Selected Press Releases As Smart Cards
Continue to Emerge in May 2006

Standard Key To Smart Card Use

By Larry Greenemeier InformationWeek

May 29, 2006 12:00 AM

Smart cards have moved well past their beginnings as keys to enter buildings and networks. A small cadre of countries, including Malaysia and soon Qatar, is using them for national IDs. More could follow if an international standard is established for smart card readers.

ISO 74727, to be completed in the next few years, would dictate how readers scan identity information carried in a national ID card or passport so that those cards could be read by common devices worldwide, says Randy Vanderhoof, executive director of the Smart Card Alliance, a vendor group. Standardized readers would make it easier for governments to use smart card technology in IDs and passports.

Qatar, a country of about 900,000 people, plans to issue credit-card-size biometric smart cards early next year as national IDs containing name, birth date, address, and other personal data, as well as biometric fingerprint data stored on Axalto smart cards. Malaysia, with a population of 23 million, for five years has offered its citizens a smart card that includes driver's license and ID information used for bill payment, tolls, parking and public transportation, ATM banking, and health services.

Slow development of readers and other infrastructure used with smart cards has delayed their deployment by businesses and governments. But the landscape is changing amid growing demands for smart card-level security for data transactions. Visa and MasterCard have agreed on standards to ensure that merchants can use one card reader to accept their smart card-enabled devices, including key chains, cell phones, and credit cards.

France Awards Health Card Contracts

(2006-05-30) - Card Technologies

GIE Sesam-Vitale, the French social care agency, has picked three French smart card companies to supply the agency’s new health card, Vitale 2. Axalto, Gemplus International and Oberthur Card Systems, all announced today they would supply the initial batch of cards to be issued in the fourth quarter.

GIE Sesam-Vitale says a new card is necessary because optional insurance plans are joining the Sesam-Vitale system, and the current version of the card is not upgradeable to accommodate all those changes. Currently, there are about 53 million Vitale 1 cards in circulation, Axalto says.

Gemplus and Axalto said they received two-year contracts for at least 8 million cards each. Oberthur said it received a multi-year contract, and did not specify how many cards were called for.

The Vitale 2 cards differ from the earlier version, which were first issued in 1998, in several aspects. The new cards have 32 kilobytes of memory and a crypto-processor chip, which is more sophisticated than the 3K memory chip on the current card. Each individual over age 16 covered by the French health care system will receive a Vitale 2 card, says GIE Sesam-Vitale. Younger children will continue to be covered by their parents’ cards.

The cards also will have an electronic prescription function. The insured will present his or her Vitale 2 card to the pharmacist, whose computer will read the prescription off of the chip.

Another version of Vitale 2 card will be issued to about 500,000 health care professionals, the agency says. They use the cards to securely get access to the data on a patient’s card.

Where Oyster clammed up, sQuid is ready to cash in

By Edward Simpkins

(Filed: 14/05/2006) - Daily Telegraph UK

NM Rothschild, the investment bank, has been appointed to raise £15m to fund the launch of a cashless card payment system designed to be a rival to Transport for London's Oyster card.

The new card, to be called sQuid, will not be used to pay for journeys on public transport, but instead will be an alternative to using cash for low-value transactions for goods and services at newsagents, parking machines, coffee shops and other retail outlets.

The decision by Nucleus, a branding agency owned by Peter Matthews, the entrepreneur, to push ahead with the sQuid card follows the failure, admitted earlier this month, of TfL to reach agreement with a commercial partner to extend the use of the Oyster card beyond public transport.

TfL had spent almost a year negotiating with a shortlist of potential partners that included Royal Bank of Scotland, Barclays, PayPal, Alphyra and several consortia, including one that involved Octopus, the Hong Kong cashless card that seems to have inspired the fishy branding of the cards in Britain.

TfL said that setting up a link with a financial partner or bank to develop the service had proven too difficult and expensive. A spokesman said that TfL might look again at the idea in the future as it would encourage uptake of the Oyster card, but that the cost and risk to TfL were too high at the moment.

However, Nucleus believes that the technical issues can be resolved and that a partner can be found to take on some of the risk. A spokesman for the company said the plan was to launch sQuid in the first quarter of 2007, deploying existing, tried and tested technologies including the "touch and go" system used by Oyster.

Security worries over the cards will be reduced by holding all account information centrally rather than on the card. The ambition is that the cards should be much quicker and easier to use than credit or debit cards.

Consumers in the UK make around 27bn cash transactions a year, worth £250bn, and around 80 per cent of these are purchases of less than £10. Nucleus estimates that the market for cashless card transactions will be around £20bn and that there is space in the market for about four providers.

Card issuers are keen to extend the use of cards to purchases of lower value and both Mastercard and Visa have piloted contactless cards in the US.

Why Japan and South Korea Lead the World in Contactless Payments

[05/25/06]

Japan and South Korea lead the world in adopting contactless payment solutions. Both countries have implemented nationwide services on a commercial scale.

Mobile operators and issuers address a varied range of market opportunities in the region. According to Senior ABI Research analyst Andy Bae, "Small payment transactions are a major goal for Japanese and South Korean credit card companies. To spot new opportunities and increase revenue, mobile operators and card issuers must continually assess their positions in the value chain."

In Japan, FeliCa has created innovative businesses such as Suica (East Japan Railways' transit card) and Edy (BitWallet's e-money service), through which credit card and financial services, transportation and mobile service companies have aggressively adopted FeliCa-based smartcard payment solutions.

Furthermore, FeliCa has been installed in mobile handsets, so called 'Osaifu-Keitai' and 'Mobile FeliCa', allowing them to be used in a wide variety of contexts: as credit card, pre-paid e-money, transit card, and as identification for entrance management.

For users, the major incentive to adopt a contactless payment service is easy, convenient transactions. Merchants can expect to enhance the customer relationship by offering "point" and "coupon" benefits, and by delivering product item information over the air.

The maturity of contactless payment solutions in Japan is closely related to the activities of East Japan Railways. The company has a nationwide infrastructure, and there are stations within which users can access entire facilities simply by waving the card. Using East Japan Railways' resources, Suica has enlarged the range of services beyond simple transit, to involve the merchant communities in the station and its vicinity.

In South Korea, mobile operators SK Telecom and KTF will introduce USIM (Universal Subscriber Identification Module) to offer an integrated mobile card solution that includes banking, transit, stock transaction, and contactless payment via 13.56 MHz. Andy Bae notes, "With a high adoption rate in the mobile handset, South Korean users will have an integrated smartcard solution in their mobile devices."

In addition, contactless payment solutions from Visa Wave and MasterCard PayPass have operated successfully in South Korean retail environments since 1Q 2006.

Contactless Payment Markets in Japan and South Korea examines business models, tracks merchant uptakes, and gauges card issuers' and consumers' expectations in both markets. The report includes forecasts of shipments and revenues for chip, reader, and contactless payment solution-enabled devices to 2012. It forms part of ABI Research's subscription Contactless Commerce Research Service, which includes research reports, regular market updates, forecast and industry databases, ABI Insights, and analyst inquiry time.

Where Oyster clammed up, sQuid is ready to cash in

By Edward Simpkins (Filed: 14/05/2006)

NM Rothschild, the investment bank, has been appointed to raise £15m to fund the launch of a cashless card payment system designed to be a rival to Transport for London's Oyster card.

The new card, to be called sQuid, will not be used to pay for journeys on public transport, but instead will be an alternative to using cash for low-value transactions for goods and services at newsagents, parking machines, coffee shops and other retail outlets.

The decision by Nucleus, a branding agency owned by Peter Matthews, the entrepreneur, to push ahead with the sQuid card follows the failure, admitted earlier this month, of TfL to reach agreement with a commercial partner to extend the use of the Oyster card beyond public transport.

TfL had spent almost a year negotiating with a shortlist of potential partners that included Royal Bank of Scotland, Barclays, PayPal, Alphyra and several consortia, including one that involved Octopus, the Hong Kong cashless card that seems to have inspired the fishy branding of the cards in Britain.

TfL said that setting up a link with a financial partner or bank to develop the service had proven too difficult and expensive. A spokesman said that TfL might look again at the idea in the future as it would encourage uptake of the Oyster card, but that the cost and risk to TfL were too high at the moment.

However, Nucleus believes that the technical issues can be resolved and that a partner can be found to take on some of the risk. A spokesman for the company said the plan was to launch sQuid in the first quarter of 2007, deploying existing, tried and tested technologies including the "touch and go" system used by Oyster.

Security worries over the cards will be reduced by holding all account information centrally rather than on the card. The ambition is that the cards should be much quicker and easier to use than credit or debit cards.

Consumers in the UK make around 27bn cash transactions a year, worth £250bn, and around 80 per cent of these are purchases of less than £10. Nucleus estimates that the market for cashless card transactions will be around £20bn and that there is space in the market for about four providers.

Card issuers are keen to extend the use of cards to purchases of lower value and both Mastercard and Visa have piloted contactless cards in the US.

Merchandising on mobiles

A GPRS-based service for mobile phones creates a secure platform for m-commerce

VINUTHA V  Posted online: Monday, May 29, 2006 at 0000 hours IST

A slew of services can be delivered using GPRS (General Packet Radio Service), a technology being offered by most mobile operators. Jigrahak Mobility Solutions (P) Limited has a developed a mobile platform, NGPay (Next Generation Pay), a free service for end customers that enables payments and e-commerce using mobile phones. End-users can download the NGPay application on their mobile handsets and use it for ‘anytime, anywhere, any-purpose’ payments.
There are many challenges associated with current mode of electronic or mobile commerce. For instance, in the automated IVR (Interactive Voice Response) system, one has to navigate through a swath of submenus to complete a transaction. In SMS transaction services, an option of payment may be absent allowing limited access to services. Sourabh Jain, partner, Jigrahak Mobility Solutions (P) Limited says, “Most current m-commerce solutions offer services in bits and pieces. The lack of technology that integrates an end-to-end service has triggered us to develop NGPay using Java, at the client level, and J2EE at the server level. We believe this would help realise this immense potential and define the world of mobile commerce and mobile payments in a convenient and secure way.”
The application is a free download that runs on J2ME compatible phones as long as the user has a GPRS subscription. NGPay can work with most of the GPRS plans offered by mobile operators. In typical online-transactions, manageability and security of data are major hurdles since third-party servers are involved. Since NGPay eliminates the need for third-party servers, data protection is assured. The credit card information of an end-customer is stored in an encrypted form on the mobile phone (it is not stored on NGPay servers). Additionally, input of the correct PIN ensures that only an authorised user can access the credit card information stored in your electronic wallet.

Applications can include buying an air ticket where destinations, flight availability, schedule of departures, mode of payment, PNR number and payment slip viewing can be offered. In case of booking for movie ticket, the availability of tickets for a particular movie, show timings and seat numbers can be presented.

End-users can view their bills (payment) and get PNR numbers for confirmation. Technology should only offer convenience to the end-customers and we are trying to fulfil it through our NGPay.

In arrangement with Express Computer

Visa Asia Pacific Reports EMV Chip Card Growth

Visa Asia Pacific has announced that the EMV chip card migration continues with more than 43 million Visa EMV-compliant chip cards issued in the region as at the end of 2005 and the number of EMV chip terminals in the region rising to more than one million.

EMV chip cards are payment cards carrying an embedded microchip. Compared with existing magnetic stripe cards, the computing power of the chip means that the cards can offer much greater security as they can protect against ‘skimming’ or copying the contents of the magnetic stripe. When a cardholder makes a purchase at a merchant, the chip card sends a different secret message to authenticate every transaction, making it practically impossible for a fraudster to steal the information to create counterfeit cards.
Visa’s EMV chip cards are in use in 18 markets (Australia, Cambodia, China, Hong Kong, Japan, Korea, India, Indonesia, Macao, Malaysia, Maldives, New Zealand, Pakistan, Philippines, Singapore, Taiwan, Thailand and Vietnam). across the region. Four of the markets Japan, Taiwan, South Korea and Malaysia have national migration programs underway. In those markets which are further down the migration path, the benefits of EMV chip are already being reaped.

Malaysia was the first country to complete a national EMV chip-card adoption program, converting all credit cards to EMV chip by December 2004 and all card terminals by December 2005. As a result, counterfeit (Counterfeit fraud occurs when stolen cardholder account data is stored on the magnetic stripe of fake cards and used for fraudulent transactions.) fraud on cards issued in the country has disappeared.

“Protecting cardholders is absolutely critical – it is what our customers tell us they want – and increasingly it is technology that helps enable us to protect them. EMV chip is the solid foundation upon which, not just the security elements, but the other consumer interests can be met, that of convenience, flexibility and variety. Given the pace at which technology is changing and fueling consumer interests, EMV chip migration must be accelerated or banks will run the risk of missing out on the tremendous opportunities open to us now, and pay a higher price for it down the road,” said Paul Jung, Visa Asia Pacific’s regional head, Emerging Product and Technology.

Visa Asia Pacific’s “Heart of Smart Chip Consumer Research” reveals that there is an increased in awareness and interest in smart cards throughout the region. Nearly two in three consumers believe EMV chip are more secure than magnetic stripe cards. Consumers also indicate that security and convenience are the two strongest factors for their preference for smart cards over magnetic stripe cards. They also expressed interest in the practical applications offered by smart cards such as usage in public transportation.

New government smart ID cards slowly coming along

HSPD-12 mandated ID cards will be ready for new federal employees by October

Thursday, May 18 2006

By Marisa Torrieri, Contributing Editor, AVISIAN Publishing

Come mid-Autumn all new federal employees can expect to be issued a state-of-the-art smart card capable of granting secure access to designated buildings and services.

However, it may be several years before every single existing federal employee gets new powerful plastic with standardized high-security specs, say the agencies in charge of developing the card in accordance with the Homeland Security Presidential Directive 12 (HSPD-12).

HSPD-12, signed by President Bush in August 2004, calls for a number of measures to ensure more secure networks and communication across Federal agencies. Among these is a new Personal Identity Verification (PIV) ID card. The standards for the PIV cards have been in development since HSPD-12’s release, guided by the National Institute of Standards and Technology (NIST).

The HSPD-12 mandate requires all federal agencies to switch to these PIV cards to raise the level of identity verification and security across government. But getting all agencies to implement the new cards, mandated for new employees by Oct. 27, is proving to be a major undertaking.

The General Services Agency, designated as the government’s Executive Agent for the Acquisition of Products and Services to implement HSPD-12, is working alongside NIST to test the PIV infrastructure.

While NIST is testing conformance of the smart card software against the established standards, GSA is coordinating with vendors to test for interoperability between the smart cards and readers. “NIST is basically testing smart cards and middleware for conformance to the standards,” largely within 10 laboratories, says Curt Barker, the personal identity verification program manager at NIST.

But getting the PIV card and system components up and running, as well as imposing a timeline on developers, is a difficult challenge – so much so that the General Accounting Office (GAO) has issued numerous reports citing these challenges, David Temoshok, director for identity policy and management for the GSA, tells SecureIDNews.

“We don’t envision that we’re going to flick a switch in October of 2006 and all agencies will immediately replace their current badges,” says Mr. Temoshok. “That’s going to take several years. Implementing HPSD-12 is not about buying the right cards, it is about deploying systems across multiple government organizations that can be trusted and interoperate.”

Existing government-issued smart cards close but not entirely PIV

Some agencies have been issuing smart cards for employee identification for some time. For example, the Department of Defense (DoD) has issued more than 8.8 million smart cards called Common Access Cards (CAC) across the military branches, and there are currently 3.2 million active CACs in the field, says a DoD spokeswoman. But, according to Mr. Barker, there are certain aspects of the CAC card that made them a no-go for a national, all-agency implementation, per the HPSD-12 mandate.

“It really wasn’t that the common access card was deficient,” says Mr. Barker. “It was something that was designed for one department and was useful for some others, but we needed to specify something that met the needs and constraints of all the departments.”

Subtle differences include the commands used to read the information on the card, and some elements of the information itself. In other words, there is employee information on the DoD’s CAC card that other agencies might not want to put on their employee access cards, such as military rank, says Mr. Barker.

Another issue, adds Mr. Barker, is that “the PIV standard was designed so that any of the smart card architectures could meet it. The CAC card was more tailored to some of the manufacturers than others.” Additionally, he says, “the DoD has a highly automated human resources database to go with the common access card. Not all agencies have that.”

For the government-wide deployment to be possible, a few adjustments were necessary, including the additional features such as the ability to read biometric data and contactless interfaces for physical access purposes.

With the next deadline just months away, serious challenges remain

Key challenges to deployment include the tight timeframes for NIST, GSA, and the vendor community to conduct testing and complete development on products that adhere to the government’s standards. In addition, the sheer magnitude of the project – from each agency designing its own interface to getting all issuing centers to replace old cards with new – is keeping NIST and GSA conservative in their timeline estimates.

“It’s about implementing a secure and standardized identity management system across the whole government,” says Mr. Temonshok. “The (key is) having the right and approved products that will interoperate with multiple readers but also integrate the systems across the back end.”

Though the effort required is obviously substantial, the cards will vastly improve security, says Mr. Temonshok. Government workers going from one federal building to another, for example, often have to get new security clearance and a visitor’s badge. Under HSPD-12, Federal employees and contractors will be granted trusted access to facilities and networks based on the PIV card.

“If you have the PIV card, then you know that employee has gone through background checks, and the badges can be trusted across government,” says Mr. Temonshok. “In order to have that trust, you have to read the card – so machine readability and interoperability is fundamental.”

Because the PIV card contains digital credentials -- fingerprint biometric, digital certificate, PIN -- that are used to validate the cardholder to the card, card-theft will not necessarily breach security, he adds.

Agency ‘To Do’ list for HPSD-12 compliance long but flexible

The Federal Information Processing Standard 201 (FIPS 201) specifies the technical and operational requirements for the PIV system and cards. The title of FIPS 201 is “Personal Identity Verification for Federal Employees and Contractors” and it was approved on Feb. 25, 2005. In essence, it is the standards document that details procedures for the issuance of PIV cards to meet the HSPD-12 mandate.

According to NIST, the primary requirements for implementing FIPS 201 include the “issuance of identity credentials that consist of public key infrastructure (PKI) and biometrics technology on a smart card.” They suggest that the high-level agency requirements include:

Identify the facilities, systems, and other applications that will use the PIV standard
Obtain the services of an accredited PIV card issuer
Review and revise procedures for PIV card applicants to provide acceptable identity, source documents (i.e., OPM I-9) and complete PIV card application
Obtain services for capturing biometric information as specified in the FIPS 201
Obtain PIV card readers with biometric readers as needed
Procure cards, readers, and PKI services conforming to FIPS 201
Enable applications to use the PIV card
Operate and maintain a PIV card authentication and personal identity verification system.
While cards must conform to certain standards outlined in HPSD-12 and accompanying standards published by NIST, agencies have a certain amount of flexibility in how they want the cards to look and what information the cards should contain.

For security purposes, cards will have a preset lifecycle.

“The key information changes every three years because you don’t want to rely on the same variable information for too long because there are other ways, besides computationally breaking it, that it can be lost or exposed,” Mr. Barker says.

“We’re trying to design electronic aspects of the card so if an adversary knows the design, they still won’t be able to exploit that knowledge,” Mr. Barker says. “The cryptographic algorithms have to be strong enough that even if the other person has the algorithm, without private key variable information, they can’t take advantage of that knowledge.”

ABN Amro to issue EMV debit cards in Holland

23/5/2006

In June 2006, ABN AMRO will become the first bank in the Netherlands to issue debit cards with an EMV chip.

Earlier this year, all ABN AMRO's Dutch ATMs were made EMV-compliant. EMV is a global standard established for payment cards and terminals by Europay, Mastercard and Visa. By making use of EMV chip technology, fraudulent ATM withdrawals with a copied debit card will become a thing of the past. The implementation of EMV in debit cards and ATMs is in line with ABN AMRO's policy of offering payment products that are secure and up to date.

EMV uses modern chip technology to replace the magnetic stripe technology currently in use. ABN AMRO's EMV-compliant debit cards and ATMs are part of a larger programme to make ABN AMRO's entire Dutch card business EMV-compliant. (In March 2005, ABN AMRO became the first Dutch bank to issue EMV credit cards).

EMV has also been adopted as a standard by SEPA (Single Euro Payments Area), an initiative by the European Commission, the central banks in the euro-zone and the European Payments Council to transform the euro payments area, currently divided largely by national boundaries, into one unified payment area without boundaries.

EMV chip migration stops counterfeit fraud in M'sia

20 May, 2006

Kuala Lumpur: Counterfeit fraud on credit cards issued in Malaysia has disappeared, with the country being the first in the Asia Pacific to complete the EMV (Europeay, MasterCard and Visa) chip migration.

Visa Asia Pacific, in stating this, said Malaysia was the first country to complete a national EMV chip-card adoption programme, converting all credit cards to the EMV chip by December 2004 and all card terminals by December 2005.

In a statement Thursday, the company said in Malaysia, 4.8 million EMV chip cards were issued by Visa's member banks as at end-2005, an increase of 85.7 percent over the 2.6 million cards in 2004.

EMV chip cards are payment cards carrying an embedded microchip. Compared with magnetic stripe cards, the computing power of the chip enabled the cards to offer greater security by protecting against "skimming" or copying the contents of the magnetic stripe.

Visa Asia Pacific said the EMV chip migration continued to gain momentum with more than 43 million EMV-compliant chip cards issued in the region as the end of 2005, registering year-on-year growth of more than 43 percent.

The number of EMV chip terminals in the region has risen to more than one million, up 105 percent over the previous year, it said.

It added that the EMV chip cards are in use in 18 markets across the region, with Japan, Taiwan, South Korea and Malaysia having national migration programmes underway.

"EMV chip is the solid foundation upon which, not just the security elements, but the other consumer interests can be met, that of convenience, flexibility and variety," said Visa Asia Pacific's regional head of emerging product and technology, Paul Jung.

"EMV chip migration must be accelerated or banks will run the risk of missing out on the tremendous opportunities open to us now, and pay a higher price for it down the road," he said. - Bernama

Fast Phil's To Offer Finger Scan Payments

Pay By Touch has announced that Fast Phil's, operator of 11 convenience stores in Spartanburg, Union and Chester counties in upstate South Carolina can now pay using a finger scan. Among the benefits of convenience of this form of payment, Pay By Touch is also highlighting that the consumer's payment information is protected from disclosure to even the store's employees.

"The system debits a shopper's checking account just like writing a check or using a debit card, but without having to hassle with wallets, cards, PINs, paper or checks," said Ben Willard, Vice President of Fast Phil's. "Because account numbers are not exposed, the finger-scan technology is helping us provide our customers with faster checkouts and more secure transactions."
As an introductory offer, customers who enroll in the new finger scan service will receive a large coffee or fountain drink and a Nestle candy bar, plus they will receive a 2 cent discount on each gallon of gas purchased. Signing up is free, takes just a couple of minutes at the Fast Phil's stores, or online at http://www.biopay.com, and consists of simply providing identification, checking account information, and a finger scan. Once signed up, customers can immediately make purchases with the touch of a finger at any Fast Phil's location.

Besides convenience, finger-scan payments provide the ultimate security. No one -- not even the store associate -- sees the checking account number, or the payment method used to make purchases. Customer information is securely stored and never sold.

"Paying with the touch of a finger is a win-win for consumers and merchants," said John Rogers, founder, chairman, and CEO of Pay By Touch. "Shoppers can conveniently and securely make purchases with the confidence that their personal information remains secure before, during, and after the transaction."

Mozambique: Malaysia to Help Country Develop 'Smart Card'

Agencia de Informacao de Mocambique (Maputo)

May 24, 2006 Maputo

The Malaysian government has pledged to help the Mozambican authorities develop a "Smart Card", which will allow Mozambican citizens to have all their key documentation on the same electronic card.  To this end, Mozambique's Minister of Science and Technology, Venancio Massingue, on Wednesday signed an agreement in Maputo with the Malaysian Deputy Minister of Science, Technology and Innovation, Dato Kong Cho Ha, who is on a three day visit to Mozambique. 

"Once the smart card strategy is implemented, any Mozambican can have documents such as his identity card, passport and driving licence, among others, on the same card", said Massingue.

He said this understanding resulted from contacts last November between Mozambican President Armando Guebuza and Malaysian Prime Minister Abdullah Badawi, during a "Smart Partnership" forum in Lesotho, at which the two leaders agreed their countries should cooperate in the technology area.

The visit by the Malaysian delegation seeks to identify specific areas of cooperation, particularly in applications of information and communication technologies. This could involve commercial use of computer technologies, and also the development of software for the health and education services. 

Massingue added that Malaysia has pledged to assist the Mozambican authorities' "e-government" strategy, particularly in areas such as land management, and the management of the financial system.

The Wednesday agreement also opens the door to working with Malaysia on drafting "cyber-laws" - legislation governing the use of computer technology.

Other areas of cooperation include biotechnology (and its applications to agriculture, industry and health), renewable sources of energy, and low cost building materials.

The Malaysian Deputy Minister made a positive assessment of his visit, and said his meeting with Massingue "allowed the identification of areas where Malaysian involvement could give added value".

Thursday, May 25, 2006 20:59:20 Vietnam (GMT+07)

Eastern Asia bank’s hybrid cards to debut in Q3


The southern Ho Chi Minh City-based Eastern Asia Bank (EAB) is to launch hybrid bank cards in the third quarter this year, enabling more non-cash payments, a top bank official said this week.
The hybrid bank card, that uses a magnetic strip and a chip would allow for the storage of more information and enhance security, according to Tran Binh Phuong, the bank’s general director.

The hybrid card can be used at all automated teller machines (ATM) and point of sale sites in the country.

Binh said magnetic strip cards make up the majority used by consumers however, the switch to using chip cards would be more commercially practical as chip card readers were more compact and cheaper to run than those for magnetic cards.

For convenience, the bank has designed a hybrid version for magnetic and chip card readers for cardholders in the country, which is recognized by VISA.   EAB would launch the first 5,000 such cards in early July as part of master plan to issue 100,000 cards from 2006-10, Binh said.

In a bid to promote card payments in cash-based system in Vietnam, the bank is working with Petrolimex, the country’s leading petrol traders, to use cards that can be used for gasoline and other oil products at pumps.

The state central bank has called for other commercial banks to set up card payments to reduce heavy dependence on cash

Ethiopian Bank Launches EMV Card Program

(2006-05-26)

Dashen Bank SC, a privately held bank in Ethiopia, has launched a smart card program using software from ACI Worldwide, a U.S.-based developer of payment-processing software. In a statement, ACI says the bank will use its Base24 software application to support the bank's launch of Visa-branded debit and credit cards that comply with EMV, the global payment standard for smart cards. According to ACI, Dashen will use the Base24 software to authorize both point-of-sale and ATM transactions and route them across its network. In addition, ACI says, the Bank will use ACI's Card Management System software to manage the card accounts and its Smart Chip Manager application to personalize the cards' chips. In the future, ACI says, the bank will be able to use Smart Chip Manager to add new applications to the cards.

05/22/06 issue

State to DHS: Take a pass on using long-range RFID
Technical commitee backs claims about security shortcomings


By Jason Miller, GCN Staff

Data Security Issues: “We are putting [in] a 96-digit random number that points to our database. ... Someone would have to hack our database to find out your information,” said Jim Williams of U.S. Visit. The State Department has learned the hard way over the past year that choosing long-range radio frequency identification for moving people across the border is fraught with peril. The hullabaloo over development of its electronic passport made that clear.

Now, State officials are trying to pass those tough lessons on to the Homeland Security Department as the two agencies debate how to construct the People Access Security Services card. DHS officials, however, say they’re determined to stick with RFID.  Their determination to do so, however, faced a new obstacle last week as a DHS technical committee issued a report via the department’s Privacy Office condemning the use of RFID technology to identify and track humans because of privacy and security concerns.

State will issue the PASS card by January 2008 to U.S. citizens who frequently cross the borders with Canada and Mexico. It will help DHS meet the requirements of the Western Hemisphere Travel Initiative.  “At the end of the day, we are colored by our experience with e-passport,” Frank Moss, deputy assistant secretary of State for passport services in the Bureau of Consular Affairs, said at a recent Smart Card Alliance conference in Arlington, Va. Privacy experts worried that someone equipped with a card reader close to the passport holder could intercept, or “skim” personal data.

Their concerns were featured in a draft report written by a DHS technical committee and issued by the department’s Privacy Office that strongly condemned the use of RFID systems to identify and track people.  The draft report, titled The Use of RFID for Human Identification, cited the privacy and security risks the technology poses. The report went on to propose specific security and privacy safeguards and best practices.

The DHS Emerging Applications and Technology Subcommittee of the Data Privacy and Integrity Advisory Committee, which drafted the report, said that RFID systems’ small reduction of the time need to process people at checkpoints was far outweighed by the technology’s privacy risks.  Privacy concerns raised by nongovernmental organizations eventually drove State’s Consular Bureau to reinforce the documents’ data security.

To foil interception of the personal data on the passports’ RFID chips, State added an electrostatic shield and Basic Access Control, a means of securing the data transmission between the passport and reader.   State started to roll out the new, better-secured passports last month to government employees and will issue them to other citizens starting in August, Moss said.  Now, that same debate over security and privacy has moved to the PASS card.

Basically, the PASS card would become a mini-passport for citizens who frequently cross the border. The wallet-sized identification card would let citizens move through quickly, without holding up traffic.  Moss said State wants to issue a request for proposals in the next few months and start issuing cards this year. “Ninety-five percent of the design of the cards is done,” he said. “We want to start producing cards within the next nine months.”

The point of contention is that DHS wants to use the RFID technology commonly used for supply chain logistics, in which a device can read the tags at a distance of 30 feet to 50 feet.  But State is pushing for the short-range technology used in e-passports, based on contactless smart card technology.

Jim Williams, director of DHS’ U.S. Visitor and Immigrant Status Indicator Technology program, has maintained that the technology State wants to use would take too much time and cause too much disruption at the borders.  “If you add a few seconds to each person crossing the border, that adds up to hours a day,” Williams said, also at the Smart Card Alliance conference.

Williams said he doesn’t buy the argument that UHF RFID is less secure than contactless smart-card technology. “We are concerned about privacy and would put the card in a protective sleeve,” Williams said. “We are putting a 96-digit random number that points to our database on the card. So someone would have to hack our database to find out your information.”

Senior Writer Wilson P. Dizard III contributed to this story.

 Smart cards lower credit card fraud in M'sia

By Vivian Yeo, ZDNet Asia

Wednesday, May 24 2006 08:20 PM

Smart cards have helped Malaysia significantly reduce losses due to counterfeit-related fraud, according to Visa.  Speaking at a conference on IT governance in Singapore Tuesday, Ingo Noka, Visa Asia-Pacific's head of payment security services, said there was virtually "no counterfeit fraud in Malaysia" as at September 2005.

In contrast, Visa had lost about US$400,000 through counterfeit-related fraud in November 2004, according to notes in one of Noka's presentation slides.

Noka noted that Malaysia had replaced its magnetic-striped credit cards with chip-based ones early last year, he told ZDNet Asia in an interview.

According to Noka, the reduced counterfeit losses is an indication that smart card technology is more secure than magnetic strip and not economical for crime syndicates to copy.

The bad news, however, is that fraudsters have moved to neighboring countries such as Thailand, said Noka. Statistics from the e-payment provider show a huge spike in counterfeit-related activity in Thailand between March and June last year.

Other forms of fraud, such as those committed using stolen credit cards, are also on the rise, he added.

While Malaysia has succeeded in stemming fraud committed using counterfeit credit cards, other countries may not yet follow suit because of the resources required. Citing Thailand as an example, Noka said: "[Visa] members are very keen to move the chip migration forward a little bit faster than in other countries…[but] it's always a balance of cost and security, because chip migration takes time and will require investment."

According to Noka, Visa is also keen to adopt two-factor authentication for online payments. Banks in Europe and Asia have already implemented or are planning to implement the use of a second factor for Internet banking. Over time, two-factor authentication can be expected to extend to the area of payment, he added.

In the Asia-Pacific region, Visa lost about US$152 million to fraud in 2005, a 5 percent increase over US$146 million in 2004. Globally, fraud-related losses jumped 19 percent, from US$2.1 billion in 2004 to last year's US$2.4 billion.

Last October, Visa announced a US$200 million effort to combat fraud. It also offers credit card merchants and processors in the Asia-Pacific region a quarterly vulnerability scanning and self-assessment services to determine if they comply with the Payment Card Industry Data Security Standards.

Cards Today, Phones Tomorrow: ABI Research Previews Contactless Payment's Migration to NFC-enabled Devices

OYSTER BAY, N.Y. --(Business Wire)-- May 23, 2006 --

Card-based contactless payment systems may be new, but the signs already point to a coming migration from cards, with their limited functions, to mobile handsets making use of Near Field Communications (NFC) to enable a whole range of sophisticated services including, but not limited to, contactless payment. This migration will offer market participants a constantly changing and expanding set of opportunities to cement customer loyalty and reap the benefits of co-branding and cross-promotion.

When ABI Research first examined the contactless payment market one year ago, it forecast that over 10 million contactless payment cards would be issued in North America during 2005. As the year drew to a close, that forecast proved highly accurate. With another year's worth of insight into market dynamics, the latest update to the firm's "Contactless Commerce Research Service" concludes that over 40 million cards, mini-cards, and fobs will ship globally in 2006.

"Contactless commerce is on a steep growth curve, but cards are only an intermediate step," says Erik Michielsen, director of ABI Research's RFID and M2M practice. "By 2010, more than 50% of cellular handsets--some 500 million units--will incorporate NFC capabilities that will be used not only for payments at points of sale and remotely, but also to access information from 'smart objects.' Imagine, for example, seeing a poster advertising a concert you want to attend. Hold your phone near the poster, and it connects you to a website where you buy your tickets, download them to the phone, and tap the phone at the turnstile to enter the show."

That one example suggests the multiple opportunities that will arise as this technology moves from card to phone. "Technology vendors, cards issuers and a wide variety of service and product providers will have to think holistically," says Michielsen, "not just about the technology--the silicon, antenna, memory and software--but about how to use the wealth of real-time usage information that more sophisticated systems can provide."

Michielsen adds that a key long-term challenge for the industry will be the management of customer relationships and brand identity across integrated payment platforms. "Within NFC, carrier and issuer cooperation has been inconsistent thus far, but consumer expectations will create increasing market pressure for industry players to find common ground on mutually agreeable business models."

The Contactless Commerce Research Service addresses infrastructure, suppliers, marketing strategies, form factors and performance via research reports, regular market updates, forecast and industry databases, ABI Insights and analyst inquiry time.

EU Regulators Clear The Way For Gemplus-Axalto Merger

Card Technology –By Dan Balaban (2006-05-19)

France-based smart card vendors Gemplus International and Axalto are on track to complete their planned merger by this summer, following approval of the deal today by European Commission antitrust regulators.

The new company, Gemalto, will stand as a giant among card vendors, with Gemplus and Axalto having controlled 45% of worldwide banking smart card shipments last year and more than half of shipments of subscriber identity module cards for mobile phones. They had combined sales last year of 1.8 billion euros (US$2.2 billion) and a total of 11,000 employees.

But the regulators had been more concerned about the thousands of patents on smart card technology the two vendors together control and their expected dominance of software used by mobile operators to communicate over the air with SIM cards in subscriber handsets.

The vendors quelled the concerns by committing to license their patents to other vendors for 10 years and to keep their over-the-air platforms compatible with SIM cards from competitors.

“The conditions to this clearance are consistent with longstanding industry practices and will benefit the continuing growth of our industry,” said Gemplus CEO Alex Mandl in a statement.

Some European mobile network operators had expressed concerns the pairing would discourage innovation. Other observers wondered whether Gemalto would be big enough to muscle prices on SIM and banking cards. European regulators rejected both notions, concluding the merger “would not directly lead to price increases or to a decrease in the pace of innovation.”

Competitors, including Germany-based Giesecke & Devrient, Oberthur Card Systems of France and Franco-German company Sagem Orga–the third, fourth and fifth largest smart card vendors last year, respectively-didn’t reportedly oppose the merger. They believe they will pick up market share, especially in sales of SIM cards, as mobile network operators take precautions to diversify their supply. And operators are confident there will be alternative vendors to turn to. “We’re not overly concerned,” said one procurement executive for a top five network operator group in Europe. “We can continue to multisource.”

Regulators declined the option of launching a more in-depth 90-day inquiry into whether Gemalto would have an adverse impact on competition in Europe. U.S. antitrust regulators had earlier given their tacit approval to the deal.

Observers expect the vendors to use their added buying clout to extract lower prices from chip suppliers. This and their greater economies of scale could help Gemalto absorb the impact of the accelerating fall in SIM card prices and to keep margins up, says Bertrand Laport, a financial analyst with Fortis Bank in Paris.

And the mega-vendor is also expected to go after new markets, some outside of the smart card industry, such as network security and systems integration.

Axalto chief executive Olivier Piou, who will become Gemalto’s CEO, has not denied the new vendor would cast its eyes outside of the smart card arena. But he’s declined to discuss possible new business lines.

Piou has said one of the major targets for the larger vendor would be spreading smart card technology to a variety of networks and devices. Smart cards or chips could secure network access for corporate and government employees, as well as e-commerce and other Internet-based services, he says. While the smart card industry has gone after these markets before without much success, he believes the time will soon be right to capture them.

“When the pain gets great enough, e-commerce leaders, too, will also turn to smart card technology for security, just as mobile communications, banking, (cable and satellite) broadcasters and governmental agencies did before them,” he said in a recent speech. “It’s one of the reasons we did that merger, we need to have more resources available to tackle all of those new applications.”

Gemalto will structure itself into six geographic regions and has already named executives to serve as regional presidents, all of whom will report to Piou. Mandl will serve as executive chairman of Gemalto. Both Piou and Mandl, when they announced the merger in December, pledged not to lay off employees in sales and marketing, R & D or close any of the vendors’ combined 21 production plants. They have since repeated the pledge several times, perhaps to discourage employees from looking for jobs elsewhere. “We have in front of us many more opportunities than we can tackle,” Piou said.

Some administrative positions will be cut with the consolidation.

Report warns RFID is not best for tracking people

Supporters, critics disagree about whether the technology can protect privacy

BY Michael Arnone

Published on May 19, 2006

Radio frequency identification technology in secure travel documents could harm national security and personal privacy, according to a draft report the Homeland Security Department released last week.

DHS and other federal agencies use RFID to efficiently track and identify equipment and other goods, wrote the report’s authors, who are members of DHS’ Data Privacy and Integrity Advisory Committee’s Emerging Applications and Technology Subcommittee. But they warned that using RFID technology to track people is not a good idea.

Without formidable safeguards, RFID technology in identification cards and tokens could allow others to track individuals’ movements, profile their activities, and manipulate identification and other information, the report states. RFID will make people more prone to surveillance and less aware that others are tracking them. Users also won’t know what information they are sharing, the report states.

The report relates to the proposed People Access Security Service (PASS) cards, which DHS and the State Department want to create as an alternative to passports for U.S. travelers returning from Canada or Mexico. PASS cards would meet the requirements of the Western Hemisphere Travel Initiative, which mandates that by Jan. 1, 2008, anyone entering the United States, including U.S. citizens, have secure travel documents that prove their identity and citizenship.

For the PASS cards, State wants to use contactless smart cards that contain a small microprocessor that transmits encrypted data on the users’ cards at a range of 5 inches. The U.S. Customs and Border Protection agency wants border inspectors to be able to read PASS cards as far as 30 feet away, which would require RFID tags embedded in the cards. A tag transmits a 96-digit unique identification number that links to personal information stored in a secure, central database.

RFID offers little advantage in processing speed compared with contactless smart cards, bar codes and other technologies, the report states. RFID also does not provide reliable identification because the tag alone does not identify a person, it states. RFID doesn’t offer better anti-forgery or anti-tampering features than other technologies do, and its use of radio adds risks that nonradio systems don’t have, according to the report.

Industry experts have mixed opinions about the report. Neville Pattinson, director of business development, technology and government affairs at Axalto, which makes contactless smart cards, said the use of low-end RFID is inappropriate for any federal identity document program.

But others discredited the draft report. Timothy Heffernan, director of government relations and public affairs at Symbol Technologies, which makes RFID products, said the report has a lot of ill-

informed data on how the technology works. RFID tags adequately protect users’ privacy and have plenty of safeguards to prevent tampering and forgery, Heffernan said. Tags don’t make it easier to put users under surveillance, he added.

DHS takes the report’s recommendations seriously, said Jim Williams, director of DHS’ U.S. Visitor and Immigrant Status Indicator Technology program, which screens for terrorists among foreign travelers.

Williams said he disagrees with the report’s contention that RFID doesn’t offer more benefits compared with other technologies. RFID offers abilities that DHS doesn’t have today, such as being able to send traveler information to guard stations before travelers arrive and filter those records through criminal and terrorist watch lists, he said.

RFID would also allow DHS to record the entry of people, which is important for security, Williams said. The federal government has used RFID successfully for years, he added. Trusted traveler programs such as NEXUS, Secure Electronic Network for Travelers Rapid Inspection, and Free and Secure Trade all use RFID technology to process travelers quickly while maintaining border security.

The full privacy committee is scheduled to review the draft at its quarterly public meeting in San Francisco June 7.

German stadiums embed chips in 2006 World Cup tickets

Monday, May 8 2006 (This article originally appeared in a 2005 issue of RFIDOperations)

By Rhea Wessel, Contributing Editor, RFIDOperations

COLOGNE, Germany—The world’s most popular sporting event will be RFID-enabled. The 2006 World Cup soccer tournament will feature RFID-based electronic admission tickets at the games’ 12 German venues.

World Cup organizers announced last year that they wanted to install the admission control system by the end of 2004. It’s not in place yet, so while the initiative appears to be behind schedule, at least one of the 12 stadiums in the tournament—Cologne’s 1. FC Köln Rhein Energie Stadion—has taken matters into its own hands to be ready for the start of play.

Held every four years with teams from more than 140 countries participating, the World Cup tournament is the most important competition in international football (soccer). Organized by the Fédération Internationale de Football Association (FIFA), the sport’s governing body, the tournament is the most widely viewed and followed sporting event in the world.

National teams compete over a two-year period in regional qualifying tournaments for a place in the finals. The next finals tournament begins in June 2006, with matches at stadiums in Berlin, Dortmund, Frankfurt, Gelsenkirchen, Hamburg, Hanover, Kaiserslautern, Cologne, Leipzig, Munich, Nuremberg and Stuttgart.

Royal Philips Electronics won a contract to provide many of the chips for the 3.2 million tickets that will be needed at those stadiums, according to tournament organizers.

Jens Grittner, a FIFA World Cup spokesman, says they considered a chip or a barcode solution to improve their control of access to the games. RFID-based chips were picked because of security and ease of use. The chips will make the hard-to-come-by tickets difficult to counterfeit and will help organizers keep people from passing on their tickets to others once they are inside the stadium. And tickets will be quickly and easily validated when held 10 centimeters in front of a proximity reader. FIFA says the chips will store access information only; personal information such as names will not be included.

“We decided on a chip-card admission system because we wanted to modernize stadiums participating in the games, and we sought a long-term way to do this. Starting in 2006, all Bundesliga [German soccer league] stadiums will also use electronic admission systems,” said Grittner. For the World Cup games, chips will be embedded inside regular paper tickets that can be imprinted with sponsor logos and kept by fans as souvenirs.

The AufSchalke Arena in Gelsenkirchen, which will host World Cup games, has been using electronic admission tickets since it opened in 2001. Thomas Spiegel, a spokesman for the stadium, says their system, based on a Siemens chip, has been well received by soccer fans. The entrance system at Gelsenkirchen will be adapted to read World Cup tickets, but work on the project has not yet begun. “A test run of the new technology has been announced but not started,” Spiegel says.

Season ticket holders at Cologne’s 1. FC Köln Rhein Energie Stadion began using credit-card sized and shaped plastic entrance tickets with a Philips MIFARE DESFire chip in August 2004. They are read with a MIFARE DESFire SAM ticketing interface. Among the reasons the stadium picked Philips was because it anticipated the decision of World Cup organizers to go with Philips, says Daniel Däuper, in the ticket management department of 1. FC Köln GmbH & Co.

For now, the system at Cologne is being used for access, planning and security. The cards speed up the entrance of fans and the data generated by the system is helping stadium operators make logistical adjustments. For instance, if they determine that a large number of fans tend to arrive at a particular entrance, organizers can post more security guards in that area. Already it appears that a southern entrance to the stadium that is near the area where fans stand rather than sit is a favored entrance.

FC Köln also benefits from extra security for the cardholders, said Markus Luidolt, Philips marketing manager for event ticketing. Each card is unique and if it is lost or stolen, operators can block the card and replace it.

The Philips chips are fully compatible with ISO 14443 type A. They are also compatible with Near Field Communications (NFC) technology, which allows people to download electronic tickets to their mobile devices and use the mobile devices to enter a venue. Philips and Sony have jointly developed an NFC solution.

The Cologne system investment was a six-figure investment and is designed to supply payment functions that will eventually boost revenues in fan shops and at concession stands, Däuper says. The electronic payment function is planned for the next season.

“Some people say sales could rise 10%, others say they could rise 40% to 50%,” Däuper said, because fans tend to spend more when they don’t have to pay with cash for their drinks and souvenirs.

The system was implemented with a host of service providers. It was purchased through Novo GmbH in Bonn and Bonn-based T-Systems, part of the Deutsche Telekom family, helped with the integration. SportFive Tixx, a software company in Hamburg, also participated. Card readers and software were provided by Axcess, a ticketing technology company based in Salzburg, Austria.

The readers can validate tickets with bar codes or chips. According to Däuper, those implementing the system encountered few problems with the chips. Work on the project began in February and was completed by June. Some software problems arose when data from some chips was transferred to new chips. During the games, an occasional card was unreadable because it was damaged by a fan. Those season ticket holders then took their cards to a service point where information was validated.

Australians ready for smart cards: Visa

May 10, 2006 - 6:44PM

Most Australians are keen to try smart card technology, according to research by credit card company Visa International.

According to the research, 62 per cent of consumers are interested in using smart cards, while 70 per cent believe they will become an important part of everyday life.

The research comes as the federal government prepares to spend $1.1 billion on rolling out smart card technology for health and welfare payments by 2010.

Visa International's executive vice president for Australia and New Zealand, Bruce Mansfield, said the research was good news for the government.

"Our research shows Australian consumers regard smart cards not merely as cards to carry out payment transactions, but also as lifestyle cards that consolidate key payment functions with personal information," he said.

"Fifty per cent said they would like to have Visa smart cards that can double as a driver's license and significant numbers said they would like to use them to track expenses, to hold cinema tickets and as a frequent flyer card."

Australians had a positive attitude towards the introduction of smart cards because of their enhanced security features, Mr Mansfield said.

Smart cards carry an embedded computer chip capable of holding 100 times more information than traditional magnetic strip cards.

This allows issuers to offer new payment options, multiple functions and better protection against fraud.

© 2006 AAP

Visa Asia Pacific chalks up more than 43 percent growth in EMV chip cards issuance

Wednesday, May 10 2006

EMV chip migration is alive and well, according to Visa Asia Pacific, which announced a 43% growth rate in compliant chip cards and a 105% increase in numbers of chip terminals. Visa's EMV chip cards are in use in 18 markets, with four–Japan, Taiwan, South Korea and Malaysia–currently in the middle of a national migration program.

Accelerated migration is critical to meet the needs of technology savvy consumers

Singapore--Visa Asia Pacific announced that the EMV chip migration continues to see good momentum with more than 43 million Visa EMV-compliant chip cards issued in the region as at the end of 2005, registering year-on-year growth of more than 43 percent. The number of EMV chip terminals in the region has risen to more than one million, up 105 percent over the previous year.

EMV chip cards are payment cards carrying an embedded microchip. Compared with existing magnetic stripe cards, the computing power of the chip means that the cards can offer much greater security as they can protect against `skimming' or copying the contents of the magnetic stripe. When a cardholder makes a purchase at a merchant, the chip card sends a different secret message to authenticate every transaction, making it practically impossible for a fraudster to steal the information to create counterfeit cards.

Visa's EMV chip cards are in use in 18 markets (Australia, Cambodia, China, Hong Kong, Japan, Korea, India, Indonesia, Macao, Malaysia, Maldives, New Zealand, Pakistan, Philippines, Singapore, Taiwan, Thailand and Vietnam). across the region. Four of the markets Japan, Taiwan, South Korea and Malaysia have national migration programs underway. In those markets which are further down the migration path, the benefits of EMV chip are already being reaped.

Malaysia was the first country to complete a national EMV chip-card adoption program, converting all credit cards to EMV chip by December 2004 and all card terminals by December 2005. As a result, counterfeit (Counterfeit fraud occurs when stolen cardholder account data is stored on the magnetic stripe of fake cards and used for fraudulent transactions.) fraud on cards issued in the country has disappeared.

"Protecting cardholders is absolutely critical - it is what our customers tell us they want - and increasingly it is technology that helps enable us to protect them. EMV chip is the solid foundation upon which, not just the security elements, but the other consumer interests can be met, that of convenience, flexibility and variety. Given the pace at which technology is changing and fueling consumer interests, EMV chip migration must be accelerated or banks will run the risk of missing out on the tremendous opportunities open to us now, and pay a higher price for it down the road," said Paul Jung, Visa Asia Pacific's regional head, Emerging Product and Technology.

Visa Asia Pacific's "Heart of Smart Chip Consumer Research" reveals that there is an increased in awareness and interest in smart cards throughout the region. Nearly two in three consumers believe EMV chip are more secure than magnetic stripe cards. Consumers also indicate that security and convenience are the two strongest factors for their preference for smart cards over magnetic stripe cards. They also expressed interest in the practical applications offered by smart cards such as usage in public transportation.

Canadian Contactless Firm Looks To UK

 (2006-05-08) - Card Technology

Dexit Inc., a Canada-based developer of a contactless payment system for low-value purchases, is exploring ways to introduce its technology to the UK market, David Campbell, the company's chief financial officer, tells Card Technology sister publication CardLine Europe. The Dexit system allows users to make purchases by tapping a key fob against a reader, with the price being deducted from a prepaid account that consumers can fund through a credit card, by direct debit from a bank account, or at a participating merchant. Campbell says that Dexit last year submitted a bid to Transport for London, the UK capital's public-transit operator, as part of TfL's search for partners to add retail payment functionality to its Oyster contactless fare-payment card. According to Campbell, Dexit was eliminated from the running last October, and TfL itself announced last week that it would shelve its electronic-purse plans because they were not economically viable.

Campbell says Dexit’s participation in the TfL bid has opened up some possibilities for future business. "Through that process, we made a number of contacts in the UK market, and some of those people we're still in discussions with about projects in the UK," he says. Dexit, which has about 50,000 registered users and 450 participating merchants in the greater Toronto area, is also exploring ways to introduce its service across Canada, Campbell says. Working in conjunction with Bell Canada, Dexit's major partner and the country's largest telephone company, Campbell says the firm has sought to add large retailers to its acceptance network in preparation for a nationwide launch. "We've not aggressively expanded the service in the last year or so," he says. "It's our view that the focus needs to be on securing major merchants because then they're a catalyst for other major merchants and small and medium-sized merchants," he says.

Executive Order: Strengthening Federal Efforts to Protect Against Identity Theft

By the authority vested in me as President by the Constitution and the laws of the United States of America, in order to strengthen efforts to protect against identity theft, it is hereby ordered as follows:

Section 1. Policy. It is the policy of the United States to use Federal resources effectively to deter, prevent, detect, investigate, proceed against, and prosecute unlawful use by persons of the identifying information of other persons, including through:

(a) increased aggressive law enforcement actions designed to prevent, investigate, and prosecute identity theft crimes, recover the proceeds of such crimes, and ensure just and effective punishment of those who perpetrate identity theft;

(b) improved public outreach by the Federal Government to better (i) educate the public about identity theft and protective measures against identity theft, and (ii) address how the private sector can take appropriate steps to protect personal data and educate the public about identity theft; and

(c) increased safeguards that Federal departments, agencies, and instrumentalities can implement to better secure government-held personal data.

Sec. 2. Establishment of the Identity Theft Task Force.

(a) There is hereby established the Identity Theft Task Force.

(b) The Task Force shall consist exclusively of:

(i) the Attorney General, who shall serve as Chairman of the Task Force;

(ii) the Chairman of the Federal Trade Commission, who shall serve as Co-Chairman of the Task Force;

(iii) the Secretary of the Treasury;

(iv) the Secretary of Commerce;

(v) the Secretary of Health and Human Services;

(vi) the Secretary of Veterans Affairs;

(vii) the Secretary of Homeland Security;

(viii) the Director of the Office of Management and Budget;

(ix) the Commissioner of Social Security;

(x) the following officers of the United States:

(A) the Chairman of the Board of Governors of the Federal Reserve System;

(B) the Chairperson of the Board of Directors of the Federal Deposit Insurance Corporation;

(C) the Comptroller of the Currency;

(D) the Director of the Office of Thrift Supervision;

(E) the Chairman of the National Credit Union Administration Board; and

(F) the Postmaster General; and

(xi) such other officers of the United States as the Attorney General may designate from time to time, with the concurrence of the respective heads of departments and agencies concerned.

(c) The Chairman and Co-Chairman shall convene and preside at the meetings of the Task Force, determine its agenda, direct its work and, as appropriate, establish and direct subgroups of the Task Force that shall consist exclusively of members of the Task Force. Such subgroups may address particular subject matters, such as criminal law enforcement or private sector education and outreach. The Chairman and Co-Chairman may also designate, with the concurrence of the head of department, agency, or instrumentality of which the official is part, such other Federal officials as they deem appropriate for participation in the Task Force subgroups.

(d) A member of the Task Force, including the Chairman and Co-Chairman, may designate, to perform the Task Force or Task Force subgroup functions of the member, any person who is a part of the member's department, agency, or instrumentality and who has high-level policy or operational duties or responsibilities related to the mission of the Task Force.

Sec. 3. Functions of the Task Force. The Task Force, in implementing the policy set forth in section 1 of this order, shall:

(a) review the activities of executive branch departments, agencies, and instrumentalities relating to the policy set forth in section 1, and building upon these prior activities, prepare and submit in writing to the President within 180 days after the date of this order a coordinated strategic plan to further improve the effectiveness and efficiency of the Federal Government's activities in the areas of identity theft awareness, prevention, detection, and prosecution;

(b) coordinate, as appropriate and subject to section 5(a) of this order, Federal Government efforts related to implementation of the policy set forth in section 1 of this order;

(c) obtain information and advice relating to the policy set forth in section 1 from representatives of State, local, and tribal governments, private sector entities, and individuals, in a manner that seeks their individual advice and does not involve collective judgment or consensus advice and deliberation and without giving any such person a vote or a veto over the activities or advice of the Task Force;

(d) promote enhanced cooperation by Federal departments and agencies with State and local authorities responsible for the prevention, investigation, and prosecution of significant identity theft crimes, including through avoiding unnecessary duplication of effort and expenditure of resources; and

(e) provide advice on the establishment, execution, and efficiency of policies and activities to implement the policy set forth in section 1:

(i) to the President in written reports from time to time, including recommendations for administrative action or proposals for legislation; and

(ii) to the heads of departments, agencies, and instrumentalities as appropriate from time to time within the discretion of the Chairman and the Co Chairman.

Sec. 4. Cooperation. (a) To the extent permitted by law and applicable presidential guidance, executive departments, agencies, and instrumentalities shall provide to the Task Force such information, support, and assistance as the Task Force, through its Chairman and Co-Chairman, may request to implement this order.

(b) The Task Force shall be located in the Department of Justice for administrative purposes, and to the extent permitted by law, the Department of Justice shall provide the funding and administrative support the Task Force needs to implement this order, as determined by the Attorney General.

Sec. 5. General Provisions. (a) Nothing in this order shall be construed to impair or otherwise affect:

(i) authority granted by law to an executive department, agency, or instrumentality or the head thereof; and

(ii) functions of the Director of the Office of Management and Budget relating to budget, administrative, or legislative proposals.

(b) This order shall be implemented consistent with applicable law and subject to the availability of appropriations.

(c) This order is intended only to improve the internal management of the Federal Government and is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity by a party against the United States, its departments, agencies, instrumentalities, or entities, its officers or employees, or any other person.

Sec. 6. Termination. Unless the Task Force is sooner terminated by the President, the Attorney General may terminate the Task Force by a written notice of its termination published in the Federal Register.

GEORGE W. BUSH THE WHITE HOUSE,

Purchase worry free!

Submitted by Paul Baranowski

05/07/2006

Mobile payment is really popular these days, especially since PayPal has launched their service with which you can pay for products through your cell phone. Seems that since that time payment using your cell phone would be easy fun and secure but never judge a book by its cover and recently two companies have been hard at work designing an even more secure way to pay using one’s cell phone. SanDisk and Philips have decided that together they can make a way with which users could actually pay without making any theoretical contact.

The payment method is still being developed and perfected but from what the current progress shows this might soon replace our credit cards, and maybe even paper money. The new technology is called “contactless payment” and what it does; it allows customers at places with drive-through windows and checkout counters to simply wave their mobile device like a cell phone near a special sensor. With that action the purchase is automatically made and the ready product is just seconds away.

With solutions like this many questions arise, like how secure is this and what about piracy? Well that’s when Sandisk with its TrustedFlash cards and Philips with its SmartMX chip come in. With both of these installed in a single NFC adapter, users can be assured that their payment will be contactless and worry-free. Since the Sandisk TrustedFlash cards are also portable memory, other information and files can be stored on the device. The NFC adapters should start popping up on the market end 2006, early 2007, so sit tight and wait with anticipations we shall.

May 5, 2006

SanDisk, Philips Team Up to Secure Contactless Payments

By Brian Fonseca

Joining forces to build stronger security capabilities for ticketing and mobile payment applications, SanDisk and Philips announced on May 3 that the companies will embed Philips' SmartMX chip into SanDisk's TrustedFlash cards for protected NFC implementations.
Widely utilized by a growing amount of mobile phone applications, Near Field Communications is a short-range wireless technology that allows customers to allow their phones to become "contactless" transaction or payment methods.

This process occurs by customers waving their phones near or across a contactless reader found at mass transit turnstiles for bus and train tickets, drive-through windows, or checkout counters for people paying for gas or buying a cup of coffee.

By combining SanDisk technology with Philips SmartMX chip set pre-loaded and post-issuance model support, handset manufacturers, mobile operators, banks and transit authorities can ensure a greater degree of security exists via NFC when contactless transitions occur, said officials of Sunnyvale, Calif.-based SanDisk.

SanDisk and Wireless Dynamics are partnering to offer NFC SDiD Adapters, plug-and-play SD and miniSD NFC adapters for all existing handsets that are not NFC-enabled.   Capable of being inserted into mobile phones or devices, the NFC adapters bundle together SanDisk TrustedFlash cards with SmartMX to open access to contactless devices using protected NFC transactions.

Additionally, the TrustedFlash cards can be used by customers to expand storage capacity for their applications and content, including personal photos, music, videos or documents.  SanDisk TrustedFlash cards featuring SmartMX technology for NFC transactions are currently available to OEMs in the microSD card format.  A variety of pilot programs for the integrated technology mobile payment technology has already begun.  SanDisk officials say they expect a widespread commercial rollout sometime in 2007.

Saturday May 6, 2006 9:58 AM EST -Source: extremetech.com

By: Dave White

SanDisk and Philips are getting together to make your mobile phone payments even more secure.

The so-called "contactless" payment methods made popular by Near Field Communications are fast being a hit among those who use drive-through windows and checkout counters. Just wave your equipped phone near the sensor, and your payment is made.

It's wireless technology brought to its natural transaction conclusion, but it does have its drawbacks—namely, that it is of necessity a signal broadcast, which invites piracy. That's where SanDisk and Philips step in. With the Philips SmartMX chip and SanDisk TrustedFlash card installed in an NFC adapter, your phone payment will be contactless and worry-free.

Not unexpectedly, the SanDisk cards are also memory expanders, allowing you more storage for whatever else is on your mobile—photos, music, files, etc.

You can get your hands on one of these adapters sometime in early 2007, SanDisk officials say.

Mobile Phones: A Key Player in Proximity Payment Systems

Michael L. Kasavana, NAMA endowed professor in hospitality management at Michigan State University, writes for AMonline about the evolution of vending machines to support contactless proximity payments.

While MasterCard, Visa and American Express have actively pursued contactless payments via stand-alone RFID technology, Discover Financial Services (Discover Card) has taken a different approach. The company is experimenting with contactless payments via cell phone and anticipates having the product in the marketplace by mid-2006. The cell phone, equipped with a NFC chip and antenna, enables consumers to settle purchases with the wave of the handset. In addition, the phone can also be used to review account balances and transfer funds between cardholder accounts using a secure PIN code.
Discover relies on NFC technology to send and receive data. With the ability to share data, a consumer could purchase two movie tickets via an NFC-enabled phone, then transfer one of the tickets to a friend's NFC phone, thereby allowing each to simply wave the phone near a reader to gain entry to the show. Moving "tap and go" from cards, tags and fobs to cell phones is the next logical progression in the proximity payment technology evolution.

Consumers Unsure of Mobile Phone as Payment Device

By Enid Burns | May 4, 2006

Mobile phones have become a fixture in the lives of just about every age group, but more than half of the young consumers who took part in the 2006 Generation X and Y payment and technology panel study conducted by Market Platform Dynamics feel the ability to use their mobile phones as a payment device is unnecessary.

Contactless payment, a credit or debit transaction through the use of a fob or technology-enabled device using radio frequency, infrared, carrier-based mobile or Bluetooth technologies, is not being immediately adopted. Thirty-eight percent of respondents claim using their phone as a payment method isn't valuable to them, saying they don't use their phones enough to make it worthwhile. Phone data usage has been slow to take off, but subscribers are beginning to use the Web for search and applications other than voice communications.

Generations X and Y behave similarly in terms of attitudes toward trying new technologies. The exceptions are youngest and oldest in the 16 to 43 year old age group. Those age 16 to 19 are more interested in trying new payment methods including mobile phones as a payment device. The older age bracket, 40 to 43, are less inclined to try Internet-based activities such as online shopping and online banking, making it less likely that group will adapt to payment via their cell phones. Online banking is taking hold among consumers, as is bill payment when implemented with the appropriate communication.

"At the outer age bands there are some differences, by and large people in their 20s and 30s behave similarly with respect to payment devices," Market Platform Dynamics President Karen Webster told ClickZ Stats.

One barrier to contactless payment is concern over security. Over 60 percent of survey respondents avoid contactless fobs at this point. Existing payment options are a concern to just 4 percent of the group.

"I would expect that today you would get something of a lukewarm reception, as we did," said Webster. "I would expect to see that change over time as devices become more prevalent and as the value proposition from the issuer develops."

Incentives may encourage use of a particular payment device if a consumer is predisposed to the method, but the report says offering a reward isn't likely to drive adoption of a controversial payment method. Men tend to be more motivated by rewards and use credit cards more often than women. Women typically use debit cards. Cash is still used predominantly by both Genteration X and Y, though it starts to be replaced by other means of payment as they age.

The findings are part of a quarterly survey of 4,000 randomly selected individuals in the U.S. between the ages of 16 and 43. Questions include preferences and behaviors toward payment and technology. Respondents were also asked to keep a diary of all transactions for one week.

Turkish Military Issuing 6,000 To 8,000 ID Cards Per Day

5 May 2006

The Turkish military expects to issue more than 2 million smart cards to its active-duty and retired soldiers and sailors through the end of 2007, says Lieutenant Commander Devrim Rehber of the Turkish Navy. Speaking this week at CardTechSecurTech, the North American smart card conference held in San Francisco, Rehber said between 6,000 and 8,000 of the smart cards are issued each day. To date, about 125,000 cards have been issued, he said. Active-duty soldiers are issued a card with a 32-kilobyte contact chip and a 1-kilobyte contactless chip. Retirees receive a card with only a 16-kilobyte contact chip. All three cards can be used for identification, electronic purse and access to health care, Rehber said. The electronic purse lets a cardholder spend preauthorized funds from a debit account. The feature is based on EMV, the international smart card payment standard. Rehber said the e-purse can be used only at some Turkish military posts. The active-duty version is also used for physical access and digitally signing electronic documents using a security technology known as PKI. The PKI application, including the digital certificates that provide the user’s credentials, require the larger 32K chip. The project started in March 2004, with initial work done by Oyak Bank acting as the integrator. Rehber said a centralized issuing center is accepting enrollment data from about 1,000 locations. (2006-05-05)

Analyst Says Acquirers Not Convinced About Contactless

Proponents of contactless payment programs have been crowing about the number of devices distributed and merchants accepting the cards and fobs. However, many merchant acquirers aren't convinced the technology delivers all that its proponents so breathlessly promise, according to Marc Abbey, a partner with U.S. payments consultant First Annapolis. Abbey notes in the April issue of the firm's Navigator report that contactless cards and fobs are promoted to merchants as offering faster transaction time and more sales than traditional magnetic stripe cards. But much of the time saving is due to "the absence of a requirement to sign a receipt for a small transaction." Acquirers tell Abbey that if the no-signature requirement were applied to magnetic stripe cards, those transactions would be a lot faster too. Abbey also questions those who report higher sales statistics. Keep in mind, Abbey writes, the sales numbers come from "parties trying to generate primary demand for the technology and do not have an interest in airing data contradictory to the stated value proposition." A fair number of merchant locations have installed contactless readers to accept the cards, but, Abbey notes, many merchants were upgrading their point of sale systems anyway. MasterCard International has reported that 30,000 merchant locations accept contactless products worldwide. More than one-third -12,000- are McDonald's Corp. restaurants. Abbey concludes there is "a certain amount of cynicism in the acquiring market right now" regarding contactless, but that the technology will see a "gradual implementation ... as acquirers and merchants go through normal (point-of-sale) investment cycles." (2006-05-05)

About 30,000 Japanese Use JCB's Contactless Payment Scheme

At least 30,000 people have signed up for QuicPay, the contactless payment network launched by JCB Co., Ltd., Japan's largest credit card company, says Julie Krueger, JCB's vice president of emerging technology. Krueger released those numbers at SourceMedia's CardTechSecurTech conference in the U.S. city of San Francisco. According to Krueger, about 7,000 Japanese merchants accept QuicPay, which uses a Japan-specific communications protocol called FeliCa. The average QuicPay transaction, which can be made either with a contactless payment card or by mobile phone, has a value of $11, she said. Late in 2005, JCB said it expected at least 500,000 consumers to sign up for QuicPay over the next three years. (2006-05-05)

News from CTST 3 May 2006

PayPass Moving Cards To Top Of Wallet

Customers are using their contactless MasterCard PayPass as intended, with over 60% of transactions under $25, suggesting consumers are keeping their cash in their wallets and paying instead with the tap-and-go cards, Cathleen Conforti, a senior vice president at MasterCard and PayPass global product manager, told attendees this week at the CardTechSecurTech2006 conference in San Francisco. She also said consumers using their PayPass cards are paying with them 85% to 95% more often than they previously used their cards. “It’s definitely their top of wallet card,” she said. Conforti declined to provide transaction statistics, but says the contactless programs issuers launched last year are doing well for this early stage of rollout. She also noted that sports teams accepting PayPass in their stadiums are explaining to fans that contactless payments will get them through concession lines more quickly. For instance, she pointed to a New York Yankees marketing piece that said, “Yankees seat cushion: $5. Spending more time on it: priceless.” Conforti said there would be significant introductions of contactless PayPass cards this year in California, Texas and Florida, but she did not provide details. She said there are more than 7 million PayPass cards in circulation worldwide. MasterCard has said at least 5 million PayPass cards or keyfobs are circulating in the U.S. (2006-05-03)

Smart Card may be the future of IDs

5/3/2006 8:34 PM

By: Reagan Hackleman

This ID-card can hold all of your personal information.
The MyKad Smart Card is used by 18 million people in Malaysia.

Your driver's license, passport, bank card and medical history can all be stored on the credit card-sized piece of plastic.  "It's a trade off between the ease of use and security," The University of Texas' Vice President of IT Dan Updegrove said. The technology can also be very helpful, he said.  "If you're far from home and have an accident, you sure would like the local doctors to know enough about you to treat you. On the other hand, you're forgetful and there's a bad guy out there, then you have a problem," Updegrove said.

Finding a solution to that problem is one of the goals during the World Congress on Information Technology, which Austin is hosting.  Participants at the WCIT developed a card to store personal and medical data about you.  "So, we really got down to the issue that standards really need to be put in place that will allow people to freely share identity, to freely prove identity in order to facilitate many of the things we want to happen in the future," Fred Dillman of Unisys said.

There is too much impersonation taking place and something has to be done, Updegrove said.   "There's too much private information going around being protected only by a password and people don't choose good passwords," Updegrove said.

MasterCard(R) PayPass(TM) Continues to Be the Faster and More Convenient Way to Pay

Seven Million PayPass Cards and Devices Issued to Consumers and 30,000 Merchant Locations Accepting PayPass Globally

PURCHASE, N.Y.--(BUSINESS WIRE)--May 2, 2006--The MasterCard® PayPass(TM) contactless payment solution continues to provide consumers with a faster and more convenient way to pay for their small ticket purchases. To date, approximately seven million PayPass cards and devices have been issued to consumers and PayPass is now accepted at approximately 30,000 merchant locations around the world.

There are a number of PayPass-related programs currently underway in ten countries around the world. PayPass rollouts and trials have been announced in the United States, Canada, United Kingdom, Japan, Korea, Lebanon, Malaysia, Australia, Taiwan, and the Philippines, with many more programs and rollouts anticipated throughout 2006. In recognition of its success in leading the contactless payment market with its innovative PayPass program, MasterCard was recently awarded Frost & Sullivan's "2006 Market Penetration Leadership Award."

PayPass offers consumers a convenient alternative to cash that allows for small ticket purchases to be completed quickly, securely and easily. Consumers no longer need to fumble for cash and coins, swipe a card, or sign a receipt for any PayPass purchase under $25 (purchases over $25 will require a signature and a receipt). Users simply tap their PayPass-enabled card or device on the PayPass reader at participating merchants and they are on their way.

"These past few years have been an exciting time for the payments industry. Contactless payments have expanded from a series of regional trials to a broader, more nationwide, and increasingly global, adoption of this new way to pay for everyday purchases," said Art Kranzley, executive vice president, Advanced Payments, MasterCard International. "The real power behind contactless payments is that it benefits everyone in the value chain - consumers, financial institutions and merchants alike."

PayPass allows financial institutions to offer customers more payment options and it helps increase GDV for issuers by attracting payments away from cash, increasing accountholder loyalty for their card programs and opening up new acceptance opportunities for "quick pay" environments. In the U.S., Chase, Citi, Citizens Financial Group, Inc., GE Consumer Finance, HSBC, KeyBank, MBNA and Peoples Bank of Paris, Texas have all begun offering MasterCard PayPass-enhanced payment programs to their accountholders. PayPass technology enhances any payment account it is added to - be it a credit, debit, pre-paid/stored-value, co-brand, small business or private label account.

PayPass technology can be found in a number of different forms. PayPass cards include magnetic stripe technology, so the cards can also be used in the traditional manner anywhere MasterCard is accepted around the world. In regions where EMV smart cards are predominate, such as Europe and the Asia/Pacific, OneSmart PayPass(TM) combines both contact and contactless interfaces on one chip. PayPass technology can also be used in a number of devices, such as a convenient payment tag that fits on a key chain for easy access, and in mobile phones.

MasterCard PayPass also allows merchants to function more efficiently and serve their customers better. PayPass speeds consumers through the check-out process, reduces cash handling, improves efficiency and provides competitive differentiation. McDonald's was the first merchant to announce its acceptance of PayPass in August 2004, and additional U.S. merchants quickly followed - including 7-Eleven, CVS, Duane Reade, Subway, Regal Entertainment Group, Wawa, Sheetz, Central Parking, Meijer Stores, Ritz Camera Centers and Boater's World Marine Centers.

Interest in PayPass has not been limited to retail establishments. PayPass technology has proved popular in sports facilities as well, and PayPass is now accepted in many Major League Baseball and National Football League stadiums, as well as at numerous golf events. MasterCard and its partners will also be conducting contactless payment trials for transit programs, such as with Citi and the MTA in select NYC subways, while trials continue with the vending industry as well.

Global Interoperability Is Key

The importance of a common user experience at the point of sale also led MasterCard, Visa and JCB Co. Ltd. to reach an agreement to utilize the MasterCard PayPass ISO/IEC 14443 Implementation Specification as a common communications protocol for radio frequency-based contactless payments. The agreements ensure that cards and terminals supporting all three payment organizations' contactless payment applications conform to the same communications protocol and undergo equivalent testing, thus ensuring interoperability across brands as well.

"We understand that global interoperability is vital to the success of any payment program. MasterCard PayPass was designed using globally interoperable standards, to ensure that it will work consistently around the world wherever it is accepted," said Cathleen Conforti, senior vice president and global PayPass product manager, MasterCard International.

Strong Marketing Support

MasterCard launched a multi-layered national and regional consumer awareness campaign to promote PayPass - including television, newspaper, magazines, Internet banner advertisements, giant billboards in Times Square in New York City, posters on subways, buses, and commuter trains. In fact, the MasterCard PayPass "Marathoner - Convenience Store" 15-second spot was named to Adweek's "Best Spots of the Month" list for January 2006. MasterCard will continue to build broad awareness of PayPass nationally throughout 2006.

National Bank of Bahrain successfully completes the EuroPay, MasterCard & VISA certification for cards

National Bank of Bahrain (NBB) recently announced that it is the first in the Kingdom of Bahrain to fulfill and complete the EMV certification (EuroPay, MasterCard & VISA), which means chip-based Credit Cards from VISA and MasterCard issued worldwide are now accepted by NBB's ATMs and Point of Sales machines.

News from CTST - 2 may 2006

Visa Issuers Can Offer Contactless Mini-Card

Two technology vendors announced today at SourceMedia’s CTST trade show in San Francisco that they have joined forces to offer a contactless mini-card that meets Visa USA standards and is small enough to slip onto a key ring. Inside Contactless, a France-based smart card chip developer, supplies its MicroPass chip, and Germany-based smart card vendor Giesecke & Devrient provides the card. “The speed and convenience of contactless payments absolutely applies to alternative form factors like the Visa Contactless Mini Card,” Brian Triplett, Senior Vice President of Emerging Product Development at Visa USA, said in a statement. “At half the size of a standard Visa card, the Visa Contactless Mini Card offers more payment choices to cardholders and supports the momentum for contactless payments in the U.S.” Contactless technology allows consumers to pay by waving a card, fob or other chip-carrying device near a terminal. More than 11 million contactless cards have been issued in the U.S. in the past year by issuers of Visa, MasterCard and American Express, and more than 25,000 merchants are equipped to accept the tap-and-go cards. (2006-05-02)

News from CTST 2 May 2006

Contactless Moves to Center Stage

Contactless payments may have reached a milestone with reports that as many as 10 million cards and keyfobs with the technology have been distributed, and that a major restaurant chain will accept the technology by the end of the year. Late yesterday, Arby's Restaurant Group Inc. reported it would begin this fall accepting the three major contactless payment technologies - MasterCard International's PayPass, American Express Co.'s ExpressPay and Contactless from Visa. Atlanta-based Arby's claims more than 3,500 franchised and company-owned restaurants in 48 states. Acceptance will be phased in at 1,000 company owned stores with franchisees given the option of implementing the technology. MasterCard today announced that 7 million of its PayPass contactless cards and keyfobs are in consumer's hands. In February, AmEx announced it had distributed 2 million cards with its ExpressPay device. JP Morgan Chase & Co. has also been an active issuer of Visa blink cards with contactless technology. An Arby's statement says it is implementing the technology because it makes checkout fast and easy. Gavin Waugh, Arby's senior director of treasury, says Arby's wanted to be an early adopter of the technology. "Contactless is the wave of the future. There's a benefit to get in early," says Waugh. He says Arby's is using payment terminals from Vivotech. Arby's will accept contactless payments in store and at drive thru windows. The payments industry may have successfully launched contactless technology with the product finding acceptance by consumers, merchants, and issuing banks. Arby's may be early but its fast food competitor McDonald's Corp. is accepting contactless payments at more than 12,000 restaurants. Issuers of the PayPass enabled devices include JP Morgan Chase, HSBC, MBNA, and Citibank. AmEx, MasterCard and Visa have waived a signature requirement for many transactions under $25, making the checkout even faster. Triarc Co. Inc owns Arby's. (2006-05-02)

Nokia and Visa test mobile payment

Jo Best

silicon.com 2 May 2006

Nokia and Visa are the latest twosome to climb aboard the NFC bandwagon, giving credit card users in Malaysia a chance to pay for goods with their phones.

Visa will be installing 2,500 Visa Wave readers -- which can deduct payment from a user's credit card when an NFC phone linked to the account is pressed against it -- across the country and enlisting 200 guinea pigs in Kuala Lumpur to try out the technology.

The trial will run for four months and, if it proves successful, may spark a full commercial rollout. A similar technology is already in use in Japan, where local mobile operator NTT DoCoMo has launched its own credit card brand, iD, which enables consumers to pay for items with their 'wallet phones'.

Currently just one Nokia model is available with the Visa Wave service, the 3220, which is equipped with contactless technology using an NFC 'shell'. Risto Sitila, Nokia's head of consumer solutions for the Asia Pacific region, said that Malaysia had been chosen to host the experiment as it is an "advanced" payments market, unlike Europe.

"Europe is a bit behind in contactless. But you never know; there might be something happening in the future," he said.  Europe's only commercial rollout of NFC to date is in the German city of Hanau, where commuters use the technology to pay for their bus fares. A major trial is taking place in the French city of Caen. 

New payment system may take over cash based transaction in Nigeria

By Prince Osuagwu

Posted to the Web: Wednesday, May 10, 2006

As the world embraces the new payment technologies responsible for leading developing economies to a near cashless society, Nigeria may be one of the first targets among the emerging markets to experience the payment transformation of Europay International, MasterCard International and Visa International, otherwise code named EMV.

Even when the population of the country makes an attractive incentive, the recent massive reorganization and realignment of the Banking Sector of the Nigerian Economy, makes the system a more welcomed venture.

This is because the reorganisation has created a major shake up in the way the banks deal with their customers and product offerings. With the smallest of the new twenty five banks having a minimum of twenty five billion Naira, it becomes highly imperative that the banks do more of retail banking and consumer credit to weather the storm.

Ordinarily, retail banking is more about Debit and Credit Card issuance to customers to enable them have access to their money in the banks at all times. But central to this kind of transaction is security. Much as Nigeria has recorded an improved height in card issuance in recent times, the issues of fraud, security and standard surrounding some of the locally issued cards in the international markets, seem to bog the progress down .

This development may have worried industry stakeholders, like frontline cutting edge technology providers, Chams and Datacard which recently, jointly presented to the Nigerian market the various technologies and solution needed to address the issues of fraud, security and standards using a training session tagged EMV seminar.

EMV is named after Europay International, MasterCard International and Visa International. The companies created a joint industry working group in 1994 to facilitate the introduction of chip as the replacement technology for Credit and Debit cards.

The companies said that the training was necessitated by the need to have a more secure way of transacting business via cards even as it was aimed at sensitising, training and updating the financial institutions on the modern trends in doing business.For Chams in particular, “the world all over is moving at an alarming rate towards a cashless society. Soonest this will be the only means of doing business. Nigeria as a country cannot be left behind in this new dispensation.

If we have done this earlier, the issue of rejecting our local cards by some western nation as reported by the media will not have arisen. So with this training, we hope to get our country more informed about latest development and technology in the industry and help fasten the movement towards a cashless society.By what we have done, we are already pioneering the deployment of EMV indirectly.What is left to do is for the financial institutions to complement our efforts and join the force in moving Nigeria ahead. At Chams, we have the expertise and the production capacity including latest technology anywhere in the world to meet with demand for production of the cards”.

Part of the benefits expected of EMV included the level of security they offer to banks, cardholders and merchants. This is especially important given the recent increases in payment card fraud and, in particular, the rapid growth of counterfeit fraud.

A chip card incorporates an integrated circuit or microchip. When the chip card is inserted into a terminal, it carries out a series of pre-programmed commands. This means that chip cards can be virtually impossible to counterfeit and, if a card is lost or stolen, the issuing bank can “lock” the chip.

This significantly reduces the risk of fraud, especially when cards are used in conjunction with a PIN number.  EMV cards are already rolled out in large numbers all around the world. The first countries to issue EMV smart cards are the United Kingdom, Japan, Brazil and recently the USA has joined this list. Other countries are at varying stages of implementing, developing or planning.

Nigeria’s Valucard perhaps may be the very first massive implementation of EMV in Nigeria before the end of 2006.

The Budapest Sun May 11, 2006

BKV puts back chip card date

By Alex Kajtár

THE Budapest Transport Company (BKV) had intended to replace the current paper-based tickets with chip cards starting in March of this year.

The Elektra project, to introduce the use of an electronic ticketing system, started four years ago with a political decision made to upgrade the system, and BKV published a public procurement tender on its implementation in Nov 2004, but no winner has yet been selected.

Six companies applied for the tender, and, after various appeals, EDS Hungary Kft, Sagem Hungary Kft, MÁV Informatikai Kft and T-Systems are still competing. The final tender documentation is said to be published soon, but the press relations department of the BKV has not been able to reveal any details to The Budapest Sunas of yet.

The Ft20 billion ($97.6 million) project is, however, expected to gather new momentum, and a deadline of late 2007 for implementation of the first phase of the development can possibly be adhered to.

If all goes to schedule, chip cards will eventually replace the paper tickets gradually, first in the millennium underground (the yellow line), followed by the other two metro lines, the suburban railway lines and, finally, on all buses, trams and other BKV operated vehicles.

The budget allocated for the project contains the operating costs of the system for the following 10 years.

BKV said it hopes to increase its income by at least Ft2bn ($9.7m) per year as the new system will make it harder for fare dodgers to travel without a valid ticket. If that calculation proves correct, the entire investment could be returned within 10 years of use.

UK's EMV Cards Could Carry An Oyster Application

The Financial Times

May 02 2006 :

This year, the Transport for London (TfL) entity aimed to extend the use of its Oyster prepaid fare card into the retail sector, for the purchase of low-value goods. In 2005, TfL sought a financial partner with which to launch a retail payment system, but the initiative is now on hold after talks with multiple consortiums in which PayPal, JP Morgan Chase and the Spanish bank BBVA were involved. Although TfL sees demand for a contactless card-based e-purse, the task of building a payment system that is cheaper for merchants than the existing credit card system, is too difficult.

TfL is currently exploring the case for bundling an Oyster payment application onto generic EMV chip and PIN cards for contactless payments at vending machines, parking kiosks, fast-food restaurants, grocery stores and newsagents. As the Oyster card is already held by over 5 million individuals in London, TfL believes its case for including an Oyster e-purse in EMV cards could help its drive to infiltrate the UK’s national rail network. If the two payment applications did run on a single bank-issued card, cardholders would gain a ‘killer’ proposition for everyday payments.

Profitability is a key issue for TfL as a public transit provider, and the entity feels it cannot progress with its Oyster retail payments initiative until a watertight business case is achieved. In other words, TfL is not shelving its concept, but is simply reviewing its options to identify the best way forward from a financial perspective. Separately, TfL is reported to have had discussions with online auction giant eBay, to have Oyster cards accepted on eBay’s site in addition to the existing payment options that the site supports for purchases that its customers make during its auctions.

Feds confirm smart card, Centrelink spend

By Iain Ferguson, ZDNet Australia

09 May 2006 09:01 PM

The federal government this evening confirmed it had allocated AU$1.09 billion over four years to a controversial health and welfare access card scheme, which a private consultant said would save AU$3 billion over 10 years.
In 2006/07 budget documents, released tonight, the government said current systems would remain in place until early 2010, after which anyone wishing to interact with agencies would have to obtain a card.

The government's campaign to win public acceptance for the card -- which will be phased in from 2008 -- suffered a blow this week when the head of the taskforce charged with devising a plan for it resigned. James Kelaher is reported to have recommended funding for the project be taken outside the department and that an external advisory board keep a check on privacy matters.  The card is slated to replace 17 existing health and welfare cards and vouchers, with individuals only needing to register once rather than several times with multiple health and social service agencies.

The government said it would improve data across those agencies and help identify and eliminate fraud affecting its AU$92 billion annual spend on health and social services benefits. KPMG reviewed the card plan and came up with the savings figure.  In a statement, Joe Hockey, Minister for Human Services, said the card would include the holders’ name, a digital photograph, signature and card number, while a microchip on the card would store details such as date of birth, address and details of children and other dependants.

He gave little away, however, about security arrangements governing the card and associated registration database, saying "information held on the access card will only be accessible by authorised people".

Hockey also announced an additional AU$115 million over two years to boost Centrelink’s call centre capabilities, saying demand had increased by 12 percent per year over the last four years. Centrelink was now trying to handle 22 million calls per annum.  A significant proportion of the funding would go to enhancing phone voice recognition services, with an additional 25 percent of customers expected to use the option by the end of 2007-08.

IIT-K plays the smart card

Wednesday, May 10, 2006

Besides name and department, cards to contain personal data like bank account, medical details, fingerprints

Rao Jaswant Singh

Kanpur, May 4: The Indian Institute of Technology-Kanpur (IIT-K) is the latest to join the ‘‘smart card’’ bandwagon. All students, faculty members and other staff at IIT-K are being issued smart cards that carry all information about the card-holder, including bank account, medical details, fingerprints and other personal data. Besides, the cards also provide access to offices, labs and safes.

Professor Rajat Moona of the Department of Computer Science and Engineering (CSE) has designed these smart cards. He said they offer many advantages over other magnetic strip cards, the most important one being ‘‘protection of storage data against unauthorised access and modification’’.

He claimed that plastic ID cards, such as driving licences, bank ATM cards and credit cards are mostly magnetic-strip cards, and ‘‘information on these can be modified easily’’.

He said the technology devised by him was based on SIM cards, in which an electronic chip with microprocessor and memory is embedded in a plastic card. He added that IIT-K would be the first IIT to implement smart card access in massive form.

‘‘For the forthcoming batch in July, even the attendance system, library management system, access control system, e-cash application and other ID applications will be based on smart cards,’’ added Moona.

He assured that information contained in the card was secure, so much so that the medical details could not be accessed by non-medical staff and banking details could not be accessed by non-banking staff.

While the name and department can be read by anybody, other data such as blood group, medical and bank account details can only be read by the appropriate authority.

EMVCo's CPA May Accelerate Global Migration

Card Technology

May 04 2006

Almost 80 million EMV-compliant smart cards were issued globally in the last six months of 2005, while 600,000 POS terminals and ATMs were deployed, according to new EMVCo figures. This contrasts with 65 million EMV credit and debit cards issued in the first half of 2005, when 900,000 EMV-based POS terminals were deployed. In full-year 2005, about 145 million more EMV cards (8 per cent) were issued than in 2004, yet the total 1.4 million EMV POS terminals deployed in 2005 was less than the 1.7 million terminals deployed in 2004, the recent EMVCo figures show.

A total of 408.8 million EMV cards and 4.5 million POS terminals have been deployed globally since the EMV specification first appeared in 1995. Forty per cent of Europe’s card terminals are estimated to be EMV-ready, versus 20 per cent in the Asia-Pacific. Global migration rates may accelerate with EMVCo’s release of its common payment application (CPA) specification, which streamlines tests for card security and functionality. EMVCo’s separate common core definitions similarly allow banks and card firms to run just one back-end system for EMV card transaction processing.

EMVCo promotes interoperability between all EMV-compliant cards, POS terminals and ATMs regardless of brand, and is now tightening its management of EMV software for cards. The CPA standard appeared only when dual-brand issuers appealed to EMVCo to simplify the certification process. Later in 2006, EMVCo will issue a specification to test CPA cards for security and functionality, which implies that vendors may not have CPA cards until early 2007, but many issuers are expected to support individual Visa and MasterCard EMV applications in addition to the new CPA.

Why Oyster's e-money plans hit the buffers
Getting the commercial side sorted proves even harder than the technology

By Jo Best

Published: Tuesday 9 May 2006

Plans to add electronic wallet functionality to the Oyster smartcard ticketing system have suffered a major setback.

Back in 2005, Transport for London (TfL) announced it had shortlisted seven potential suppliers to transform Oyster from a ticketing system into a means of paying for goods such as coffee and newspapers.

Trials were scheduled to start before the end of the year but didn't materialise. And, at the end of April, TfL announced that none of the shortlisted suppliers had been able to meet their criteria and the rollout had been put on hold for the time being.

The question of who would pay for the cost of deploying the necessary infrastructure was a sticking point.
According to a TfL spokeswoman, the transport authority remains committed to the rollout of an e-money scheme and is still interested in expanding the functionality of the Oyster card.

She told silicon.com: "We're still interested and we certainly know there's interest from our customer base. No one's ever procured e-money before so we didn't know the negotiations would be so long and we didn't know what the outcome would be."

So what went wrong? It seems that the technology behind the scheme was not at fault.

Dave Birch, director of consultancy Consult Hyperion and organiser of the Digital Money Forum, told silicon.com: "What's become clear is that it's more complicated to sort out commercial arrangements than to sort out the technical arrangements [with e-money]."

It appears that issues with the payment processing side of the project - division of revenues and payment processing costs, for example - were the main reason the e-money scheme was hobbled before it left the starting gates.

The question of who would pay for the cost of deploying the necessary infrastructure was a sticking point. For example, without financial support from the banks, retailers were unlikely to agree to cover the equipment costs themselves.

Sandwich shop chain Pret A Manger is one of the retailers that expressed interest in working with TfL to accept Oyster card payments.

Simon Hargraves, commercial director at Pret, told silicon.com that the chain is still interested in accepting e-money either with TfL or another provider. The company is starting to introduce chip and PIN across its 50 UK sandwich shops but would welcome a switch to contactless payments to trim the queues that can result from typical credit card payments.

Hargraves said: "We're becoming more and more cashless. We're investigating [contactless payments] and we would still be interested in talking to Transport for London if they change their mind."

But the company wouldn't want to swallow the cost of any infrastructure rollout: "We're only very small and it would be difficult for us to support that on our own."

According to Graham Taylor, distinguished analyst at Gartner, only the banks could afford to stump up the necessary readies to put Oyster e-money readers into newsagents and retailers - but are reluctant to as e-money could hurt their existing business.

Taylor said: "With merchants, when everyone's got [an e-money Oyster card], they'll pay to accept them but essentially the merchants don't want to pay for it and TfL doesn't want to subsidise it. The banks could potentially do it but they don't want to affect their debit card business."

And without the banks, the Oyster card is temporarily in the sidings: Taylor predicted that it will be extremely difficult for Transport for London to deliver the scheme without support from external partners.   And while a number of payment processors expressed their interest in partnering with TfL for the scheme - Barclays, PayPal and the Royal Bank of Scotland among them - TfL said none were able to meet its financial criteria.

While Transport for London won't be actively putting out another tender to search out new partners for the e-money scheme, it remains open to approaches from would-be partners. One option that would be considered by TfL is adding Oyster card functionality to a store card or bank card.  And while there may be no e-wallet function in the Oyster just yet, not all of the planned updates to the Oyster card have been shelved.

For example, a handful of local councils, including Croydon and Lewisham, are using the smart card functionality of the Oyster to give local residents access to council services.

Leader: Banks may regret Oyster e-money fiasco
And why Tesco may not...

By silicon.com

Published: Tuesday 9 May 2006

Why is the Oyster card such a success? Because we commuters are lazy.

We can't be bothered to run our paper tickets through the machines when we can simply touch a card to a reader.

But now it seems that everyone involved has been equally lazy in allowing the Oyster e-money scheme to fizzle out.

The first mover in contactless stands to win a great deal.
The Oyster card is a great platform for the UK's first e-money deployment. Oyster cards are already in five million back pockets and the readers are in thousands of newsagents across the capital.

Similar rollouts in Singapore and Hong Kong prove the technology works and commuters are very keen to have it.

And yet, there's no rollout in sight. So who do we have to blame?

The banks certainly don't come out of this blameless. Fears over cannibalising their debit card business and interchange fees have doubtless put the banking community off. But surely this is a spectacularly short-sighted move.

After all, who wants cash? Not commuters - it's inconvenient and fiddly. Not the merchants - cash can be stolen and it takes time to process as commuters hunt through their pockets and wallets, causing queues to build up and disgruntled shoppers to wander off before making a purchase. And certainly not the banks - processing cash payments is expensive for them.

The first mover in contactless stands to win a great deal, not least the captive audience the Oyster card will bring with it.

Cash is on the way out - payments made by coins and notes are in "slow decline", according to payments industry body Apacs. The Oyster scheme was a chance for the payment processors to sneak a little bit more of the cash market into electronic form.

The opportunity remains though, with Transport for London (TfL) still open to offers from would-be suppliers. So here's where it would make sense for the likes of Tesco, with its extensive network of local shops across London, to step in and combine the Oyster functionality with the Tesco Club Card and let harried shoppers pick up their sandwiches without hunting down the right pounds and pence.

It's surely not an outrageous leap of imagination to see the retailer, which shuffles one in every eight pounds spent in the UK through its tills, getting deeper into banking territory. It's got the energy, the precedent and the commercial clout to make a partnership with TfL a success.

And when Tesco starts cutting the banks out of their own business, the payment processors might wish they'd been just as forward thinking.

US consumers reject mobile phones as payment devices

8th May 2006

The use of a mobile phone as a payment device has been brought into question after a new report suggested that young consumers were unlikely to utilize such technology.

The survey, conducted by consulting-firm Market Platform Dynamics (MPD), found that 62% of the 4000 US individuals aged between 16 and 43 who took part deemed mobile payment technology as unnecessary. 38% said they did not use their mobiles enough to make it worthwhile.

Security was a key concern for the study's respondents with more than 60% claiming they would not pay with contactless fobs because of security worries. By contrast, only 4% have security concerns with existing payment devices.

Cash was found to be the predominant payment method, but this declines significantly with age. The research also indicated that rewards and incentives to use particular payments can drive the acquisition of payment devices, but not decision to use them at the point of sale.

PayPass Moving Cards To Top Of Wallet

2006-05-03

Customers are using their contactless MasterCard PayPass as intended, with over 60% of transactions under $25, suggesting consumers are keeping their cash in their wallets and paying instead with the tap-and-go cards, Cathleen Conforti, a senior vice president at MasterCard and PayPass global product manager, told attendees this week at the CardTechSecurTech2006 conference in San Francisco. She also said consumers using their PayPass cards are paying with them 85% to 95% more often than they previously used their cards. “It’s definitely their top of wallet card,” she said. Conforti declined to provide transaction statistics, but says the contactless programs issuers launched last year are doing well for this early stage of rollout. She also noted that sports teams accepting PayPass in their stadiums are explaining to fans that contactless payments will get them through concession lines more quickly. For instance, she pointed to a New York Yankees marketing piece that said, “Yankees seat cushion: $5. Spending more time on it: priceless.” Conforti said there would be significant introductions of contactless PayPass cards this year in California, Texas and Florida, but she did not provide details. She said there are more than 7 million PayPass cards in circulation worldwide. MasterCard has said at least 5 million PayPass cards or keyfobs are circulating in the U.S.

Smart cards for Karnataka vehicles

Aravind Gowda / Bangalore May 02, 2006

The Karnataka government has embarked on an ambitious project to issue “smart cards” to vehicle owners across the state for putting an end to road tax evasion and prevent fabrication of fake documents. A smart card is like a credit or debit card but can store a lot of data which can be read and updated only by an authorised person.

The state transport department, which has been entrusted with the task of implementing the project, is finalising tender guidelines to seek bids from vendors.

“The tender will be published shortly. By mid 2007, we will be in a position to issue smart cards to owners of all new vehicles rolling out of showrooms,” Karnataka Transport Minister N Cheluvarayaswamy told Business Standard here.

Smart cards will be issued to all existing vehicle owners also.

“All RTOs will conduct monthly drives at the district level to collect RC documents and convert the contents into digital format on the smart card. The RC document will be returned to the owner and smart card issued within 30 days. This process will commence by year end and an awareness campaign will be launched shortly,” the minister said.

The smart card project is part of a computerisation programme prepared for the transport department. It rests on two legs. Computerised government records will identify all those whose taxes are overdue and the recording of tax paid on smart cards will remove the chance of faking tax receipts. “We are putting in a system which will automatically identify the road tax and permit defaulters on a daily basis,”the minister said.

Our squad will nab such vehicle owners to collect the dues along with the penalty. Once the road tax and permit fee is collected, the details will be updated in the smart card,” the minister said.

At present, four Regional Transport Offices (RTOs) — Bangalore, Tumkur, Belgaum and Mysore — have been computerised.

“The remaining 48 RTOs will be computerised by this year end. Rs 10 crore has been set aside for this purpose. Particulars of each vehicle such as road tax and goods permit will be computerised and made available online for the staff for regular scrutiny,” he said.

Karnataka can be the first in this regard as Andhra Pradesh had initiated a similar project but it did not take off.

The smart card will include technical details of the vehicle such as its year of manufacture, model, engine number, chassis number, state permit, road tax payment, insurance payment, fitness certificate and registration details.

At present, barring insurance payment, rest of the details are handwritten in the registration card (RC) issued to the vehicle owner by the transport department at the time of vehicle delivery. Where computerisation has taken place, the RC is printed by a computer.

“The entire document, including insurance policy, could run into more than 50 pages, in case of goods transport vehicles,” the minister pointed out.

He contended that a fake RC document cannot be created once smart cards take over as these are tamper proof. “We will do away with the RC document once the smart card is in place. The details on a smart card will be accessible only by the transport department since it carries a security code,” Cheluvarayaswamy said.

Feds confirm smart card, Centrelink spend

By Iain Ferguson, ZDNet Australia

09 May 2006 09:01 PM


The federal government this evening confirmed it had allocated AU$1.09 billion over four years to a controversial health and welfare access card scheme, which a private consultant said would save AU$3 billion over 10 years.
In 2006/07 budget documents, released tonight, the government said current systems would remain in place until early 2010, after which anyone wishing to interact with agencies would have to obtain a card.

The government's campaign to win public acceptance for the card -- which will be phased in from 2008 -- suffered a blow this week when the head of the taskforce charged with devising a plan for it resigned. James Kelaher is reported to have recommended funding for the project be taken outside the department and that an external advisory board keep a check on privacy matters.

The card is slated to replace 17 existing health and welfare cards and vouchers, with individuals only needing to register once rather than several times with multiple health and social service agencies.

The government said it would improve data across those agencies and help identify and eliminate fraud affecting its AU$92 billion annual spend on health and social services benefits. KPMG reviewed the card plan and came up with the savings figure.

In a statement, Joe Hockey, Minister for Human Services, said the card would include the holders’ name, a digital photograph, signature and card number, while a microchip on the card would store details such as date of birth, address and details of children and other dependants.

He gave little away, however, about security arrangements governing the card and associated registration database, saying "information held on the access card will only be accessible by authorised people".

Hockey also announced an additional AU$115 million over two years to boost Centrelink’s call centre capabilities, saying demand had increased by 12 percent per year over the last four years. Centrelink was now trying to handle 22 million calls per annum.

A significant proportion of the funding would go to enhancing phone voice recognition services, with an additional 25 percent of customers expected to use the option by the end of 2007-08.

Australia - PM okays 'smart card' but not ID card

April 26, 2006 - 5:54AM

Prime Minister John Howard has announced the federal government will not proceed with a national identity card.  But the government will go ahead with an access card - generally referred to as a smart card - for health and welfare services, Mr Howard said.

It will replace 17 existing cards.  The prime minister said the new card would make substantial savings for cardholders and the government.

"The savings, on a conservative advice ... amount to something in the order of some $3 billion a year," he told reporters.  "The savings will be significant in relation to fraud."  Mr Howard said the new card will have enhanced security features, such as a biometric photograph on the front - but it will not contain fingerprints.

"It will be necessary for everybody who needs a card to apply for one," he said.  "It will not be compulsory to have the card."   Mr Howard said the government had sought to strike the balance between ease of access, enhanced identity security and personal privacy.

"There is no model around the world that immediately hits us in the face as being the perfect answer to this, and we have looked around the world," he said.  "After a very good discussion I think we have struck a very good balance."   Attorney-General Philip Ruddock said cabinet had conducted a full and complete discussion of the proposal.

"These are not simple issues. They require developing a balanced approach, which weighs up all of the issues," he said.   "In terms of the advice that was given to us, the appropriate balance is that which we have struck."  Mr Ruddock said there was a national identity fraud strategy and the announcement reflected ongoing work on better ensuring people's identities remained secure.

"It will give our agencies who need to be able to make appropriate inquiries, within the framework in which data sharing is possible, a proper capacity and an enhanced capacity to be able to do their work," he said.  Mr Howard said the card will cost about $1 billion to introduce.  "I'd be surprised if you had any change out of $1 billion over a period of four years for its introduction," he said.

"I'd be most surprised."   Human Services Minister Joe Hockey said it was not known how many cards would be issued.   But he said there were currently 11.5 million Medicare cards in circulation as well as 16 other types of cards that would be replaced by the new system.

Mr Hockey said there was a huge potential for fraud in the current system, at both a state and federal level, which justified the new card.   "The states rely heavily on Commonwealth pensioner concession cards and health cards to provide benefits such as rental assistance discounts, electricity and a range of other things," Mr Hockey said.  "I saw one estimate alone of welfare-based fraud in NSW being well over $100 million a year because of unreliable use of pensioner concession cards."

Mr Hockey said about 25 per cent of pensioner concession cards were used after they expired.  And about 500,000 Medicare cards went missing every year.  Mr Hockey said those opting to apply for a card would be able to select fields of information they wanted the card to hold.

This could include information about their health, such as diseases, which could be accessed by ambulance officers in case of emergency.  "If people want to use it for a range of services they can," Mr Hockey said.  The basic card will include the name and photo of the person on the front, and address and date of birth information on the chip.

Concerns have been raised over both the cost and privacy implications of the smart card.  Australian Council for Civil Liberties president Terry O'Gorman said a recent KPMG study showed the smart card would cost more than $2.3 billion to implement over the next decade.  "They (KPMG) claim it's difficult to project the savings that would be captured through a clampdown on fraud," Mr O'Gorman said.  "It's an extremely expensive concept with over-hyped and dubious benefits."   He said the smart card posed a major privacy risk by tying too many functions together.

"There's widespread acceptance from privacy advocates that the smart-card concept will increase risk of identify theft," he said.   Mr O'Gorman accused the government of trying to introduce a "backdoor ID card".   "When you have a look at a smart card, it replaces up to 19 other cards currently used by beneficiaries of federal departments," he said.

A federal backbencher has also warned the smart card could contain information that infringes on civil liberties.   Queensland Liberal MP Steven Ciobo, a member of the attorney-general's backbench committee, said unencrypted personal information on a smart card could leave people vulnerable in the event of theft.

Health Minister Tony Abbott said the card would provide basic health information to assist medical staff during an emergency.   But Mr Ciobo is worried about how much information would be stored on the card.   "My concern with the introduction of a photo onto a smart card is that that can quickly become a slippery slope for other personal information that may not be necessary in order to ascertain whether or not the person presenting the card is actually in fact the person they claim to be," he told ABC Radio.

"If someone is absolutely required to have this smart card on them then I would be concerned by that.   "Alternatively, if people chose to do that because they believed it to be more efficient, I would be more relaxed about it." 

Mr Ciobo said his principal concern was that a smart card would fundamentally alter the relationship between the individual and the state.  Mr Ciobo said a further concern was that, by making a smart card compulsory, the government would effectively require that a person have all that information on them in order to be a functioning member of society at all times.

Federal Labor did not object "in principle" to the smart card, opposition human services spokesman Kelvin Thomson said.  But the federal government should be careful to clarify precisely how the card would be used, Mr Thomson warned.  "We support actions which can help stamp out welfare fraud or make dealings easier for consumers with government departments," he told reporters in Melbourne.

Nevertheless, the opposition would raise "substantial concerns" about the implementation of the new card.  "In particular we don't trust this government in implementing large policy changes," he said.  "Will this card be used for national security purposes and if so, how?"  As well, Mr Thompson warned against likely cost blow-outs in the changeover to the new card.  Mr Thompson said the federal government had a "sloppy record" in administering large policy changes, "leaving ordinary Australians to pick up the pieces".

Latin American banks shift their atention towards EMV smart cards

April 28, 2006

(InfoAmericas (Pan Regional) Via Thomson Dialog NewsEdge)

As the process of consolidation and acquisition among Latin American banks has matured, key players have shifted their attention to new technologies, seeking to boost card penetration and to reinforce their competitive positions. The new EMV smart cards are on the leading edge of this trend. Delayed Innovation Card penetration grew substantially during the consolidation of the banking sector, rising from 17% in 2000 to nearly 27% in 2005 across the region, and reaching over 30% in Brazil and Mexico. Surprisingly, this growth was achieved without major upgrades to the underlying infrastructure and technology. This situation has now shifted, with an investment of more than $200 million in card technologies expected in 2006, marking a rise of 70% over 2004 and 2005. This spending will follow the same route as other recent investments and will be targeted at software solutions for credit-rating and new terminals. Further investments are expected in CRM and retail-reward solutions linked to EMV technology technologies.

In retrospect, the fact that the banks and credit card companies delayed infrastructure upgrades during the period of consolidation has actually helped them. They avoided the cost of adopting intermediate solutions and are now in a position to leapfrog to the latest technologies. In some cases this has helped to reposition brands after acquisitions. For example, when HSBC acquired Bital in Mexico in 2004, it launched a new smart card bearing both Bital and HSBC branding.

The most important new technology is the EMV card. This is a smart card that enables the global standard for payment systems developed by Europay, MasterCard and Visa (EMV). The standard defines protocols for interactions between the terminal and the card's computer chip, as well as the software installed on the card. Fraud prevention was the most important impetus for its development but it is also enabling personalized loyalty programs as well as new back-office solutions for credit risk assessment.

Although the EMV standard was published in 1994, the initial excitement quickly wore off and the cards were very slow to gain traction, especially in Latin America. The migration to EMV cards began in Mexico in 2002, when Santander Serfin launched the Uni Santander-K and Citigroup Banamex introduced B-Smart cards. Rollout has been aggressive in Brasil, Mexico and Argentina, and the near totality of card portfolios is expected to have migrated to EMV by 2008. This is slower than originally expected (and desired) but promises total transition.

Rising Fraud is a Key Motivator One reason that banks and acquirers were slow to adopt EMV technology was that card fraud rates in Latin America have traditionally been among the lowest in the world. While fraud remains low by global standards, the rapid growth of card penetration has pushed up the number of fraudulent incidents by some 15% annually. This has motivated key players to act, and most banks in the region initially indicated that reducing fraud was the most important benefit of the EMV standard. The highest rate of migration from magnetic-strip cards to EMV cards is seen in Brazil, where almost 90% of terminals are EMV-compatible and where the fraud rate is reported to have fallen by more than 80%. Mexico is also migrating quickly and is projected to have 370,000 EMV-compliant terminals in service by the end of next year. In smaller markets like Chile and Peru, the rate of adoption will be slower as EMV-compliant cards are issued to new accounts, but existing cardholders continue to use magnetic-strip cards until they expire.

The delayed migration to EMV in Latin America means that the global standard comes with the latest generation of card chips, which allows them to run state-of-the art software. Memory has increased too, with the latest cards sporting 32KB and even 64KB of memory, compared with 8KB seen on earlier versions. Among other benefits, this increase enables the storage of more complex customer profiles on the card. This greatly improves opportunities for cross-selling by banks and merchants, and helps them to develop targeted marketing. For example, they can offer special discounts if a particular card is used in a designated store. It also enables instant processing of loyalty rewards at point of sale, and can identify new customers the first time they use their card in a store. The result is higher transaction volumes per card and increased retail sales.

Improved customer profiling, rather than fraud reduction, was the principal motivation behind the decision of Mexico's BBVA-Bancomer to launch Mexico's first enhanced loyalty program that leverages smart card technology. The Vida Bancomer card, introduced in March 2005, uses custom-designed software developed by the bank. More than 2,000 merchants have already enrolled in the program, and the bank's objective is to reach at least 10,000 merchants. Consumer feedback in 2006 is positive, and includes high satisfaction scores for merchants.

Increasing Low-Income Penetration The Latin American card market is at a critical juncture in its history. The higher-income market segments are saturated, while increasing penetration of lower-income segments is hampered by the absence of adequate credit rating systems. Smart cards are an important part of the solution in both segments. In the higher-income segments, card issuers will rely more and more on information collected through the new cards to build customer profiles, to target marketing initiatives, to develop niche markets and to refine customer services. If these efforts are successful, the result will be an increase in the value of transactions per card.

In the low-income segment, card issuers have learned the hard way about the risks of offering cards to customers that have little or no credit history. In Colombia, Mexico and Brazil bad-debt write-offs grew rapidly between 2002 and 2005, and only now are beginning to be reigned in. And while most consumers with no credit cards are willing to pay premium interest rates to get their first card, in practice the activation rate is very low. In Brazil, for example, Santander-Banespa reports that nearly 40% of new cards issued to the low-income segment are not activated at the end of the first six months.

Assuming that low-income cardholders do eventually use their cards, smart card technology provides a valuable tool for evaluating credit risk. Details of their transactions are stored on the card, making it easier to create customer profiles. By comparing their activity with behavior models, banks can develop systems for establishing and increasing credit limits, while at the same time developing tailored marketing tactics for this segment, with the goal of attracting debit card users to switch to credit cards.

Mexico's Banco Azteca, a bank that grew out of Grupo Elektra's consumer credit unit, provides a good example of this strategy. The bank is focused on the unbanked population that has been generally ignored by the mainstream banks. Smart cards make it much easier for low-income individuals to use payment cards. These customers are generally poorly educated, may be illiterate, and often lack official ID, so the ability to store their photographs and biometric data in the card's memory is a major advantage. While this might be seen as a negative factor to privacy-conscious affluent customers, the opposite is true for the unbanked. Personalization bolsters their confidence in a card and helps to overcome their inherent distrust of traditional banks. If Banco Azteca can translate this increased confidence into sustained card usage, it will gain additional data that can further improve customer profiling and carry out highly-targeted marketing.

The benefits of smart cards described here, including fraud reduction, enhanced loyalty schemes, better customer profiling and targeting, utility for low-income customers, and improved risk assessment are each substantial. Taken together, they are a major market driver. As power of smart cards is increasingly exploited they will play a key role in continued strong growth of the payment card market in Latin America. 2006 NoticiasFinancieras - InfoAmericas - All rights reserved

Smart card proposal attracts criticism from UK

AM - Friday, 28 April , 2006 08:11:00
Reporter: Rafael Epstein

ELIZABETH JACKSON: There are warnings today from Britain against the introduction by the Australian Government of "smart cards".

A team at the London School of Economics undertook a major review of the costs of ID cards in Britain, concluding that the Blair Government underestimated the cost and over estimated the benefits.

And the man who led that study has a warning for the Howard Government as well.

Our Europe Correspondent Rafael Epstein.

RAFAEL EPSTEIN: Professor Patrick Dunleavy and his colleagues at the London School of Economics blew a major hole in the Blair Government's controversial proposal for a national ID card.

His estimates were often thrown at Government ministers as proof they weren't telling the whole truth about the scope and cost of an ID card.

Professor Dunleavy says that he appreciates the Australian smart card is limited to a biometric photo and is a voluntary scheme mainly for government benefits, but he has this warning.

PATRICK DUNLEAVY: I'm not totally sure I see why this scheme will really work. You know, if it's implemented in a fast, low cost way it might have a modest benefit, net benefit, but there is also a potential for things to go wrong with any big IT scheme like this.

RAFAEL EPSTEIN: How do the cost figures look to you?

PATRICK DUNLEAVY: Well, in order to make this smart card really add anything to security, you have to have a secure process of you showing up somewhere to a government office where a reasonably qualified person has to look at all your existing IDs. That costs quite a bit of money to do that kind of thing for at least, you know 11.5, 12 million people.

RAFAEL EPSTEIN: And the sorts of savings they're talking about, do you think that's something that's also realistic?

PATRICK DUNLEAVY: It's not very clear from what the Government has said how the saving is calculated. It's said to be three times the cost.

You know, that actually works out at $300 million a year over 10 years. $300 million 10 years from now is not worth as much as $300 million next year, so you know, it depends on whether this is what's called a net present value, but it will certainly be a lot less than three if it was a net present value, probably only about $1.6, $1.7 billion worth of savings.

You know, three to one benefit to cost you would do it, 1.7 benefit to cost it's a bit vulnerable.

And then the issues you'd want to think about is well is are there people who are going to resist being issued one of these cards, will there be a lot of chasing of people to make sure they have a card, will there be a lot of replacements of cards, will people want to steal these cards? I think they probably will, because they're not very biometrically secure, they're just like a kind of chip and pin card.

I don't quite, myself, see you know that this is going to do an awful lot to reduce social security fraud and so on.

There's also all kinds of other things that you need to think about. In 10 years, for example, technology will change a lot. Criminals don't just sit there and say, "Oh gosh, let's give up, it's got a biometric photo on it." There'll be ways of you know, faking up cards and so on.

ELIZABETH JACKSON: Professor Patrick Dunleavy from the London School of Economics speaking to Rafael Epstein.