with over 25,000 merchants having PayPass terminals.
He said financial institutions can either replace the existing chip- based MasterCard with MasterCard Paypass EMV-compliant cards or offer PayPass as a debit card or prepaid card.
Meanwhile, MasterCard International head of product sales and delivery (Asia/Pacific region) Shuan Ghaidan said MasterCard PayPass is ideal for traditional, cash-only environments where speed is essential such as fast-food restaurants, drive-thrus, convenience stores, movie theatres, self-serve petrol stations, mass transit, pharmacies, parking lots and toll roads.
Fraud artists emptying bank accounts in T.O.
Thu. Feb. 9 2006 8:01 PM ET CTV.ca News Staff
A wave of debit card fraud has hit Toronto, emptying people's bank accounts without them knowing about it. Since Monday eight customers at a Scotiabank branch in Toronto have complained that their bank accounts have been compromised.
The process is called "skimming" and it happens very quickly. Thieves set up illegal scanners on automated banking machines to copy the information on your bank card's magnetic strip. Then your secret PIN code is recorded with a hidden video camera.
Armed with those two pieces of information, thieves can make a duplicate card and empty bank accounts. "My card and my PIN number have been compromised," Peter Schwarzinger told CTV's Austin Delaney on Thursday. He thinks it happened when his bank card left his sight for a few seconds at a convenience store.
"It had gone underneath the table momentarily and I guess they must have had a secret camera up behind me and they recorded everything," Schwarzinger said.
About a week later money began disappearing from his accounts. The banks noticed unusual transactions and alerted him that something was wrong. "I feel it's very personal. I couldn't believe it could happen to me." "The odds of it happening are still remote," Canadian Bankers Association spokesperson Caroline Hubberstey said.
About one-tenth of one per cent of all bank cards in circulation were skimmed in 2004. But the frauds are costing the banking industry large amounts of money. According to Interac, the network that connects banks and automated banking machines, that small number of skimmed cards cost banks $60 million.
Hubberstey says it is easy to protect your bank accounts. "If you feel even remotely uncomfortable with a situation, don't do a transaction," Hubberstey said. Experts say the best way to foil skimmers is to cover the keypad with your free hand when entering your PIN code.
Royal Bank of Scotland targets cash with contactless card technology
Published: 08/02/2006 09:57:00
Royal Bank of Scotland is to road-test MasterCard's PayPass contactless cards in the UK as an alternative to low-value cash payments.
The pilot trials, to be run in the Summer, will directly address the market
for quick cash payments below €15.
The PayPass technology can be added to existing MasterCard EMV cards or issued
as a stand-alone card. Currency specific, with a maximum transaction amount of €25 in the Eurozone,
the programme works by allowing the cardholder to 'tap' (or 'dip' if required) their card at the
point of sale and dispenses with the need for PINs or online authorisation.
Alexander Labak, president of MasterCard Europe, comments: "Low value transactions,
where consumers traditionally rely on cash, are the next frontier for debit cards. By breaking
cost barriers and creating a simple alternative to cash, we're creating a more attractive situation
for banks, consumers and merchants."
Nearly 80% of all personal payments in Europe - or 180 billion transactions - are still cash based, while only six per cent are made by payment card, says Labak.
"Our research confirms there is huge potential for substitution of these
15 billion low value cash transactions," he adds. "Clearly a low value payment solution is required
to help the players involved unlock this previously untapped opportunity - we've worked with European
banks to find a win win for them, their cardholders and importantly merchants traditionally accepting
By reducing the average costs associated with each transaction, contactless
card payments can become profitable down to, and even below, five euros, he says.
Iain Clink, managing director, RBS Group Cards Business comments: "We believe
that the use of the MasterCard PayPass contactless technology provides an exciting opportunity
to address the low value payment needs of both consumers and retailers."
Smart cards advance in Canada
Adoption of computer chip-based smart cards continues to advance internationally. This time, it's in Canada. MasterCard Canada announced in December 2005 plans to introduce chip-enabled MasterCard payment cards by 2010.
The project will cost an estimated $1 billion. Twelve leading Canadian card issuers and five prominent acquirers, including First Data Loan Co., Global Payments Inc., Moneris Solutions Corp., Paymentech Canada and Unified Network Payment Solutions, will work with MasterCard on implementing the system.
"The shift to chip is one of the most important changes to the Canadian payments industry since its inception," said Kevin Stanton, MasterCard Canada President. He added that chip cards will bring unprecedented security, convenience and value to consumers and businesses.
Canada's actions are a major step toward widespread smart card use in North America, but the United States has yet to follow suit. The technology and means for infrastructure are there, however, said Randy Vanderhoof, Executive Director of the Smart Card Alliance, an industry trade group.
He pointed to MasterCard's OneSmart chip solution as being all-inclusive, but merchants and businesses need to be convinced. "It's an [exact] chicken-and-egg syndrome," he said.
"Merchants won't take the cards until enough people have them, but cardholders don't want them until they can be used at enough places."
Fraud prevention will serve as the catalyst for U.S. banks to issue smart cards, Vanderhoof said. The argument is that as other parts of the world move to chip cards, fraudsters will look elsewhere for easier targets, mainly here.
Bob Bucceri, General Partner at Chaddsford Planning Associates, said that the U.S. financial system, which differs vastly from those in other parts of the world, has prevented chip cards from catching on here.
Bucceri said increased instances in fraud have corresponded with increases in overall numbers of electronic transactions. "Is fraud really more prevalent proportionately now than five or six years ago?" he said. The answer is no, thus, not providing a real reason to switch to smart cards.
New Visa Credit Cards Get A Facelift
Tuan Nguyen - February 4, 2006 11:00 PM
New Via security featuresVisa's new super secure credit cards leave counterfeiters
scratching their heads
Security in every industry is on high alert nowadays. From RFID to biometric passports, things people use everyday are receiving an upgrade in digital protection. Often times however, digital protection schemes do not offer the promised security that designers originally hoped.
Visa on the other hand, is rolling a new generation of credit cards called the EMV (Europay-MasterCard-Visa) -- a chip-enhanced card that contain a new set of security features that offer dramatically higher chances to avoid being counterfeited. The new cards will use state of the art holographic, ultraviolet light, thermal printing, and design. One of the first few things people will notice is that the original magnetic strip has been replaced by a animated holographic strip with built in security measures. Featuring a flock of doves, the strip will animate in a certain pattern when the card is tilted from left to right.
Other notable features include print that is sensitive to ultraviolet light. The signature panel also has hidden print that will show "void" when it is tampered with. Shining ultraviolet light on the panel will also reveal a repeating Visa logo.
The traditional embossed card number will also receive a face lift. According to Visa, the new numbers can be stamped using thermal print that will change with color depending on heat. The new cards will all feature smart chips integrated into the card.
Visa indicates that the new cards are beginning to enter circulation and the old less secure cards will be phased out by 2010. A large bank in Malaysia named Maybank was Visa's first customer to try out the cards to customers.
FDIC FIL-103-2005 October 12, 2005
The Federal Financial Institutions Examination Council (FFIEC) has issued the attached guidance, “Authentication in an Internet Banking Environment.” For banks offering Internet-based financial services, the guidance describes enhanced authentication methods that regulators expect banks to use when authenticating the identity of customers using the on-line products and services. Examiners will review this area to determine a financial institution’s progress in complying with this guidance during upcoming examinations. Financial Institutions will be expected to achieve compliance with the guidance no later than year-end 2006.
Visa Surpasses Contactless Merchant Milestone: Partnerships with Major Merchants Driving Migration to Contactless Payments
National Brands from McDonald's to CVS/pharmacy Accepting Visa Contactless
Cards, Creating One of the Fastest Adoptions of Payment Technology Ever
SAN FRANCISCO--(BUSINESS WIRE)--Feb. 2, 2006--
Visa today announced it has reached a significant milestone in the acceptance of Visa Contactless by surpassing 20,000 Visa Contactless acceptance locations in the United States. Consumers can make contactless payments at some of the best-known brands in America, including McDonald's, AMC Theatres®, CVS/pharmacy and Meijer.
Significant consumer and merchant demand for contactless payments has made the Visa Contactless platform one of the most rapidly adopted payment innovations in Visa history. To date 4 million Visa-branded contactless payment cards have been issued worldwide - underscoring the continued migration away from cash.
Visa Contactless provides increased speed and convenience at the point-of-sale, making the technology ideal for high-volume, small ticket merchants and their customers. Visa Contactless is one of a number of innovative solutions from Visa, its member financial institutions, and partner merchants that help consumers make their purchases, from food to fuel, more quickly and easily. In addition to Visa Contactless, Visa is helping to drive acceptance and usage of Visa payment cards for small ticket transactions by eliminating the signature requirement on purchases less than $25 in 17 merchant segments. Additionally, Visa is collaborating with terminal manufacturers, merchants, and municipalities to develop solutions for a range of unattended payment terminals where consumers want to use their Visa cards.
"There has been strong momentum for Visa Contactless and small ticket solutions from Visa this year because making the purchase process faster and easier benefits the entire payment chain - members, merchants, and cardholders," said Elizabeth Buse, Executive Vice President for Visa USA. "This momentum will continue in 2006 and beyond. The cash payment market opportunity is $1.2 trillion, and contactless will help drive the migration from cash to electronic payments."
Visa member financial institutions have addressed the demand for contactless around the world. Visa's global experience with contactless payments, which began in 2002, has helped drive the U.S. deployment of Visa Contactless. For example, in Malaysia more than 500,000 contactless smart cards are being issued - the world's first commercial implementation of contactless based on EMV smart card standards.
In the U.S., millions of Visa cards were issued in 2005 with the new contactless feature. Chase has led the way with contactless payments through its launch of over six million Chase cards with "blink." Chase cards with blink were issued in key markets such as Atlanta, Dallas/Fort Worth, Denver, New York, Orlando and Philadelphia, launching the first wide-scale geographic deployment of contactless credit cards. Chase cards with blink can be used everywhere consumers use credit cards now, and blink can also be securely used where contactless payments are accepted including merchant locations where speed and convenience are essential.
More issuers are expected to take advantage of Visa's flexible contactless payments platform in 2006 to launch their own contactless programs.
Merchants continue to adopt the new payment technology at an unprecedented pace. Visa's research indicates that contactless payments have proven to provide faster transaction times, increased ticket size, greater customer loyalty and reduced cash handling - all benefits that translate into increased revenue and reduced operating costs. In addition, transactions are up to 25 percent faster than cash transactions, and in some of the core merchant categories with primarily small tickets and high cash volumes, Visa Contactless transactions are 25 - 50 percent higher than cash transactions.
In the U.S., the number of Visa Contactless acceptance locations is expected to continue to grow significantly as more national merchants in the quick service, convenience store, movie theater and gasoline industries are deploying contactless terminals.
"At McDonald's, we are always looking for ways to better serve our valued customers and improve restaurant operations by offering new conveniences including contactless payments," said Gina Pfeifer, vice president, Business Integration, McDonald's USA. "The demand for payment options is increasing, and by making Visa Contactless payments available at McDonald's, we are further demonstrating our relevance to our customers, meeting their changing needs and providing them with convenient payment options that are faster than cash."
Strong merchant interest has helped drive consumer adoption of Visa Contactless. Throughout Visa's global trials and deployment, cardholders easily grasp the concept of contactless payments, and they cite the unparalleled speed and convenience at the point of sale as key advantages. Because contactless transactions are an average of 25 percent faster than using cash, consumers are able to spend less time in line, creating an enhanced customer experience.
"Anytime you're talking about shaving seconds off a purchase, either through contactless payments or no signature for transactions under $25, it helps to fulfill our mission to be the easiest pharmacy for customers to use," said Josh Flum, Director of Store Technology at CVS/pharmacy.
Innovation remains a key priority for Visa as it looks for opportunities to optimize contactless technology for all stakeholders. Visa International in November announced the expansion of the Visa Smart Breakthrough program to include a new contactless chip solution. The program makes cards, terminals and personalization solutions more cost-effective for financial institutions, merchants and consumers.
On the front-end, Visa designed its contactless platform to have the flexibility to apply to a broad range of Visa products - including credit, debit, and prepaid - and non-traditional forms of payment - such as mini card, key fob, mobile phone and other handheld devices. Visa has already begun testing contactless payments on alternative devices, including a pilot in Atlanta's Philips Arena to test contactless payments on mobile phones.
"As the number of issuers and merchants participating in Visa Contactless grows, consumers will want to explore contactless payment applications on a range of devices, from mini cards to mobile phones, that match their specific interests and lifestyle," Buse said. "Visa recognized early on the potential for contactless to drive emerging forms of payment. Our global experience puts Visa in a strong position to deliver contactless payments through alternative devices."
Banks prepare for switch to smart cards
By Stephen Gunnion, BusinessDay, 3 February 2006
BANKS will be ready to start switching customers to more secure smart cards
from traditional credit cards in the next few months.
Banks are either entering, or have concluded, the final testing phase before
starting to distribute the new cards to customers.
He said Absa would start distributing the cards to a wider customer base in the next two to three months.
Nedbank, which was previously believed to have been lagging behind its rivals, along with First National Bank (FNB), said it was now on an equal footing with the other banks and its software was in the final stages of testing.
FNB said it would start issuing the smart cards to customers in the second half of the year, as many of its cards were up for renewal then.
The new smart cards, which contain microchips, have been developed to global Europay, MasterCard and Visa (EMV) standards.
Credit cards will now require a PIN code, similar to debit cards, which means a card should not leave a customer’s possession. This reduces the chance of cards being copied or used illegally.
Apart from providing more security features than the existing magnetic strip cards, Visa said banks would also be able to introduce other applications to the cards due to the chip technology.
“The initial drive is into the payment space, but beyond that the possibilities are infinite,” said Nick Essame, head of new technologies for Visa sub-Saharan Africa.
Among other features, banks would be able to store loyalty programme data and other information on the new cards, Essame said .
According to Volker, EMV readiness has been staged in phases. Banks first had to upgrade their systems to handle the new technology.
This has been followed by upgrading networks to interface with the banking system and with card issuers such as Visa and MasterCard.
The third phase involves upgrading channels where the banks come into contact with customers, including branch infrastructure, ATMs and points of sale with merchants such as shops and restaurants. Only then can banks start issuing cards to customers.
At this point, he said, the challenge was to ensure all banks had reached the same level of preparedness, as a customer of one bank had to be able to use his card at another bank’s ATM or point of sale.
Volker said that while Absa had been ready to issue cards for a while, it had to wait until other banks’ systems could process the transactions smoothly.
“Not all the banks are quite at the same stage of readiness, but it is fair to say they are now in the final downhill before completion,” Essame said.
New Smart Card Alliance Paper Addresses the Benefits of Smart Cards for Healthcare Applications
PRINCETON JUNCTION, NJ (MARKET WIRE) 02/08/2006
In an era of managed care, specialized medicine, mile-high paperwork, high costs, identity fraud and government demand for secure, portable and confidential patient information, the competitiveness of healthcare providers depends on the proper use of information technology. As a result, the healthcare industry is on the cusp of a move away from error-prone paper and ink toward a more secure electronic world.
A new white paper, Smart Card Applications in the U.S. Healthcare Industry, examines how smart card technology is being incorporated into new healthcare systems to protect and enable convenient access to patient data and support new applications that deliver clinical and administrative benefits.
"The use of smart cards in healthcare is gaining momentum. This white paper explains how its feature-rich, flexible platform provides a practical and portable way to enhance the security and confidentiality of patient information," said Randy Vanderhoof, executive director of the Alliance. "In the long run, the data carried by smart health cards can not only save lives, but can also save the healthcare industry billions of dollars."
The white paper describes the following benefits that smart cards provide in healthcare applications:
-- Support privacy and security requirements mandated by HIPAA
The white paper concludes with profiles of a number of organizations who are implementing smart cards, including the Queens Health Network, University of Pittsburgh Medical Center, St. Luke's Episcopal Health System, Florida eLife-Card, Texas Medicaid, and the French and German health cards. The paper explains how these implementations illustrate the diversity of applications that are enabled by smart card technology and the business benefits that the technology delivers to healthcare organizations.
Individuals from 24 organizations in the Smart Card Alliance Healthcare Council collaborated on this white paper. Lead contributors included representatives from: ACI Worldwide, Axalto, Competech Smart Card Solutions, EMIDASI, Healthmeans, Hitachi America Ltd., Lockheed Martin, Oberthur Card Systems, OTI America, PrivaMed, Inc., Sharp, TecSec, Uniliance Health, U.S. Dept. of Defense, VeriFone, and Visa USA.
The white paper, written for executives and managers, is available at no charge from the Smart Card Alliance web site at www.smartcardalliance.org.
About the Healthcare Council
The Healthcare Council is one of several Smart Card Alliance Technology and Industry Councils, a new type of focused group within the overall structure of the Alliance. These councils have been created to foster increased industry collaboration within a particular industry or market segment and produce tangible results, speeding smart card adoption and industry growth.
The Smart Card Alliance Healthcare Council brings together payers, providers, and technologists to promote the adoption of smart cards in U.S. healthcare organizations. The Healthcare Council provides a forum where all stakeholders can collaborate to educate the market on the how smart cards can be used and to work on issues inhibiting the industry.
Healthcare Council participation is open to any Smart Card Alliance member who wishes to contribute to the Council projects.
About the Smart Card Alliance
The Smart Card Alliance is a not-for-profit, multi-industry association working to accelerate the acceptance of smart card technology.
Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. and Latin America. For more information please visit http://www.smartcardalliance.org.
Cheat Sheet: Chip and PIN - To be feared or cheered?
Published: Tuesday 7 February 2006
What is it?
Oh, that's right, I got something from my bank about this in the mail...
Will the new card work at all the places I use it now?
So mind if I ask - why the change?
Why not use biometrics instead?
Why isn't it the best approach?
What about for the rest of us?
Ugh. OK. Anything else I should know about?
Do I have to use chip and PIN?
"Smart Card" to Replace ID Card in Hua Hin
Posted by admin / 8. Februaryy 2006, 02:24
Khun Sutthipong Pasurat, Chief of Population Registration and the ID Card Office, revealed the new type of ID Card. The "Smart Card" is a multifunction card where all information required by governmental offices and business sectors is installed in the card. This card is not only used as an ID Card but also used for other types of card because a microchip on the card stores information required by law about each individual in the card.
The Smart Card is an improvement over the old type of ID Card because it has the ability to store huge amount of information. The result is faster data processing of the card itself. The officer will limit the usage of information from the card to specific persons. The Smart Card is protected 100%so there is no chance for criminal to fake this type of card.
The card provides advantages to government offices. It decreases time consumption in the ID Card making process as well as delivering savings in the nation's budget.
For the individual the Smart Card saves them from waiting long hours in order
to have an ID Card made. Each individual can use the Smart Card for the following purposes:
The Smart Card does not violate privacy of any individual, instead, the card protect privacy of each individual because this card can be used to get access to many sectors of the government offices. If any one loses this card, they can rest assure the information in the card will be safe because the owner is the only person who can prove, with their fingerprints, that the card is theirs.
Australians Want ID Cards - But How?
February 2nd, 2006:
A Newspoll survey, commissioned by The Australian newspaper reveals that a majority of the Australian public is in favour of a national identity card. Wither HealthConnect?
In a week when the trumpeted Federal HealthConnect smart card has once again hit hard times, 53% of the Australian public - as polled by Newspoll - say that they are either 'strongly in favour' (27%) or 'somewhat in favour' (26%) of a similar 'all eggs in one basket' system.
It is also being widely reported that the brand new Dutch biometric passport system can and has been cracked so that personal information is available to unofficial sources within two hours.
This poll brings up several issues of interest to IDM readers, not the least of which is how exactly such a centralised scheme - which must by necessity use as many ID-checking information vectors as possible to ensure authenticity - be implemented?
Bear in mind the much-vaunted HealthConnect scheme, which according to Health Minister, Tony Abbot in May 2004 would have been used: "…to integrate patient records from hospitals, doctors' surgeries, nursing homes, medical laboratories and pharmacies", has currently eaten up an estimated $120-million and has only been sparsely trialled. HealthConnect-like data would only represent one ID vector in any truly authentic ID card scheme.
A full scale National Identity Card begs many questions from the logistical point of view: what legislation (and consequent compliance issues) will need to change in order to accommodate data matching (and mining)? How will the various ID vectors be data matched from systems as disparate as social services, social security, the penal system, the legal system, the various State and Territory transport, education and, of course, health authorities? How will the cards be read? When read, how will that information be displayed? Will all the information be stored and accessed centrally? How will it be transported? What encryption will be used? What will the lifespan of the information be? At what point and how will it be destroyed? The knowledge management, ICT and document management issues are astounding.
A poll is simply that, however. As Attorney General, Philip Ruddock, pointed out during a Sky Television interview: "I note that there was a time before where there was very strong support for a national ID card, and as debate proceeded, support waned."
For example, in 2004 a keen supporter of the system such as Peter Solomon of smart card maker, Intercard Wireless (which went into voluntary administration in that same year) was very much in favour. Speaking to the Bulletin magazine - apparently on behalf of the government, Solomon pointed out: "Because of the important element of national security, the government - sadly - has come to the view that a multifunction smart card has become a necessity from both national security and efficiency points of view."
A year later in June 2005, however, Attorney General, Philip Ruddock spoke at a Sydney Smartcard conference where he said: "There have been recent suggestions in the media that the government is going to introduce a national identity card. I can assure you that this is not the case. We do not support the approach where all personal information is centralized on one database, and a single form of identification is issued."
He continued at the same conference: "Such an approach could actually increase the risk of identity fraud because only one document would need to be counterfeited to establish an identity."
However, during the Sky Television interview, the Attorney General commented: "…having a national identification system doesn't mean that your privacy ought to be compromised. The exchange of information with relevant sections of government occurs now, but under legislation that authorises it. There's specific legislation that authorises what is called data matching, and that wouldn't necessarily change. It would only change if you made a decision that there was a public interest in broadening information that is available. But it doesn't have to follow that introduction of a national ID card would have any impact upon privacy at all."
A hazy phrase like "won't necessarily change" when applied to legislation by the chief legislator in the country is enough to make any compliance officer in any organisation turn to the various privacy acts and amendments that already litter the statute books - and panic.
The next step for the government is to outline the terms of reference for any kind of an ID system. When speaking to the Attorney General's office, IDM was told: "It's still very early days. It has not even been decided what format the card would be - a physical card or something else."
The format of the card will be one of the major concerns for any enquiry into the scheme. As yet no terms of reference have been laid down for such an enquiry, although Ruddock stated, or rather alluded: "I'll make an announcement soon, and that could be this week, it may not be."
The format of the card will dictate the read and write technologies, the database interconnectivity, the data matching techniques but not the privacy laws that will also need to be changed to accommodate a centralised system. So, we await the terms of reference for the enquiry that will be announced this week… or: "…may not be".
Visa takes aim at US contactless market
Published: 02/02/2006 14:50:00
Card association Visa is homing in on a $1.2 trillion cash replacement opportunity
as it talks up the rapid uptake of contactless payment cards by US retailers, banks and consumers.
The mass-market roll-out by Chase Manhattan of six million 'blink' cards
has spurred adoption of contactless technology by other banks, although the lion's share of issuer
wins seems to be falling to MasterCard and its rival PayPass system. Citibank earlier this week
announced plans to trial PayPass at barriers on the New York subway, in an effort to mimic the
success of other mass transit cards, such as Octopus in Hong Kong and London's Oyster card.
Visa says it is collaborating with terminal manufacturers, merchants, and
municipalities to develop solutions for a range of unattended payment terminals where consumers
will benefit from contactless convenience.
Elizabeth Buse, EVP for Visa USA, says: "The cash payment market opportunity
is $1.2 trillion, and contactless will help drive the migration from cash to electronic payments."
She says Visa has designed its contactless platform to apply to a broad range
of non-traditional payment vehicles, such as mini cards and key fobs, and has begun tests of the
technology on mobile phones in Atlanta's Philips Arena.
Visa is not alone in this endeavour. MasterCard too has conducted similar
trials in conjunction with handset device manufacturers, wireless carriers and banking partners.
Buse forecasts: "Consumers will want to explore contactless payment applications on a range of devices, from mini cards to mobile phones, that match their specific interests and lifestyle."