Selected Press Releases
As Smart Cards
Continue to Emerge in October 2006
|
Industry group slams new border card
WASHINGTON, Oct. 26 (UPI) --
An industry group says that the long-range radio ID technology being
adopted for new biometric U.S. border-crossing card is not secure.
The Smart Card Alliance also says that employing a different standard for
the cards than the internationally agreed one being used in U.S. electronically readable or
e-passports is inefficient and technologically risky.
The Departments of State and Homeland Security announced in recent
regulatory filings that they would use so-called vicinity Radio Frequency Identification, or
RFID, chips in the new biometric border crossing cards which U.S. citizens will need to enter
the country overland after June 2009 if they don't have passports.
The chips can be read up to 30 feet away, but officials say there will
not be any personal data on them, just a serial number that matches a record in a U.S.
government database.
The proposed technologies "simply don't have the security features
necessary to protect the border and also maintain citizen privacy," Randy Vanderhoof,
executive director of the alliance, said in a statement.
The group says the government should stick with the standards it is using
in the new e-passport -- a so-called proximity RFID chip that can only be read from a few
inches away.
"Using long range RFID technology is a major step backwards for
government-issued identity credentials," said Vanderhoof, pointing out that the standard the
chips in the new card will employ were designed for shipping crates.
Vanderhoof said that whereas the e-passport standards had been developed
in conjunction with the International Civil Aviation Organization, Homeland Security was
relying on private industry contractors to design, implement and operate the program.
"They are going to be making it up as they go along," said Vanderhoof.
|
Rate Of EMV Card Growth Slows
Banks and credit card companies issued just over 35 million smart cards
worldwide that comply with the international EMV standard during the first six months of 2006,
a decrease from the previous six months. But banks and merchants are installing EMV-compliant
point-of-sale terminals and ATMs at a growing rate.
The figures, released by EMVCo, the organization that maintains the
standard, show card issuance had slowed from last year, when banks and other financial
institutions issued more than 75 million chip-based credit and debit cards alone during the
second half of 2005. They issued another 65 million during the first six months of 2005.
But the figures showed installation of POS terminals and ATMs grew at a
fast clip, with the rollout of 1.8 million terminals during the first six months of 2006.
That’s double the number of EMV-enabled terminals deployed during the last six months of 2005
and more than the 1.4 million terminals banks and merchants rolled out during all of 2005.
While the standards organization, which is jointly owned by Visa
International, MasterCard Worldwide and Japan’s JCB Co., doesn’t break down the figures by
region, vendors have said card shipments decreased to the United Kingdom and, to some extent,
France during the first half of 2006. Financial institutions in the United Kingdom, the
largest country to roll out EMV, had largely finished their rollout at the end of last year.
Card shipments to such countries as Brazil, Mexico, Turkey and Italy increased during the
first half of the 2006, the vendors said, but did not compensate for the falling volumes in
Western Europe. Shipments of terminals to Latin America and Asia, among other places, was
believed up this year, in part because falling prices for the devices have encouraged more
merchants to roll them out.
All told, through June 30, banks and credit card companies had issued
441.6 million cards complying with EMV in the more than 10 years since the standard was
adopted. Banks and merchants had deployed 6.3 million EMV terminals during that time. The
standard is designed to reduce fraud from lost and stolen cards. (2006-10-24) |
More Smart Card IDs Coming In the USA
New identification projects moving forward in the U.S. are likely to put
smart card IDs in the hands of tens of millions of government workers and contractors,
emergency personnel, transportation workers and frequent travelers over the next few years.
However, smart cards lost out on one major project: a new border-crossing card that will be
issued to U.S. citizens who frequently cross the long U.S. borders with Canada and Mexico.
Those PASS cards will contain the kind of radio frequency identification, or RFID, tag often
used to track goods in transit. The government announced this week it planned to charge adults
$20 for the new ID card and children $10. Citizens could apply at the same time as they apply
for passports; those not also applying for passports would be charged $25 to cover the cost of
background checks. The Department of Homeland Security, which is responsible for U.S. border
control favored the RFID tags because they can be read from 30 feet away. That means a
person’s ID can be read even before his car reaches a control point, and the border guard can
have the person’s image and data on his screen by the time the traveler presents himself, thus
keeping traffic flowing at busy border crossings. The U.S. State Department preferred using
the kind of contactless smart card chips being embedded in passports that the U.S. and other
governments are now issuing, but lost out for now. The technology could be changed later on,
Frank Moss, deputy assistant secretary of state for passport services, told the annual
conference of the U.S. trade group Smart Card Alliance last month. “We may lock down a
technology for a period of time,” he said, “but that does not mean we lock down the technology
indefinitely.” Despite that setback, several major projects that have been under discussion
for the past few years now appear to be moving ahead. Here is a brief overview:
HSPD12 As of Oct. 27, agencies of the U.S. federal government were under
a presidential order to issue standardized smart card IDs to employees, The aim of the order,
Homeland Security Presidential Directive 12, handed down by President George Bush in 2004, is
that government workers, and employees of companies that work for the government, be able to
move around to facilities operated by different agencies with a single ID card. Nearly 4
million civilian and military employees of the Department of Defense already carry smart card
IDs, called Common Access Cards. The new rule will put smart card IDs into the hands of
another 1.9 million federal government workers. In addition, contractors who need regular
access to U.S. facilities, will need the new ID card. That could ultimately amount to 10
million to 20 million additional smart card IDs, says David Temoshok, a smart card official at
the U.S. General Services Administration, which is coordinating the government rollout.
Furthermore, Temoshok says many state and local governments have expressed interest in using
the technology standards adopted by the federal government for their own employee IDs. “HSPD
12 is not a national ID, but it does something never before done in this country, created an
identity standard that other entities, state and local governments can adopt if it makes
sense,” Temoshok says. “And we certainly encourage that.” The Defense Department cards were
contact smart cards with PKI-based digital certificates, mainly designed for signing on to
computer networks and digitally signing documents. The government’s new ID cards will add a
contactless interface for door entry and biometrics.
TWIC The government hopes to begin enrolling seamen and longshoremen for
a new smart card ID called the Transportation Worker Identification Credential by the end of
this year. Some 750,000 workers are expected to receive the TWIC card, which will include a
contactless interface for physical access control and fingerprint biometric data. Officials
say they expect to order 850,000 cards in the program’s first year to cover employee turnover.
Some believe more than 100,000 workers might leave the ranks of port workers, since TWIC
requires proof of legal residency in the United States and a fair number of port workers are
believed to be undocumented immigrants. As originally discussed in the wake of the Sept. 11,
2001, terrorist attacks in the TWIC card would have been used to identify millions of workers
in truck depots, railyards, airports and other transportation facilities, in addition to
seaports. Those plans were scaled back, largely because operators of transportation facilities
objected to the cost of replacing existing ID cards and readers. John Maiorine of the U.S.
Coast Guard, which is overseeing the TWIC rollout to maritime workers, says the government
“intends to roll out first to maritime, then will consider the applicability and need for TWIC
in other transportation modes.” (2006-10-19)
|
RFID Credit Cards Get Hacked
Researchers have shown that names, credit card numbers and other data can
be skimmed off a contactless card with the holder's knowledge.
The New York Times reports that a team of scientists in the RFID
Consortium for Security and Privacy (RFID-CUSP) were able to read the names, credit cards and
expiration dates of recently issued credit cards using radio frequency identification
transponders to enable customers to pay without swiping their cards (see Researchers See
Privacy Pitfalls in No-Swipe Credit Cards). Is the news a setback for the credit-card
industry? For the RFID industry? For both?
The truth is that security is not a one-size-fits-all proposition. If I
have $10,000 in jewelry and cash in my house, it doesn't make sense to spend $200,000 on a
state-of-the-art safe, motion sensors, lasers and other gizmos found in your typical Mission
Impossible film. Similarly, if I have $1 million in valuables in my house, it doesn't make
sense to spend $2,000 on a simple burglar alarm.
Banks issuing the RFID-enabled credit cards decide the level of security
they need on the card, based on the threat of fraud, the cost of security features on the card
and the effect on transaction times. You don't want to use such heavy encryption that a
transaction takes too long to make a contactless card worth using.
Credit-card industry executives quoted in the Times article point out
that there are other security measures, besides those built into the card, in place to prevent
fraud, such as software that detects suspicious purchases. They obviously believe these to be
adequate, given the potential threat.
The researchers are exposing the vulnerabilities of these cards to raise
awareness before people with less altruistic motives abuse them. That's fair. The credit-card
industry might not react until there is a problem, but no one can say it wasn't warned.
Richard Smith, an independent security consultant with whom I correspond,
points out that a switch on the card would solve the security problem. (The idea has already
been patented.) Only when a person turned a card on would the data on it be vulnerable to
skimming. That would likely be only when you are making a transaction, and your contactless
card would be no more vulnerable than a magstripe card would be when you hand it to a waiter
at a restaurant.
I don't think the exposing of potential vulnerabilities of these cards is
a huge black eye for the credit-card industry or for the RFID industry. Millions of people
won't suddenly have their credit-card numbers exposed to thieves the way they do when someone
hacks a bank's database or an employee loses a laptop with the card numbers on it. But it is
likely that these vulnerabilities will need to be addressed as the technology becomes more
mature and criminals start figuring out ways to abuse it.
|
Visa Plans an Initial Public Offering as Soon as Next Year
By ERIC DASH and MICHAEL J. de la MERCED
Published: October 12, 2006
Visa, the biggest credit card network in the country, said yesterday that
it would sell shares to the public as early as next year, following in the footsteps of its
smaller rival, MasterCard.
By going public, Visa hopes to streamline its operations, invest more
nimbly in emerging markets and new payment technologies like those using cellular phones, and
insulate its member banks from potentially billions of dollars in legal damages over antitrust
and unfair-pricing claims brought by merchants.
There has also been pressure from Wall Street analysts, who believe that
a profit-making structure would instill more disciplined management, and by the company’s own
employees, who have privately sniped at their MasterCard counterparts’ rich stock option
paydays for months.
“MasterCard’s I.P.O. raised stakes for Visa,” said Kenneth A. Posner, an
analyst with Morgan Stanley. “If Visa wants to attract and retain and compensate the best
people, having currency might be very important.”
MasterCard went public in late May at $39 a share. It has since surged
more than 78 percent, to $69.50, even after falling 3 percent yesterday. MasterCard now has a
market value of $9.4 billion. Several analysts said they expect a Visa initial public offering
to value the company at least double that, given its dominance.
Visa held about a 60 percent share of credit and debit purchases in 2005
compared with 27 percent for MasterCard, according to The Nilson Report, a newsletter for the
credit card industry. As of June 30, Visa reported $771 billion in transactions in 2006,
compared with $411 billion for MasterCard.
“By any measurement, Visa looks more desirable than MasterCard as an
I.P.O.,” said David Robertson, publisher of The Nilson Report. “It has a better, more advanced
network, and it sees a lot more traffic on that network.”
The most immediate beneficiaries of a Visa stock offering could be its
large member banks — including Bank of America, Wells Fargo and J. P. Morgan Chase — which
could recognize hundreds of millions in capital gains if they sell part of their Visa
ownership stake, even as the overall card industry continues to slow. For example, both
Citigroup and J. P. Morgan Chase, two of the largest MasterCard member banks, recognized
one-time gains worth more than $100 million in the second quarter from stock sales related to
the MasterCard offering.
By retaining public ownership, the payment associations’ members might
also be seeking to mitigate their liability in future suits. Retailers have filed suit against
both Visa and MasterCard, accusing them and their member banks of illegally fixing the
transaction fees that merchants pay with every purchase.
Visa and MasterCard settled one such suit, led by Wal-Mart Stores, in
2003, paying about $3 billion. Another, filed by Kroger and other grocery and convenience
store companies, is still pending.
Eric E. Wasserstrom, an analyst with UBS, wrote in a research note
yesterday that Visa’s move, like MasterCard’s, was driven in part by an effort to “improve its
future legal posture.”
Visa said it intended to sell a majority of shares to the public, but
offered no specific figure, nor how much it intended to raise. The initial public offering,
which the company said should happen in the next 12 to 18 months, will follow a reorganization
that will centralize its North American and most of its international operations in one
company, Visa Inc., but leave its Western Europe businesses in the hands of its member banks.
The decision to go public highlights the intense rivalry between Visa and
MasterCard. Visa began as BankAmericard, started in 1958 by Bank of America in California.
Bank of America began licensing the card nationally eight years later, about the time that a
group of banks created what later became MasterCard.
Visa, which processes more than half of all credit card transactions in
the United States, is solely owned by its members, from small credit unions to well-known
global banks. With increased pressure from Wall Street to increase profit margins and less
influence from its members, the “banks may have to pay a little more from their services,”
said Mr. Posner of Morgan Stanley.
Over the next 12 to 18 months, Visa will need to gain approval for the
offering from its member banks, and find a new chief executive officer and independent
directors. It must also legally merge its regional boards and decide on which exchange it will
publicly trade
|
Consumer-Driven Healthcare Creating Need For Smart Medical Debit
Cards
From a press release by HealthLeaders-InterStudy:
"How futuristic is it to believe that one swipe of a debit card would
reveal your identity, your health record, and your health plan coverage and eligibility
information? Not as far off as you think."
According to HealthLeaders-InterStudy, a leading provider of managed care
and healthcare market intelligence, insurers and payment processors are building technology
systems to link banks, payors, providers and consumers. The ultimate goal is a smart debit
card that will carry all the information needed to make a healthcare purchasing transaction
transparent, efficient and seamless.
"With an estimated 6 million Americans participating in consumer-driven healthcare, the need
is growing for a consumer 'smart' card," states Chris Lewis, HealthLeaders-InterStudy research
analyst. "However, achieving widespread use within providers' offices will pose the most
direct challenge."
The majority of health accounts do have debit cards tied to flexible
spending accounts and health reimbursement arrangements, which are set up and controlled by
employers to pay for employees' qualified medical expenses. Industry observers say the more
recent adoption of health savings accounts, which are tied to high-deductible health insurance
plans, will further propel debit card use. However, most systems do not feature instant
processing and approval of a health insurance claim -- and without that "real-time claims
adjudication" feature, most health purchases cannot be as simple as a department-store
purchase.
A few large insurers are making progress. Humana Inc. has launched a
successful real-time claims adjudication system in six medical practice sites so that
physicians' offices can be paid in a matter of seconds. This four-month pilot project enabled
the clinic staff at MacGregor Medical Center in San Antonio, Texas, to get a claim back from
the insurer so the bill could be presented to the patient on the spot.
UnitedHealth Group is unveiling an integrated ID and debit card that will
store members' identification, eligibility status, and health records. Using a card reader
connected to the provider's computer via a standard USB port, the provider can then call up
the patient's information on the UnitedHealthCareOnline provider portal. This system would
enable a claim to be submitted, and within 10 seconds the provider would know the
reimbursement and how much the patient would owe.
There are several factors that would further complicate instant pricing
and payment. Many physician practices commonly deal with 15 or more payors with varying
product lines. For multi-coded services, prices and payment rules vary widely among insurers.
With a thousand or so practice management software programs currently in use around the
country, it will be difficult to design a card "smart" enough to work with them all.
For providers, the shift to smart cards will depend greatly on how many
of their patients have these cards, and whether the benefits in speedier claims payment
outweigh the costs of the technology.
As medical debit cards get smarter and insurers begin more widespread
implementation, these cards will become the electronic links to bank accounts to facilitators
of instant member identification, insurance eligibility, and claims adjudication. |
Contactless loses to RFID in PASS Card debate
Monday, October 9 2006
The new proposed border crossing card known as PASS will use vicinity
read RFID technology that is ISO/IEC 18000-6C compliant instead of contactless technology
currently being used in U.S. e-passports, it was announced during the recent Smart Card
Alliance Conference in San Diego.
SAN DIEGO, CA -- The role of smart cards in proving and protecting
identities in a digital economy and for e-government were some of the focuses at the Smart
Card Alliance annual conference in San Diego. Also, one government official chose the
conference to announce that the proposed PASS card may be using RFID instead of the
recommended more secure contactless technology.
WHTI, e-Passport, HSPD-12, FRAC, Brazil's Public/Private ID
Frank Moss announced plans for the Western Hemisphere Travel Initiative (WHTI) PASS Card to
use vicinity read RFID technology that is ISO/IEC 18000-6C compliant. The next step in the
process will be a public comment period in the next two weeks. The Smart Card Alliance has
consistently expressed concerns about risks to privacy and security presented by using RFID
technology.
The Alliance has recommended that a more privacy sensitive and secure
solution would be to use the contactless smart card technology used in the new e-passports
that provides additional security features. The WHTI program aims to improve security at the
nation's land borders, where U.S. citizens currently can re-enter the country with a driver's
license. Border agents see more than 200 fraudulent documents a day at the land borders, and
the DHS and State Departments "want to minimize the variability of documents accepted there,"
Moss said.
Microsoft Vista to Support Smart Cards
Smart cards will get a boost from out-of-the-box support in Microsoft's new Vista PC operating
system, making it simple and seamless for people or any size organization to use smart cards
for desktop and network security, Shivaram Mysore, senior program manager at Microsoft, told
conference attendees. The reason is that the strong authentication and secure storage
capabilities of smart cards address problems of desktop and network security, privacy and
confirming people's identities over networks. "We really want to make this a reality now
because it can solve all of these problems," said Mysore.
Vista will include smart card support for multiple certificates for
logins and an unblock/PIN reset program based on challenge/response questions. Mysore also
announced that the beta 2 version of Microsoft's Certificate Lifecycle Manager program would
be available in January or February 2007. The application provides a single administrative
point for smart cards. The 100,000 employees at Microsoft use smart cards for internal IT
security.
The Department of State received the 2006 Outstanding Smart Card
Achievement (OSCA) award for an issuing organization for the e-passport program. "This year we
issued a record 12.1 million passports to U.S. citizens, redesigned our books, started issuing
chips and revised our adjudication process," Moss said while accepting the award on behalf of
the Department Wednesday. "By the end of February, if all goes well, all of the passports we
issue will be chip." The State Dept. currently produces about 250,000 passports per week and
has produced 500,000 e-passports so far. By the end of this month e-passport readers will be
rolled out to 30 airports that handle 80 percent of the Visa Waiver Program country volume.
The GSA Shared Services Program will start issuing HSPD-12 PIV cards no
later than October 27, 2006, in time to meet the mandated deadline, and 28 agencies have
signed up to use the service, David Temoshok, director, identity management division, GSA
Office of Government-wide Policy told meeting attendees. He expects between 10 and 20 million
FIPS 201 cards will be issued in total, with about half a million of those coming through the
shared services agreement.
In addition, state and local government organizations can also buy the
more than 90 approved FIPS 201 compliant products listed on GSA IT Schedule 70, Temoshok
announced. "HSPD 12 is not a national ID, but it did create an ID standard that state and
local governments could adopt if it made sense. And we encourage that," he said.
One potential taker could be the Department of Homeland Security for a
First Responder Card (FRAC) that would ideally be put in the hands of firefighters, police and
other emergency workers at the state and local level. Tom Lockwood, director of the office of
the national capital region coordination for DHS, told attendees he is a strong advocate of
FIPS 201. He would like to see strong, interoperable systems defined and put in place in his
region that would quickly validate the identities of pre-screened and qualified emergency
workers to allow them into disaster sites. "Whether it's floods or a building collapse, in an
emergency there is confusion about who's who and the distribution of human assets," said
Lockwood. "I want this capability to be with me day-to-day and on THE day." He would also want
the card to provide online security authentication and privileges controls.
Brazil is arguably one of the most advanced countries in the Americas in
the use of a public/private identity system based on public key technology. Now in its fourth
year of operation, Brazil has issued 500,000 identity certificates, including 100,000 on smart
cards or tokens, according to Mauricio Cuehlo, director, public key infrastructure of Brazil's
Information Technology Institute. Brazilians pay $130 for the certificate and a reader, and
must go to one of 1,000 Registration Authorities with appropriate documentation to prove their
identity. The credentials are used for both public and private applications from voting to
proving professional accreditations or licenses.
The Smart Card Alliance also announced the companies who were voted to be
"best of showcase" in the Emerging Technology and Innovation Showcase held during the
conference. CoreStreet and Giesecke and Devrient received the top votes from conference
attendees.
|
Being Smart-Card Wiser
By Robert Brandewie
October 9, 2006
The department of Defense faced numerous challenges around the issue of
strong identity management when it implemented a credentialing and identity management program
beginning in 2001.
This program produced a new identification card called the Common Access
Card that would contain both identity information and PKI sets and certificates on a 32K smart
card.
Learning from the DOD program's success, federal agencies are beginning
to issue secure credentials this month, with the goal of having a standards-based,
interoperable, multi-application smart-card-based ID card issued throughout the federal
government.
From the beginning, several principles that guided the CAC program also
make sense for current or future secure identity programs in both the private and public
sectors.
These principles include the idea that the components of the system
should be commercial and off-the-shelf wherever possible and that they should be modular to
allow for vendor competition in the program.
Next, interoperability among all parts of the enterprise needed to be
built into the DOD program from the start. The DOD also needed to sustain this
interoperability as the program matured and changes were made to the cards, middleware and
operating systems. Finally, the DOD needed to integrate its legacy systems seamlessly with any
new components.
The CAC would be the only card used in DOD networks and for physical
access in DOD facilities. The issuance model was unique as well. In a 15-minute interaction,
the goal was for an individual to provide proof of identity; update information in the central
identity store; provide a new photo and biometric authentication; and surface and personalize
the card, including the creation of three PKI (public key infrastructure) sets and
certificates.
This interaction was to occur with the same time goal in any of more than
1,000 locations in the United States and in 27 other countries—using DOD intranet assets.
Today, more than 10 million CACs have been issued, and they continue to
be issued at a rate of approximately 10,000 per day.
The DOD is continuing to build capabilities around this platform.
Likewise, the card has continued to grow and mature. The components on the card, along with
able cooperation from partner technology providers, have kept the promise of interoperability
through all these changes.
There is good news in all this for those IT managers who are facing the
daunting task of establishing an enterprisewide identity system based on sophisticated
smart-card-based ID card programs.
DOD gets a handle on sensitive content. Click here to read more.
First, standards have emerged in many areas that lower both risk and cost
for these systems. The technology has matured and is available to handle the complexity of
these programs and also to integrate the different parts of an identity management system
seamlessly.
Prices have come down for both the cards and the network and for
client-side software pieces that connect the card to the infrastructure.
Finally, best practices have emerged—including many guiding the CAC
program—which greatly increase the probability of success.
The identity industry has really done a wonderful job of working together
for the customers' benefit right at a time that the need for these systems worldwide is
becoming critical.
Robert Brandewie was most recently director of the DOD's Defense Manpower
Data Center, where he was a principal architect of the CAC system. He is currently senior vice
president in the Public Sector Solutions Group at ActivIdentity, which worked on that project.
Contact him at robert.brandewie@actividentity.com |
A High-Performance FIPS Certified Smart Card Solution for HSPD-12
Requirements
LITTLETON, Colo., Oct. 4 /PRNewswire/ --
CPI Card Group -- Colorado Inc. announced plans to deliver next
generation identity management smart cards under the Federal HSPD-12 deployment program
scheduled to be launched this year. In August of 2004 President Bush set in motion a program
to establish personal identity validation smart cards for all Federal employees and
contractors serving the government. The industry has been preparing for these new higher
standards established by the National Institute of Standards and Technology [NIST] for the
smart card 7816 ISO format.
CPI Card Group, based on Atmel(R) Corporation's secure silicon platform
and with technologies assembled by TecSec(R) Inc., will provide 144K of Flash memory at a per
byte cost advantageous to competing solutions. This next generation CKM Enabled(R) Smart
Token(R) includes the following: Atmel's Flash AT90SC144144CT+ mini PIV with AT90SC12872RCFT
single-interface, dual-interface contactless and contact chip. This Smart Token solution
includes a CKM Enabled JAVA(R) operating system PKI authentication, PIV2 and Precise
Biometrics Match-on-Card(TM) technology. TecSec's CKM(R) technology serves more than ID cards
as it is integral to an ID access and data management system solution that can provide
persistent protection to data. This is enhanced by accessing multiple applications (silos)
upon this same trusted Smart Token platform thereby serving as a true federating device.
This Smart Token federating device is designed to be interoperable with
other PIV2-compliant cards and to become the preferred workhorse for not only this HSPD-12
requirement, but for Homeland Defense and other applications (e.g., first responders, border
control and state government programs). Various card issuers will find their requirements met
by this high capacity uniform platform with multiple silos.
TecSec Inc, a leading high-grade security solutions provider, brings its
CKM technology to protect content as well as to enforce permissions and functions, including
discrete access rules and various permissions that allow for numerous silos on their Smart
Token. Each silo contains a distinct service application, the access to which is under the
control of the respective application provider. Access permissions may vary and they are
assigned to cardholders by the application provider. In this manner "roaming" on the card is
denied, privacy is assured and the liability exposures of the Smart Token issuer are
substantially curtailed.
Overall system installation and ongoing operating costs for this Smart
Token are significantly lower than traditional Java smart card solutions. This is because the
content protection of CKM and the multiple discrete application silos, permit highly-secure
network-independent updates (loads and deletes) to intended segments of the memory of the
ATMEL secure chip. In this manner, fixed facilities needed for cardholders to update smart
cards are no longer needed, obviating a major cost. Furthermore, given the discrete and
protected nature of each application silo, the Smart Token issuer has the opportunity of
gaining "cost offsets" or rental income, from application providers paying for silo space on
the issuer's card platform. This Smart Token establishes a new, more favorable, business model
for the card issuer.
The Smart Token's contactless RFID feature is designed with a secure
close-proximity range limitation, guarding privacy and thwarting vulnerabilities.
Precise Biometrics' use of the secure smart card environment to match the
cardholder's stored fingerprint against the cardholder's finger is another example of the next
generation nature of this Smart Token solution. Conventional biometric solutions match the
fingerprint against a remote data base, involving additional off-card processing and costs
while exposing the stored templates to potential compromise. The Precise Match-on-Card(TM)
solution is a clear step ahead, increasing security while enhancing user privacy. This Smart
Token solution is interoperable with the efficient MyID(R) card life cycle management system
of Intercede(R).
CPI Card Group will manufacture this Smart Token. The FIPS and NIST
certifications are in place or scheduled to be completed in a timely fashion. A long-life
composite card material base, providing heightened durability, is also available that delays
normal card replacement costs well into the future. |
Spotlight on Contactless Payment Trends as Smart Card Alliance Annual
Conference Opens
SAN DIEGO, CA -- (MARKET WIRE) -- October 04,
Trends in contactless, mobile and transit payments were the focus as the
Smart Card Alliance kicked off its annual conference in San Diego.
Contactless bank cards and transit
Some transit operators may be adding bank-issued contactless cards into
their closed payment systems, representatives of the transit authorities in New York City and
Salt Lake City told conference attendees. Both organizations are currently testing the concept
with consumers.
"We wanted to learn about the acceptance of contactless Visa, MasterCard
and Amex cards as a basis for fare payment," said Craig Roberts, electronic fare collection
manager for the Utah Transit Authority (UTA). Roberts heads up a program to accept bank-issued
or "open" contactless cards on 41 ski buses in Salt Lake City, replacing the current use of
season passes and employee IDs. It is the first program in the United States to accept
contactless cards from all three associations, and the first open contactless program on
buses. Roberts initiated the UTA program with a call for industry input at last year's Smart
Card Alliance annual conference, and then put the program together in just one year with the
UTA's technology and business partners. "We'll be in a position to go live when the snow
falls," said Roberts.
Managers at New York City's MTA are on the same track. Steve Frazzini,
chief officer for automated fare collection program management at MTA New York City Transit,
said the agency spends about $60 million per year on revenue support, maintenance and other
fare collection costs to collect about $2 billion a year. Those expenses, along with the
emergence of open contactless programs, prompted the agency to start looking into leveraging
the payments industry infrastructure.
"We'd like to be considered as a merchant," said Frazzini. "We'd like to
offload those tasks and focus on what we do best, running transit systems."
That thinking led the MTA into a trial with Citibank and MasterCard
PayPass to test how the contactless technology works in their environment and see how
customers react. The consumer level test began July 5th and includes 79 turnstiles in 30
stations across four NYC boroughs.
After three months, they like what they see -- good customer acceptance,
no chargebacks, no fraud and no customer phone calls transferred to the MTA. "The results have
been very positive," said Frazzini.
Both the MTA and UTA are testing a way to make "open" contactless cards
even more profitable using aggregation. By grouping many small payments together and
presenting them as one transaction to the merchant acquiring system, the agencies lower their
transaction costs. Since 75 percent of the MTA's transactions are micropayments of less than
$6, aggregation can save a lot of money, something the testing proved works. "We didn't doubt
that, but we've learned that it actually happens," said Paul Korczak, program manager for MTA
New York Transit and chair of the Smart Card Alliance Transportation Council.
Online security
William Giles, vice president of emerging technologies at MasterCard
Canada, announced two new smart card-based online security solutions for U.S. card issuers:
one based on a low cost card-sized device and the other on the SIM card in GSM mobile phones.
Both use an application on the smart card that generates a unique password for each
transaction that the consumer enters online instead of the static security code printed on the
back of the card. U.S. issuers can offer this immediately to their customers, because it will
work seamlessly with any SecureCode compliant online merchant. A Keybank pilot tested the
phone-based solution, and Giles estimated the cost of the handheld device would be well below
$10 each.
Contactless payment
One contactless issuer, Wells Fargo Bank, found a new twist by linking
contactless card transactions to a personal banking service called "My Spending Report" that
lets consumers see where they are spending their money. Adding small payments to the report
"promotes cash to card conversion," said Peter Ho, card services vice president for Wells
Fargo Bank.
Another highlight of the first day was the presentation of the
contactless survey results announced yesterday by the Smart Card Alliance. The survey,
conducted by Javelin Strategy and Research for the Alliance, showed that 13 percent of the
consumers surveyed have already used contactless payment, and 95 percent of that group said it
was both easy and fast. Those consumers who have tried it were confident in the new payment
technology as well -- 84 percent said it was as safe or safer than credit cards, and that they
would use it for large purchases too. Of consumers who are yet-to-try contactless, 75 percent
are somewhat likely or very likely to adopt it.
About the Smart Card Alliance
The Smart Card Alliance is a not-for-profit, multi-industry association
working to stimulate the understanding, adoption, use and widespread application of smart card
technology. Through specific projects such as education programs, market research, advocacy,
industry relations and open forums, the Alliance keeps its members connected to industry
leaders and innovative thought. The Alliance is the single industry voice for smart cards,
leading industry discussion on the impact and value of smart cards in the U.S. and Latin
America. For more information please visit http://www.smartcardalliance.org.
|
New Conductors Speed Global Flows of Money
Cellphones Make Transfers Faster, Cheaper
By Mary Jordan Washington Post Foreign Service
Tuesday, October 3, 2006; Page A01
MANILA -- It was 10:33 p.m. when Dulce Amor Bandoy's cellphone beeped
with her favorite kind of message.
"You have received 1,321.00 of G-Cash," read the text on her phone's
glowing screen.
That meant her uncle in London had just deposited 1,321 Philippine pesos
-- about $26 -- into her Globe Telecom cellphone account, which Bandoy uses like a bank. "My
phone is now my wallet," said Bandoy, 29, a cheerful woman with a sparkling smile.
The cellphone-based system that conveys cash between Bandoy and her uncle
has the potential to revolutionize the way hundreds of billions of dollars are moved around
the world, according to experts who study global cash flows.
Cash that relatives working abroad send home is not only vital support
for millions of families but a cornerstone of national economies from Mexico to Lesotho. The
World Bank estimates that global remittances last year topped a quarter of a trillion dollars,
with $13 billion flowing into the Philippines alone.
But traditional methods of moving money in small, personal amounts can be
slow and costly. Western Union, the world's largest money-transfer business, would charge $22
in fees on a $26 transfer from London to Manila. Banks also demand substantial fees and often
take two or three days to complete a transfer.
With cellphone use booming across the developing world, from the open
deserts of Africa to Bandoy's densely populated neighborhood in sultry Manila, handsets that
cost as little as $30 are enabling struggling nations to leapfrog past the need for land-line
phones and ATMs.
The money transfer to the four-inch gold Nokia in Bandoy's hip pocket is
a glimpse of the future, said Dilip Ratha, an economist and remittance expert with the World
Bank in Washington. "I really think this is the way forward," he said. "In three years I would
expect to see this all over the world."
Eugene Bandoy, 50, is a Filipino architect who lives in London and helps
other expatriates buy property back home. When potential buyers want to take a look at
condominiums or houses in the Philippines, his niece shows them around. He sends her cash to
cover her expenses. But that can be frustrating and expensive, because the fees for wiring
small sums can nearly equal the amount being sent.
So in November, when Bandoy heard at a Filipino community event that he
could send up to $200 through his cellphone for as little as $7, he eagerly signed up.
"It's not just cheaper for me," he said, wearing a whimsical tie covered
with drawings of Volkswagen bugs and a white cap spun from Scottish cashmere. "It's more
convenient for Dulce -- she can pick up the money at a shopping mall late at night long after
banks are closed." She could also use any of 1,500 other locations, including department
stores and licensed pawnshops.
Last month, Bandoy needed his niece to go to Quezon City, just outside
Manila, to show a condominium to a woman who works in London but was home on vacation and
interested in buying. But Dulce, like so many people struggling to get by in this country of
almost 90 million people, said she didn't have the $1 for a bus or train ride to meet the
client. |
IBM to Build Singapore Smart Card System
By Katie Dean TheStreet.com Staff Reporter
10/4/2006 2:28 PM EDT
IBM (IBM - commentary - Cramer's Take) will build a smart card e-payment
infrastructure for Singapore's transportation system.
Financial terms of the deal weren't disclosed.
IBM's High Performance On Demand Solutions Labs is working to link the
fare payment systems of Singapore's mass rapid transit and light rail transit systems with the
transit operators' central computers, card service operator and card manager system.
The network will be able to support more than 10 million transactions by
2010, when a new transit line will be complete. That's compared to the four million
transactions managed today.
IBM said the new infrastructure will be able to support more than 650
transactions per second during peak hours, and will be built for scalability and flexibility
to grow as the network expands.
Big Blue shares lifted 1.4% in recent trading, tacking on $1.17, to
$82.82.
|