Selected Press Releases As Smart Cards Continue to Emerge in October  2006

Industry group slams new border card

WASHINGTON, Oct. 26 (UPI) --

An industry group says that the long-range radio ID technology being adopted for new biometric U.S. border-crossing card is not secure.

The Smart Card Alliance also says that employing a different standard for the cards than the internationally agreed one being used in U.S. electronically readable or e-passports is inefficient and technologically risky.

The Departments of State and Homeland Security announced in recent regulatory filings that they would use so-called vicinity Radio Frequency Identification, or RFID, chips in the new biometric border crossing cards which U.S. citizens will need to enter the country overland after June 2009 if they don't have passports.

The chips can be read up to 30 feet away, but officials say there will not be any personal data on them, just a serial number that matches a record in a U.S. government database.

The proposed technologies "simply don't have the security features necessary to protect the border and also maintain citizen privacy," Randy Vanderhoof, executive director of the alliance, said in a statement.

The group says the government should stick with the standards it is using in the new e-passport -- a so-called proximity RFID chip that can only be read from a few inches away.

"Using long range RFID technology is a major step backwards for government-issued identity credentials," said Vanderhoof, pointing out that the standard the chips in the new card will employ were designed for shipping crates.

Vanderhoof said that whereas the e-passport standards had been developed in conjunction with the International Civil Aviation Organization, Homeland Security was relying on private industry contractors to design, implement and operate the program.

"They are going to be making it up as they go along," said Vanderhoof.

Rate Of EMV Card Growth Slows

Banks and credit card companies issued just over 35 million smart cards worldwide that comply with the international EMV standard during the first six months of 2006, a decrease from the previous six months. But banks and merchants are installing EMV-compliant point-of-sale terminals and ATMs at a growing rate.

The figures, released by EMVCo, the organization that maintains the standard, show card issuance had slowed from last year, when banks and other financial institutions issued more than 75 million chip-based credit and debit cards alone during the second half of 2005. They issued another 65 million during the first six months of 2005.

But the figures showed installation of POS terminals and ATMs grew at a fast clip, with the rollout of 1.8 million terminals during the first six months of 2006. That’s double the number of EMV-enabled terminals deployed during the last six months of 2005 and more than the 1.4 million terminals banks and merchants rolled out during all of 2005.

While the standards organization, which is jointly owned by Visa International, MasterCard Worldwide and Japan’s JCB Co., doesn’t break down the figures by region, vendors have said card shipments decreased to the United Kingdom and, to some extent, France during the first half of 2006. Financial institutions in the United Kingdom, the largest country to roll out EMV, had largely finished their rollout at the end of last year. Card shipments to such countries as Brazil, Mexico, Turkey and Italy increased during the first half of the 2006, the vendors said, but did not compensate for the falling volumes in Western Europe. Shipments of terminals to Latin America and Asia, among other places, was believed up this year, in part because falling prices for the devices have encouraged more merchants to roll them out.

All told, through June 30, banks and credit card companies had issued 441.6 million cards complying with EMV in the more than 10 years since the standard was adopted. Banks and merchants had deployed 6.3 million EMV terminals during that time. The standard is designed to reduce fraud from lost and stolen cards. (2006-10-24)

More Smart Card IDs Coming In the USA

New identification projects moving forward in the U.S. are likely to put smart card IDs in the hands of tens of millions of government workers and contractors, emergency personnel, transportation workers and frequent travelers over the next few years. However, smart cards lost out on one major project: a new border-crossing card that will be issued to U.S. citizens who frequently cross the long U.S. borders with Canada and Mexico. Those PASS cards will contain the kind of radio frequency identification, or RFID, tag often used to track goods in transit. The government announced this week it planned to charge adults $20 for the new ID card and children $10. Citizens could apply at the same time as they apply for passports; those not also applying for passports would be charged $25 to cover the cost of background checks. The Department of Homeland Security, which is responsible for U.S. border control favored the RFID tags because they can be read from 30 feet away. That means a person’s ID can be read even before his car reaches a control point, and the border guard can have the person’s image and data on his screen by the time the traveler presents himself, thus keeping traffic flowing at busy border crossings. The U.S. State Department preferred using the kind of contactless smart card chips being embedded in passports that the U.S. and other governments are now issuing, but lost out for now. The technology could be changed later on, Frank Moss, deputy assistant secretary of state for passport services, told the annual conference of the U.S. trade group Smart Card Alliance last month. “We may lock down a technology for a period of time,” he said, “but that does not mean we lock down the technology indefinitely.” Despite that setback, several major projects that have been under discussion for the past few years now appear to be moving ahead. Here is a brief overview:

HSPD12 As of Oct. 27, agencies of the U.S. federal government were under a presidential order to issue standardized smart card IDs to employees, The aim of the order, Homeland Security Presidential Directive 12, handed down by President George Bush in 2004, is that government workers, and employees of companies that work for the government, be able to move around to facilities operated by different agencies with a single ID card. Nearly 4 million civilian and military employees of the Department of Defense already carry smart card IDs, called Common Access Cards. The new rule will put smart card IDs into the hands of another 1.9 million federal government workers. In addition, contractors who need regular access to U.S. facilities, will need the new ID card. That could ultimately amount to 10 million to 20 million additional smart card IDs, says David Temoshok, a smart card official at the U.S. General Services Administration, which is coordinating the government rollout. Furthermore, Temoshok says many state and local governments have expressed interest in using the technology standards adopted by the federal government for their own employee IDs. “HSPD 12 is not a national ID, but it does something never before done in this country, created an identity standard that other entities, state and local governments can adopt if it makes sense,” Temoshok says. “And we certainly encourage that.” The Defense Department cards were contact smart cards with PKI-based digital certificates, mainly designed for signing on to computer networks and digitally signing documents. The government’s new ID cards will add a contactless interface for door entry and biometrics.

TWIC The government hopes to begin enrolling seamen and longshoremen for a new smart card ID called the Transportation Worker Identification Credential by the end of this year. Some 750,000 workers are expected to receive the TWIC card, which will include a contactless interface for physical access control and fingerprint biometric data. Officials say they expect to order 850,000 cards in the program’s first year to cover employee turnover. Some believe more than 100,000 workers might leave the ranks of port workers, since TWIC requires proof of legal residency in the United States and a fair number of port workers are believed to be undocumented immigrants. As originally discussed in the wake of the Sept. 11, 2001, terrorist attacks in the TWIC card would have been used to identify millions of workers in truck depots, railyards, airports and other transportation facilities, in addition to seaports. Those plans were scaled back, largely because operators of transportation facilities objected to the cost of replacing existing ID cards and readers. John Maiorine of the U.S. Coast Guard, which is overseeing the TWIC rollout to maritime workers, says the government “intends to roll out first to maritime, then will consider the applicability and need for TWIC in other transportation modes.” (2006-10-19)

RFID Credit Cards Get Hacked

Researchers have shown that names, credit card numbers and other data can be skimmed off a contactless card with the holder's knowledge.

The New York Times reports that a team of scientists in the RFID Consortium for Security and Privacy (RFID-CUSP) were able to read the names, credit cards and expiration dates of recently issued credit cards using radio frequency identification transponders to enable customers to pay without swiping their cards (see Researchers See Privacy Pitfalls in No-Swipe Credit Cards). Is the news a setback for the credit-card industry? For the RFID industry? For both?

The truth is that security is not a one-size-fits-all proposition. If I have $10,000 in jewelry and cash in my house, it doesn't make sense to spend $200,000 on a state-of-the-art safe, motion sensors, lasers and other gizmos found in your typical Mission Impossible film. Similarly, if I have $1 million in valuables in my house, it doesn't make sense to spend $2,000 on a simple burglar alarm.

Banks issuing the RFID-enabled credit cards decide the level of security they need on the card, based on the threat of fraud, the cost of security features on the card and the effect on transaction times. You don't want to use such heavy encryption that a transaction takes too long to make a contactless card worth using.

Credit-card industry executives quoted in the Times article point out that there are other security measures, besides those built into the card, in place to prevent fraud, such as software that detects suspicious purchases. They obviously believe these to be adequate, given the potential threat.

The researchers are exposing the vulnerabilities of these cards to raise awareness before people with less altruistic motives abuse them. That's fair. The credit-card industry might not react until there is a problem, but no one can say it wasn't warned.

Richard Smith, an independent security consultant with whom I correspond, points out that a switch on the card would solve the security problem. (The idea has already been patented.) Only when a person turned a card on would the data on it be vulnerable to skimming. That would likely be only when you are making a transaction, and your contactless card would be no more vulnerable than a magstripe card would be when you hand it to a waiter at a restaurant.

I don't think the exposing of potential vulnerabilities of these cards is a huge black eye for the credit-card industry or for the RFID industry. Millions of people won't suddenly have their credit-card numbers exposed to thieves the way they do when someone hacks a bank's database or an employee loses a laptop with the card numbers on it. But it is likely that these vulnerabilities will need to be addressed as the technology becomes more mature and criminals start figuring out ways to abuse it.

Visa Plans an Initial Public Offering as Soon as Next Year


Published: October 12, 2006

Visa, the biggest credit card network in the country, said yesterday that it would sell shares to the public as early as next year, following in the footsteps of its smaller rival, MasterCard.

By going public, Visa hopes to streamline its operations, invest more nimbly in emerging markets and new payment technologies like those using cellular phones, and insulate its member banks from potentially billions of dollars in legal damages over antitrust and unfair-pricing claims brought by merchants.

There has also been pressure from Wall Street analysts, who believe that a profit-making structure would instill more disciplined management, and by the company’s own employees, who have privately sniped at their MasterCard counterparts’ rich stock option paydays for months.

“MasterCard’s I.P.O. raised stakes for Visa,” said Kenneth A. Posner, an analyst with Morgan Stanley. “If Visa wants to attract and retain and compensate the best people, having currency might be very important.”

MasterCard went public in late May at $39 a share. It has since surged more than 78 percent, to $69.50, even after falling 3 percent yesterday. MasterCard now has a market value of $9.4 billion. Several analysts said they expect a Visa initial public offering to value the company at least double that, given its dominance.

Visa held about a 60 percent share of credit and debit purchases in 2005 compared with 27 percent for MasterCard, according to The Nilson Report, a newsletter for the credit card industry. As of June 30, Visa reported $771 billion in transactions in 2006, compared with $411 billion for MasterCard.

“By any measurement, Visa looks more desirable than MasterCard as an I.P.O.,” said David Robertson, publisher of The Nilson Report. “It has a better, more advanced network, and it sees a lot more traffic on that network.”

The most immediate beneficiaries of a Visa stock offering could be its large member banks — including Bank of America, Wells Fargo and J. P. Morgan Chase — which could recognize hundreds of millions in capital gains if they sell part of their Visa ownership stake, even as the overall card industry continues to slow. For example, both Citigroup and J. P. Morgan Chase, two of the largest MasterCard member banks, recognized one-time gains worth more than $100 million in the second quarter from stock sales related to the MasterCard offering.

By retaining public ownership, the payment associations’ members might also be seeking to mitigate their liability in future suits. Retailers have filed suit against both Visa and MasterCard, accusing them and their member banks of illegally fixing the transaction fees that merchants pay with every purchase.

Visa and MasterCard settled one such suit, led by Wal-Mart Stores, in 2003, paying about $3 billion. Another, filed by Kroger and other grocery and convenience store companies, is still pending.

Eric E. Wasserstrom, an analyst with UBS, wrote in a research note yesterday that Visa’s move, like MasterCard’s, was driven in part by an effort to “improve its future legal posture.”

Visa said it intended to sell a majority of shares to the public, but offered no specific figure, nor how much it intended to raise. The initial public offering, which the company said should happen in the next 12 to 18 months, will follow a reorganization that will centralize its North American and most of its international operations in one company, Visa Inc., but leave its Western Europe businesses in the hands of its member banks.

The decision to go public highlights the intense rivalry between Visa and MasterCard. Visa began as BankAmericard, started in 1958 by Bank of America in California. Bank of America began licensing the card nationally eight years later, about the time that a group of banks created what later became MasterCard.

Visa, which processes more than half of all credit card transactions in the United States, is solely owned by its members, from small credit unions to well-known global banks. With increased pressure from Wall Street to increase profit margins and less influence from its members, the “banks may have to pay a little more from their services,” said Mr. Posner of Morgan Stanley.

Over the next 12 to 18 months, Visa will need to gain approval for the offering from its member banks, and find a new chief executive officer and independent directors. It must also legally merge its regional boards and decide on which exchange it will publicly trade

Consumer-Driven Healthcare Creating Need For Smart Medical Debit Cards

From a press release by HealthLeaders-InterStudy:

"How futuristic is it to believe that one swipe of a debit card would reveal your identity, your health record, and your health plan coverage and eligibility information? Not as far off as you think."

According to HealthLeaders-InterStudy, a leading provider of managed care and healthcare market intelligence, insurers and payment processors are building technology systems to link banks, payors, providers and consumers. The ultimate goal is a smart debit card that will carry all the information needed to make a healthcare purchasing transaction transparent, efficient and seamless.
"With an estimated 6 million Americans participating in consumer-driven healthcare, the need is growing for a consumer 'smart' card," states Chris Lewis, HealthLeaders-InterStudy research analyst. "However, achieving widespread use within providers' offices will pose the most direct challenge."

The majority of health accounts do have debit cards tied to flexible spending accounts and health reimbursement arrangements, which are set up and controlled by employers to pay for employees' qualified medical expenses. Industry observers say the more recent adoption of health savings accounts, which are tied to high-deductible health insurance plans, will further propel debit card use. However, most systems do not feature instant processing and approval of a health insurance claim -- and without that "real-time claims adjudication" feature, most health purchases cannot be as simple as a department-store purchase.

A few large insurers are making progress. Humana Inc. has launched a successful real-time claims adjudication system in six medical practice sites so that physicians' offices can be paid in a matter of seconds. This four-month pilot project enabled the clinic staff at MacGregor Medical Center in San Antonio, Texas, to get a claim back from the insurer so the bill could be presented to the patient on the spot.

UnitedHealth Group is unveiling an integrated ID and debit card that will store members' identification, eligibility status, and health records. Using a card reader connected to the provider's computer via a standard USB port, the provider can then call up the patient's information on the UnitedHealthCareOnline provider portal. This system would enable a claim to be submitted, and within 10 seconds the provider would know the reimbursement and how much the patient would owe.

There are several factors that would further complicate instant pricing and payment. Many physician practices commonly deal with 15 or more payors with varying product lines. For multi-coded services, prices and payment rules vary widely among insurers. With a thousand or so practice management software programs currently in use around the country, it will be difficult to design a card "smart" enough to work with them all.

For providers, the shift to smart cards will depend greatly on how many of their patients have these cards, and whether the benefits in speedier claims payment outweigh the costs of the technology.

As medical debit cards get smarter and insurers begin more widespread implementation, these cards will become the electronic links to bank accounts to facilitators of instant member identification, insurance eligibility, and claims adjudication.

Contactless loses to RFID in PASS Card debate

Monday, October 9 2006

The new proposed border crossing card known as PASS will use vicinity read RFID technology that is ISO/IEC 18000-6C compliant instead of contactless technology currently being used in U.S. e-passports, it was announced during the recent Smart Card Alliance Conference in San Diego.

SAN DIEGO, CA -- The role of smart cards in proving and protecting identities in a digital economy and for e-government were some of the focuses at the Smart Card Alliance annual conference in San Diego. Also, one government official chose the conference to announce that the proposed PASS card may be using RFID instead of the recommended more secure contactless technology.

WHTI, e-Passport, HSPD-12, FRAC, Brazil's Public/Private ID
Frank Moss announced plans for the Western Hemisphere Travel Initiative (WHTI) PASS Card to use vicinity read RFID technology that is ISO/IEC 18000-6C compliant. The next step in the process will be a public comment period in the next two weeks. The Smart Card Alliance has consistently expressed concerns about risks to privacy and security presented by using RFID technology.

The Alliance has recommended that a more privacy sensitive and secure solution would be to use the contactless smart card technology used in the new e-passports that provides additional security features. The WHTI program aims to improve security at the nation's land borders, where U.S. citizens currently can re-enter the country with a driver's license. Border agents see more than 200 fraudulent documents a day at the land borders, and the DHS and State Departments "want to minimize the variability of documents accepted there," Moss said.

Microsoft Vista to Support Smart Cards
Smart cards will get a boost from out-of-the-box support in Microsoft's new Vista PC operating system, making it simple and seamless for people or any size organization to use smart cards for desktop and network security, Shivaram Mysore, senior program manager at Microsoft, told conference attendees. The reason is that the strong authentication and secure storage capabilities of smart cards address problems of desktop and network security, privacy and confirming people's identities over networks. "We really want to make this a reality now because it can solve all of these problems," said Mysore.

Vista will include smart card support for multiple certificates for logins and an unblock/PIN reset program based on challenge/response questions. Mysore also announced that the beta 2 version of Microsoft's Certificate Lifecycle Manager program would be available in January or February 2007. The application provides a single administrative point for smart cards. The 100,000 employees at Microsoft use smart cards for internal IT security.

The Department of State received the 2006 Outstanding Smart Card Achievement (OSCA) award for an issuing organization for the e-passport program. "This year we issued a record 12.1 million passports to U.S. citizens, redesigned our books, started issuing chips and revised our adjudication process," Moss said while accepting the award on behalf of the Department Wednesday. "By the end of February, if all goes well, all of the passports we issue will be chip." The State Dept. currently produces about 250,000 passports per week and has produced 500,000 e-passports so far. By the end of this month e-passport readers will be rolled out to 30 airports that handle 80 percent of the Visa Waiver Program country volume.

The GSA Shared Services Program will start issuing HSPD-12 PIV cards no later than October 27, 2006, in time to meet the mandated deadline, and 28 agencies have signed up to use the service, David Temoshok, director, identity management division, GSA Office of Government-wide Policy told meeting attendees. He expects between 10 and 20 million FIPS 201 cards will be issued in total, with about half a million of those coming through the shared services agreement.

In addition, state and local government organizations can also buy the more than 90 approved FIPS 201 compliant products listed on GSA IT Schedule 70, Temoshok announced. "HSPD 12 is not a national ID, but it did create an ID standard that state and local governments could adopt if it made sense. And we encourage that," he said.

One potential taker could be the Department of Homeland Security for a First Responder Card (FRAC) that would ideally be put in the hands of firefighters, police and other emergency workers at the state and local level. Tom Lockwood, director of the office of the national capital region coordination for DHS, told attendees he is a strong advocate of FIPS 201. He would like to see strong, interoperable systems defined and put in place in his region that would quickly validate the identities of pre-screened and qualified emergency workers to allow them into disaster sites. "Whether it's floods or a building collapse, in an emergency there is confusion about who's who and the distribution of human assets," said Lockwood. "I want this capability to be with me day-to-day and on THE day." He would also want the card to provide online security authentication and privileges controls.

Brazil is arguably one of the most advanced countries in the Americas in the use of a public/private identity system based on public key technology. Now in its fourth year of operation, Brazil has issued 500,000 identity certificates, including 100,000 on smart cards or tokens, according to Mauricio Cuehlo, director, public key infrastructure of Brazil's Information Technology Institute. Brazilians pay $130 for the certificate and a reader, and must go to one of 1,000 Registration Authorities with appropriate documentation to prove their identity. The credentials are used for both public and private applications from voting to proving professional accreditations or licenses.

The Smart Card Alliance also announced the companies who were voted to be "best of showcase" in the Emerging Technology and Innovation Showcase held during the conference. CoreStreet and Giesecke and Devrient received the top votes from conference attendees.

Being Smart-Card Wiser

By Robert Brandewie

October 9, 2006

The department of Defense faced numerous challenges around the issue of strong identity management when it implemented a credentialing and identity management program beginning in 2001.

This program produced a new identification card called the Common Access Card that would contain both identity information and PKI sets and certificates on a 32K smart card.

Learning from the DOD program's success, federal agencies are beginning to issue secure credentials this month, with the goal of having a standards-based, interoperable, multi-application smart-card-based ID card issued throughout the federal government.

From the beginning, several principles that guided the CAC program also make sense for current or future secure identity programs in both the private and public sectors.

These principles include the idea that the components of the system should be commercial and off-the-shelf wherever possible and that they should be modular to allow for vendor competition in the program.

Next, interoperability among all parts of the enterprise needed to be built into the DOD program from the start. The DOD also needed to sustain this interoperability as the program matured and changes were made to the cards, middleware and operating systems. Finally, the DOD needed to integrate its legacy systems seamlessly with any new components.

The CAC would be the only card used in DOD networks and for physical access in DOD facilities. The issuance model was unique as well. In a 15-minute interaction, the goal was for an individual to provide proof of identity; update information in the central identity store; provide a new photo and biometric authentication; and surface and personalize the card, including the creation of three PKI (public key infrastructure) sets and certificates.

This interaction was to occur with the same time goal in any of more than 1,000 locations in the United States and in 27 other countries—using DOD intranet assets.

Today, more than 10 million CACs have been issued, and they continue to be issued at a rate of approximately 10,000 per day.

The DOD is continuing to build capabilities around this platform. Likewise, the card has continued to grow and mature. The components on the card, along with able cooperation from partner technology providers, have kept the promise of interoperability through all these changes.

There is good news in all this for those IT managers who are facing the daunting task of establishing an enterprisewide identity system based on sophisticated smart-card-based ID card programs.

DOD gets a handle on sensitive content. Click here to read more.

First, standards have emerged in many areas that lower both risk and cost for these systems. The technology has matured and is available to handle the complexity of these programs and also to integrate the different parts of an identity management system seamlessly.

Prices have come down for both the cards and the network and for client-side software pieces that connect the card to the infrastructure.

Finally, best practices have emerged—including many guiding the CAC program—which greatly increase the probability of success.

The identity industry has really done a wonderful job of working together for the customers' benefit right at a time that the need for these systems worldwide is becoming critical.

Robert Brandewie was most recently director of the DOD's Defense Manpower Data Center, where he was a principal architect of the CAC system. He is currently senior vice president in the Public Sector Solutions Group at ActivIdentity, which worked on that project. Contact him at

A High-Performance FIPS Certified Smart Card Solution for HSPD-12 Requirements

LITTLETON, Colo., Oct. 4 /PRNewswire/ --

CPI Card Group -- Colorado Inc. announced plans to deliver next generation identity management smart cards under the Federal HSPD-12 deployment program scheduled to be launched this year. In August of 2004 President Bush set in motion a program to establish personal identity validation smart cards for all Federal employees and contractors serving the government. The industry has been preparing for these new higher standards established by the National Institute of Standards and Technology [NIST] for the smart card 7816 ISO format.

CPI Card Group, based on Atmel(R) Corporation's secure silicon platform and with technologies assembled by TecSec(R) Inc., will provide 144K of Flash memory at a per byte cost advantageous to competing solutions. This next generation CKM Enabled(R) Smart Token(R) includes the following: Atmel's Flash AT90SC144144CT+ mini PIV with AT90SC12872RCFT single-interface, dual-interface contactless and contact chip. This Smart Token solution includes a CKM Enabled JAVA(R) operating system PKI authentication, PIV2 and Precise Biometrics Match-on-Card(TM) technology. TecSec's CKM(R) technology serves more than ID cards as it is integral to an ID access and data management system solution that can provide persistent protection to data. This is enhanced by accessing multiple applications (silos) upon this same trusted Smart Token platform thereby serving as a true federating device.

This Smart Token federating device is designed to be interoperable with other PIV2-compliant cards and to become the preferred workhorse for not only this HSPD-12 requirement, but for Homeland Defense and other applications (e.g., first responders, border control and state government programs). Various card issuers will find their requirements met by this high capacity uniform platform with multiple silos.

TecSec Inc, a leading high-grade security solutions provider, brings its CKM technology to protect content as well as to enforce permissions and functions, including discrete access rules and various permissions that allow for numerous silos on their Smart Token. Each silo contains a distinct service application, the access to which is under the control of the respective application provider. Access permissions may vary and they are assigned to cardholders by the application provider. In this manner "roaming" on the card is denied, privacy is assured and the liability exposures of the Smart Token issuer are substantially curtailed.

Overall system installation and ongoing operating costs for this Smart Token are significantly lower than traditional Java smart card solutions. This is because the content protection of CKM and the multiple discrete application silos, permit highly-secure network-independent updates (loads and deletes) to intended segments of the memory of the ATMEL secure chip. In this manner, fixed facilities needed for cardholders to update smart cards are no longer needed, obviating a major cost. Furthermore, given the discrete and protected nature of each application silo, the Smart Token issuer has the opportunity of gaining "cost offsets" or rental income, from application providers paying for silo space on the issuer's card platform. This Smart Token establishes a new, more favorable, business model for the card issuer.

The Smart Token's contactless RFID feature is designed with a secure close-proximity range limitation, guarding privacy and thwarting vulnerabilities.

Precise Biometrics' use of the secure smart card environment to match the cardholder's stored fingerprint against the cardholder's finger is another example of the next generation nature of this Smart Token solution. Conventional biometric solutions match the fingerprint against a remote data base, involving additional off-card processing and costs while exposing the stored templates to potential compromise. The Precise Match-on-Card(TM) solution is a clear step ahead, increasing security while enhancing user privacy. This Smart Token solution is interoperable with the efficient MyID(R) card life cycle management system of Intercede(R).

CPI Card Group will manufacture this Smart Token. The FIPS and NIST certifications are in place or scheduled to be completed in a timely fashion. A long-life composite card material base, providing heightened durability, is also available that delays normal card replacement costs well into the future.

Spotlight on Contactless Payment Trends as Smart Card Alliance Annual Conference Opens

SAN DIEGO, CA -- (MARKET WIRE) -- October 04,

Trends in contactless, mobile and transit payments were the focus as the Smart Card Alliance kicked off its annual conference in San Diego.

Contactless bank cards and transit

Some transit operators may be adding bank-issued contactless cards into their closed payment systems, representatives of the transit authorities in New York City and Salt Lake City told conference attendees. Both organizations are currently testing the concept with consumers.

"We wanted to learn about the acceptance of contactless Visa, MasterCard and Amex cards as a basis for fare payment," said Craig Roberts, electronic fare collection manager for the Utah Transit Authority (UTA). Roberts heads up a program to accept bank-issued or "open" contactless cards on 41 ski buses in Salt Lake City, replacing the current use of season passes and employee IDs. It is the first program in the United States to accept contactless cards from all three associations, and the first open contactless program on buses. Roberts initiated the UTA program with a call for industry input at last year's Smart Card Alliance annual conference, and then put the program together in just one year with the UTA's technology and business partners. "We'll be in a position to go live when the snow falls," said Roberts.

Managers at New York City's MTA are on the same track. Steve Frazzini, chief officer for automated fare collection program management at MTA New York City Transit, said the agency spends about $60 million per year on revenue support, maintenance and other fare collection costs to collect about $2 billion a year. Those expenses, along with the emergence of open contactless programs, prompted the agency to start looking into leveraging the payments industry infrastructure.

"We'd like to be considered as a merchant," said Frazzini. "We'd like to offload those tasks and focus on what we do best, running transit systems."

That thinking led the MTA into a trial with Citibank and MasterCard PayPass to test how the contactless technology works in their environment and see how customers react. The consumer level test began July 5th and includes 79 turnstiles in 30 stations across four NYC boroughs.

After three months, they like what they see -- good customer acceptance, no chargebacks, no fraud and no customer phone calls transferred to the MTA. "The results have been very positive," said Frazzini.

Both the MTA and UTA are testing a way to make "open" contactless cards even more profitable using aggregation. By grouping many small payments together and presenting them as one transaction to the merchant acquiring system, the agencies lower their transaction costs. Since 75 percent of the MTA's transactions are micropayments of less than $6, aggregation can save a lot of money, something the testing proved works. "We didn't doubt that, but we've learned that it actually happens," said Paul Korczak, program manager for MTA New York Transit and chair of the Smart Card Alliance Transportation Council.

Online security

William Giles, vice president of emerging technologies at MasterCard Canada, announced two new smart card-based online security solutions for U.S. card issuers: one based on a low cost card-sized device and the other on the SIM card in GSM mobile phones. Both use an application on the smart card that generates a unique password for each transaction that the consumer enters online instead of the static security code printed on the back of the card. U.S. issuers can offer this immediately to their customers, because it will work seamlessly with any SecureCode compliant online merchant. A Keybank pilot tested the phone-based solution, and Giles estimated the cost of the handheld device would be well below $10 each.

Contactless payment

One contactless issuer, Wells Fargo Bank, found a new twist by linking contactless card transactions to a personal banking service called "My Spending Report" that lets consumers see where they are spending their money. Adding small payments to the report "promotes cash to card conversion," said Peter Ho, card services vice president for Wells Fargo Bank.

Another highlight of the first day was the presentation of the contactless survey results announced yesterday by the Smart Card Alliance. The survey, conducted by Javelin Strategy and Research for the Alliance, showed that 13 percent of the consumers surveyed have already used contactless payment, and 95 percent of that group said it was both easy and fast. Those consumers who have tried it were confident in the new payment technology as well -- 84 percent said it was as safe or safer than credit cards, and that they would use it for large purchases too. Of consumers who are yet-to-try contactless, 75 percent are somewhat likely or very likely to adopt it.

About the Smart Card Alliance

The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology. Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. and Latin America. For more information please visit

New Conductors Speed Global Flows of Money
Cellphones Make Transfers Faster, Cheaper

By Mary Jordan Washington Post Foreign Service

Tuesday, October 3, 2006; Page A01

MANILA -- It was 10:33 p.m. when Dulce Amor Bandoy's cellphone beeped with her favorite kind of message.

"You have received 1,321.00 of G-Cash," read the text on her phone's glowing screen.

That meant her uncle in London had just deposited 1,321 Philippine pesos -- about $26 -- into her Globe Telecom cellphone account, which Bandoy uses like a bank. "My phone is now my wallet," said Bandoy, 29, a cheerful woman with a sparkling smile.

The cellphone-based system that conveys cash between Bandoy and her uncle has the potential to revolutionize the way hundreds of billions of dollars are moved around the world, according to experts who study global cash flows.

Cash that relatives working abroad send home is not only vital support for millions of families but a cornerstone of national economies from Mexico to Lesotho. The World Bank estimates that global remittances last year topped a quarter of a trillion dollars, with $13 billion flowing into the Philippines alone.

But traditional methods of moving money in small, personal amounts can be slow and costly. Western Union, the world's largest money-transfer business, would charge $22 in fees on a $26 transfer from London to Manila. Banks also demand substantial fees and often take two or three days to complete a transfer.

With cellphone use booming across the developing world, from the open deserts of Africa to Bandoy's densely populated neighborhood in sultry Manila, handsets that cost as little as $30 are enabling struggling nations to leapfrog past the need for land-line phones and ATMs.

The money transfer to the four-inch gold Nokia in Bandoy's hip pocket is a glimpse of the future, said Dilip Ratha, an economist and remittance expert with the World Bank in Washington. "I really think this is the way forward," he said. "In three years I would expect to see this all over the world."

Eugene Bandoy, 50, is a Filipino architect who lives in London and helps other expatriates buy property back home. When potential buyers want to take a look at condominiums or houses in the Philippines, his niece shows them around. He sends her cash to cover her expenses. But that can be frustrating and expensive, because the fees for wiring small sums can nearly equal the amount being sent.

So in November, when Bandoy heard at a Filipino community event that he could send up to $200 through his cellphone for as little as $7, he eagerly signed up.

"It's not just cheaper for me," he said, wearing a whimsical tie covered with drawings of Volkswagen bugs and a white cap spun from Scottish cashmere. "It's more convenient for Dulce -- she can pick up the money at a shopping mall late at night long after banks are closed." She could also use any of 1,500 other locations, including department stores and licensed pawnshops.

Last month, Bandoy needed his niece to go to Quezon City, just outside Manila, to show a condominium to a woman who works in London but was home on vacation and interested in buying. But Dulce, like so many people struggling to get by in this country of almost 90 million people, said she didn't have the $1 for a bus or train ride to meet the client.

IBM to Build Singapore Smart Card System

By Katie Dean Staff Reporter

10/4/2006 2:28 PM EDT

IBM (IBM - commentary - Cramer's Take) will build a smart card e-payment infrastructure for Singapore's transportation system.
Financial terms of the deal weren't disclosed.

IBM's High Performance On Demand Solutions Labs is working to link the fare payment systems of Singapore's mass rapid transit and light rail transit systems with the transit operators' central computers, card service operator and card manager system.

The network will be able to support more than 10 million transactions by 2010, when a new transit line will be complete. That's compared to the four million transactions managed today.

IBM said the new infrastructure will be able to support more than 650 transactions per second during peak hours, and will be built for scalability and flexibility to grow as the network expands.

Big Blue shares lifted 1.4% in recent trading, tacking on $1.17, to $82.82.