 Selected Press Releases
As Payments
Continue to Emerge in December 2006
|
|
Philip Andreae would like to make a statement to the US
card industry. You are implementing PCI compliance for Pin Pad and Data Security.
Please insist that all new terminals always require the EMV interface to a ISO 7816 Smart
Card. Consider the antenna as table stakes to play in the low value contactless world. |
|
USA adds financial incentives, fines to PCI program
New
carrot-and-stick approach aims for better compliance
Jaikumar Vijayan
December 14, 2006 (Computerworld) --
Visa USA is adopting a carrot-and-stick approach to help drive merchant
compliance with the Payment Card Industry (PCI) data security standard that it -- along with
other credit card companies such as MasterCard International and American Express -- is
pushing.
Earlier this week, the company announced that it has created a new $20
million incentive program under which it will monetarily reward "acquiring" financial
institutions if their members are fully compliant with PCI requirements by Aug. 31, 2007. At
the same time, acquiring banks that fail to ensure compliance by Sept. 30, 2007 will be
assessed fines starting at $5,000 a month for each non-compliant merchant. The fines increase
to $25,000 per month for each non-compliant merchant after Dec. 31, 2007.
Until now, fines have only been assessed in cases where actual data
breaches occurred.
Acquiring banks are those financial institutions that grant retailers and
other entities the approval they need to accept credit cards. Under PCI, it is these banks
that are contractually responsible for ensuring that merchant members meet PCI requirements.
Visa's new Visa PCI Compliance Acceleration Program is designed to spur
entities that are covered by PCI rules to comply in a speedy fashion, said Jennifer Fischer, a
director with Visa USA. "This program is part of our larger strategy for protecting card
holder data and to ensure that we are doing everything we can to protect it from compromise,"
she said.
It targets the financial institutions responsible for the largest 1,200
merchants -- known in PCI-speak as Level 1 and Level 2 merchants -- who together account for
about two-thirds of Visa's total transaction volumes, she said. Though nearly 18 months have
passed since PCI rules went into full effect, only 36% of Tier 1 merchants and 15% of Tier 2
merchants are currently compliant with the requirements, according to Visa. The goal is to get
all of these merchants fully compliant by the end of next August.
As part of the compliance validation process, merchants will need to show
that they have purged all magnetic stripe data, Card Verification Value (CVV2) data and PIN
data from their point-of-sale (POS) and other systems, Fischer said. The storage of such data
is considered extremely risky and is a major violation of PCI rules. Even so, a large number
of merchants continue to do so, often because their POS system software stores it by default.
"One of our key messages is you don't need that data," Fischer said. "We
expect merchants to work with their software vendors to update the software or patch it or do
something to make sure their systems are purged" of the data, she said.
The new Visa program is a step in the right direction, said Avivah Litan,
an analyst with Gartner Inc. in Stamford, Conn. But to really push PCI compliance, similar
actions need to be taken by MasterCard and American Express, she said.
Visa's decision to link its so-called "tiered interchange" rates to PCI
compliance, though, is perhaps far more significant for larger merchants than any one-time
monetary reward, Litan said. Interchange rates are the commissions that merchants pay for each
credit card transaction. Merchants in different tiers have different rates, with the largest
ones paying less than their smaller counterparts.
The prospect of losing this benefit for failing to comply with PCI could
be the biggest driver of all, Litan said.
|
Visa USA adds financial incentives, fines to PCI program
Friday, 15 December 2006, 1:21 AM CET
Visa USA is adopting a carrot-and-stick approach to help drive merchant
compliance with the PCI data security standard that it - along with other credit card
companies such as MasterCard International and American Express - is pushing.
Earlier this week, the company announced that it has created a new $20
million incentive program under which it will monetarily reward "acquiring" financial
institutions if their members are fully compliant with PCI requirements by Aug. 31, 2007. |
|
FasTrak on path to airport
If the toll agency approves, drivers may pay for SFO parking with
transponders.
By HEATHER IGNATIN The Orange County Register
Orange County toll road customers who have transponders could soon be
able to charge parking fees to their accounts.
Beginning early next year San Francisco International Airport expects to
let travelers pay for parking by using their FasTrak accounts.
The program – the first in the state – comes as electronic tolling and
transponder uses are expanding, said Frank Barbagallo, deputy director for toll compliance at
the Transportation Corridor Agencies, which oversees the San Joaquin Hills (73) and
Foothill/Eastern toll roads.
Today the agency's board of directors is expected to approve three
agreements allowing SFO, along with new toll facilities in San Diego and Alameda County, to
use its trademarked FasTrak name. As part of the licensing agreement with San Francisco, the
agency requested that account holders be able to pay for parking with their transponders.
"It's exciting," said Barbagallo, adding that there is a huge number of
transponders outside Orange County, including 7,000 tags in the Bay Area. "We are delighted to
be part of this." The agency has 659,103 transponders across the state, with the highest
concentration in Orange County and the Southern California region.
According to the agency, airports in New York, New Jersey, Texas and
Florida let patrons pay for parking with transponders.
Others could be on the way.
San Diego International Airport at Lindbergh Field hopes to incorporate
the technology into its parking garages by 2010 when it completes an airport expansion, said
Sharie Shipley, a spokeswoman.
John Wayne Airport will also consider FasTrak payment options when it
upgrades parking lots as part of its five-year, $512 million project to build a terminal and
add 2,000-plus parking spots. Today it would be too difficult to add the technology because
structures would have to be modified.
"If we could come up with a plan where we would offer some automatic pay
card and exit quicker, we would look into something like that as well," said Jenny Wedge, John
Wayne spokeswoman, who added that the airport will watch San Francisco's project closely.
"Whatever is easier for the passengers is beneficial to everybody."
Still, parking and transponders is only the beginning, said Barbagallo,
who believes the tags are emerging as another payment method, like Visa and MasterCard.
Several years ago the agency did a pilot project with McDonald's allowing FasTrak customers to
buy food with transponders. It was discontinued when the restaurant decided to go with debit
cards. But other ideas are in the works: Recently, an agency that represents gas stations
approached the agency.
"Transponders and toll accounts are just now beginning to be understood
for the power they provide private businesses and government agencies."
|
|
PM pumps Provenco’s praises in Hong Kong
Ken Lewis
Friday, 15 December 2006
Provenco CEO David Ritchie, Helen Clark and Gao Wang from Sinopec HK
Prime Minister Helen Clark witnessed world-beating, innovative Kiwi
technology in action yesterday during a two-day official visit to Hong Kong.
Clark was shown an example of Provenco's unique service station payment
technology currently being rolled out across the entire Special Administrative Region of Hong
Kong by energy and chemical company Sinopec Corp.
The technology, which includes a full head office system and all outdoor
payment terminals, is a first for Hong Kong that provides customers with advanced promotional
offerings, including customised discounts and loyalty schemes.
Clark said that Provenco is a prime example of an innovative Kiwi company
using its expertise to deliver tailored technology solutions.
"Provenco has been recognised as one of New Zealand's leading exporters.
Its work with Sinopec demonstrates how Kiwi companies are at the leading edge of global
developments in the retail business environment," she said.
Provenco is a recognised leader in developing and delivering end-to-end
petrol station technology and in particular outdoor payment systems. Its work with Sinopec is
potentially huge, as it is one of the largest listed companies in China and the second largest
oil and gas producer. It is also the biggest refiner, chemical manufacturer and distributor in
China.
The Provenco technology accommodates magnetic stripe cards, as well as
chip cards, meaning the company is future-proofed for the eventual move in Hong Kong to
complete EMV-compliant chip cards. EMV (Europay Mastercard Visa) cards are being rolled out in
Europe and are replacing magnetic stripe cards to help curb credit card fraud.
Provenco's pump pay Sinopec Card technology allows customers to stay with
their vehicle and provides faster refuelling to relieve forecourt congestion. The cards can
also be used at Sinopec stations in Mainland China. The system is bilingual, offering terminal
screen prompts and printed receipts in Chinese and English. The back office system is also
bilingual.
Provenco is now working with Hong Kong and China-based partners to extend
its technology through additional Hong Kong sites and into greater China.
|
Debit Card Fraud At Gas Stations Declines By 60 Per Cent
TORONTO, Dec. 14 /CNW/ -
Interac Association today reported that debit card fraud at gas stations
across Canada has declined by more than 60 per cent over the past year. The deep decline,
representing about $15 million in avoided fraud losses, was largely the result of Project
Protect, a joint education initiative spearheaded by Interac Association and law enforcement
with support from Payment Card Partners and other industry partners. The program, which launched in November 2005, educates gas retail owners, managers and
employees about payment card fraud and how they can help prevent it from occurring at their
location.
"Project Protect was directly targeted at gas stations in Southern Ontario
to significantly reduce and ultimately eliminate debit card fraud from occurring at all
locations," said LeAnne Thorfinnson, VP, Operations, Interac
Association. "While fraud continues to be a growing problem, the reduction of
debit card fraud in the gas retail sector is a step in the right direction and
demonstrates how we're making it more difficult for fraudsters to operate in
Canada."
Project Protect is a program in which law enforcement officers visit gas
stations to educate management and their employees about payment card fraud.
The program provides training for front-line officers and equips merchants
with valuable tips to prevent payment card fraud from occurring in their
locations. In addition, in regions across Canada where Project Protect is not
operating, Interac Association works with its members to provide gas retailers
with educational material and security tips.
"Since the launch of Project Protect, we have seized skimming equipment,
made arrests and seen an increase in the number of gas station employees
reporting attempted skimming incidents," said Acting Detective Brian
Wintermute, Peel Regional Police. "The success of Project Protect clearly
demonstrates that education is an important tool in the fight against fraud."
In September 2006, Project Protect was rolled out across Ontario and into
other retail sectors with the support of the Ontario Provincial Police, Retail
Council of Canada and the Ontario Ministry of Community Safety and
Correctional Services.
"We're pleased with the collaborative efforts of all the partners
involved in this successful project," said Thorfinnson. "Aggressive law
enforcement action combined with extensive merchant education can
significantly impact debit card fraud activity."
Interac Association has one of the most secure networks in the world.
Billions of transactions occur every year, with 99.99 per cent of them
conducted without any issue. In the instance that debit card fraud does occur,
consumers are protected by the Canadian Code of Practice for Consumer Debit
Card Services which ensures that all victims of debit card fraud will not
suffer any financial losses.
|
|
Debit Card Fraud At Gas Stations Declines By 60 Per Cent
TORONTO, Dec. 14 /CNW/ -
Interac Association today reported that debit card fraud at gas stations
across Canada has declined by more than 60 per cent over the past year. The deep decline,
representing about $15 million in avoided fraud losses, was largely the result of Project
Protect, a joint education initiative spearheaded by Interac Association and law enforcement
with support from Payment Card Partners and other industry partners. The program, which
launched in November 2005, educates gas retail owners, managers and employees about payment
card fraud and how they can help prevent it from occurring at their location. "Project Protect
was directly targeted at gas stations in Southern Ontario to significantly reduce and
ultimately eliminate debit card fraud from occurring at all locations," said LeAnne
Thorfinnson, VP, Operations, Interac Association. "While fraud continues to be a growing
problem, the reduction of debit card fraud in the gas retail sector is a step in the right
direction and demonstrates how we're making it more difficult for fraudsters to operate in
Canada." Project Protect is a program in which law enforcement officers visit gas stations to
educate management and their employees about payment card fraud. The program provides training
for front-line officers and equips merchants with valuable tips to prevent payment card fraud
from occurring in their locations. In addition, in regions across Canada where Project Protect
is not operating, Interac Association works with its members to provide gas retailers with
educational material and security tips. "Since the launch of Project Protect, we have seized
skimming equipment, made arrests and seen an increase in the number of gas station employees
reporting attempted skimming incidents," said Acting Detective Brian Wintermute, Peel Regional
Police. "The success of Project Protect clearly demonstrates that education is an important
tool in the fight against fraud." In September 2006, Project Protect was rolled out across
Ontario and into other retail sectors with the support of the Ontario Provincial Police,
Retail Council of Canada and the Ontario Ministry of Community Safety and Correctional
Services. "We're pleased with the collaborative efforts of all the partners involved in this
successful project," said Thorfinnson. "Aggressive law enforcement action combined with
extensive merchant education can significantly impact debit card fraud activity." Interac
Association has one of the most secure networks in the world. Billions of transactions occur
every year, with 99.99 per cent of them conducted without any issue. In the instance that
debit card fraud does occur, consumers are protected by the Canadian Code of Practice for
Consumer Debit Card Services which ensures that all victims of debit card fraud will not
suffer any financial losses.
|
|
|
Maharashtra launches smart card licences for 'paperless travel'
Rajendra Aklekar
Mumbai, December 10, 2006
You won't have to maintain documents, cards and files while you travel
from Monday. In a move to encourage paperless travel, the Maharashtra transport department on
Sunday morning officially inaugurated the new smart card motor driving licences and optical
strip-enabled certificates of registration (RC Book).
Chief Minister Vilasrao Deshmukh who also holds the transport portfolio,
was the first recipient of the smart card driving licence at a function held at the Tardeo RTO
in central Mumbai on Sunday morning.
"It is a move that will help curb malpractices like forged licences and
false entries in the vehicle's registration book. No one will be able to tamper with the
licence or duplicate signatures and misuse it. The licence and the RC Book will have a small
4kb memory chip and the authorities will be able to get a list of all the traffic offence
history and other background details with these two cards," Chief Minister Vilasrao Deshmukh
said.
"The card is going to bring about a revolutionary change in the state's
road transport scenario. It will capture an individual's driving habits on the card, by making
available a list of traffic offences and it will help us grade drivers. Those with least
traffic offences on the card will be considered the best among them," GS Gill, Maharashtra's
transport secretary said.
"The new licences will require a person to compulsorily come down to our
office to get photographed. The real time photograph will be saved in our database and
replicated on the card issued." "This will make touts and agents very difficult to operate as
no passport-size photographs and documents will do, but only a personal visit," Maharashtra
transport commissioner Shyamsunder D Shinde told HT.
|
Student Smart Card To Be Launched Tomorrow
KUALA LUMPUR, Dec 7 (Bernama)
A smart card to address the problem of "missing" foreign students in the
country would be launched tomorrow, Home Affairs Minister Datuk Seri Radzi Sheikh Ahmad told
the Dewan Negara Thursday.
He said the card was one of the government's proactive measures to tackle
the problem.
"With the introduction of the student smart card, foreign students are
required to bring it along (wherever they go). By doing so, we can monitor the students," he
said when replying to Senator Siw Chun Eam during question time.
Radzi said the card would be embedded with security features which could
not be forged.
A similar card would also be introduced for foreign workers, he said.
Up to Oct 31, a total of 1,271 foreign students had been categorised as
"missing", he disclosed.
They were listed as "missing" after they were not found at their tertiary
learning institutions.
On the issue of foreign students seeking employment, Radzi said the
government adopted a strict policy on giving permission to those who applied for permits to
work temporarily.
Until September, he said, the ministry approved only 21 applications from
foreign students to work part-time.
"Before granting approval, we conduct various tests to satisfy ourselves
whether students wanting to do part-time jobs genuinely need them to support themselves," he
added.
Radzi said his ministry also imposed stringent conditions on institutions
of higher learning taking in foreign students to ensure they really took care of their
students.
"If foreign students are caught working part-time without permission, the
colleges they have enrolled in will be notified," he said.
"So far, 16 colleges have the approval to recruit foreign students
revoked for breaching various conditions, including protecting students working illegally.
"We don't want them to come here and attend classes for only three days
and work for the rest of the year. We want them to study for nine months and work for less
than 20 weeks in a year," he added.
|
|
December 8, 2006 - ZDNET
State to extend comment period on RFID in border cards
Government technology RFID
In the light of new criticism of the State Department's plans to use RFID
chips in passport cards, the department is extending the public comment period on the proposal
until Jan. 7, Information Week reports. The Smart Card Alliance recently criticized the
government's plans to use RFID in passport cards, which could be used in place of passports
for travelers in and out of Canada, Mexico and the Bahamas.
The Smart Card Alliance is urging the federal government to adopt the
same microprocessor technology used in e-passports. The group argues that microprocessors
allow for encryption, authentication, and other security enhancements, and that the radio
frequency signals in passports have a shorter range and are therefore less vulnerable to
interception.
Frank Moss, the State Department's deputy assistant secretary for
consular affairs, said the government would issue RF-blocking sleeves to protect the cards and
help secure people's information. He added that the cards will have strong security features.
"There will be all sorts of security features embedded in that card," he
said. "It will be very difficult to reproduce except in a very sophisticated printing process.
We're not talking about drivers' licenses."
Moss said that although inspectors will still physically check cars and
identification, the passport cards would probably cut a few seconds out of inspections. In
heavy border traffic, a few seconds for each vehicle can translate into hours of waiting time,
he said. "For every second you add, when you multiply that by the number of people going
across the border, you have enormous implications."
|
December 9, 2006
US struggles with RFID plan
Privacy activist opposes US ID card plan
Jaikumar Vijayan
A US government plan to use RFID (radio frequency identification) chips
in a proposed passport card programme for US citizens is drawing fire from some quarters. The
identification cards would be needed by residents who don't have passports for verifying their
identity at land and sea border crossings.
The Smart Card Alliance, a non-profit industry body representing several large vendors of
smartcard and RFID technologies, this week formally urged the government to reconsider a
decision to use RFID technology in personal ID verification cards. The alliance cited security
and privacy concerns for its stance.
It was responding to a 17 October notice in the Federal Register in which
the US Department of State announced plans to use RFID chips for a proposed new passport card
to be issued as part of the Western Hemisphere Travel Initiative, or WHTI.
Under WHTI, all Americans travelling to Mexico, Canada, the Caribbean and
Bermuda will be required to show some form of personal identification approved by Department
of Homeland Security when entering the US. The identification could be in the form of a
passport or the proposed new passport card and is intended to shore up security at the
nation's borders. Passengers travelling by air between the different countries will be
required to show such proof of identity starting 1 January, 2007, while those travelling by
land and sea have until January 2008.
In its notice, the State Department said it would use "vicinity read"
RFID technology in the cards rather than the "proximity read" contactless smartcard technology
being incorporated into new ePassports. The goal is to have credit-card-size passport cards
that can be read from at least 20-30ft away by customs and border-protection officials to
speed up the authentication process.
There are several problems with that approach, said Randy Vanderhoof,
executive director of the Smart Card Alliance.
For instance, long-range RFID technologies are vulnerable to snooping and
forgery, Vanderhoof said. Cards built using such chips will have no built-in security features
for verifying their authenticity, he added. In contrast, the contactless smartcards used in
ePassports support encryption and digital certificate technologies for securing data and
verifying authenticity. Because that technology differs from what is being used in the
ePassports, US border infrastructures will need to be updated, Vanderhoof explained.
An equally big concern is the potential privacy threat posed by RFID-enabled
cards, said David Williams, vice president for policy at CAGW (Citizens Against Government
Waste) in Washington.
While there is a need to enhance border security, "we do not believe RFID
is the best way to do this", Williams said. People carrying such RFID-enabled identity cards
could unknowingly be exposed to greater surveillance, he said. Individuals with such cards are
also likely to have less control over when they want to be identified and what information is
read, stored and shared.
"With other forms of identification, you literally have to pull your card
out of your wallet. With RFID, you don't know when it is being accessed," Williams said.
Those concerns prompted CAGW to send a letter to the Department of
Homeland Security this week urging its Data Privacy and Integrity Advisory Committee to pass
an earlier subcommittee draft report that recommends against the use of RFID for personal
identification. In that report, released in May, the DHS subcommittee had argued that RFID use
could marginally reduce delay times at borders and checkpoints but carried several risks,
including the potential for increased surveillance and erosion of privacy and anonymity.
"In a visual ID-check environment, a person may be briefly identified but
then forgotten, rendering them anonymous for practical purposes," the report noted. "In a
radio ID-check environment, by contrast, a person's entry into a particular area can easily be
recorded and the information permanently stored and repeatedly shared."
The DHS subcommittee is scheduled to meet on Wednesday to discuss the
issue.
In reality, it is unlikely that individuals carrying the cards will be
tracked, said Tres Wiley, director of e-documents at Texas Instruments, which manufactures
both RFID and proximity-read smart-card technologies. However the mere possibility is likely
to scare people off, he said. "Citizen acceptance is going to be very important to the use of
this card", and that's not going to be easy to get, he noted.
|
|
Banks roll-over on smart card roll-out
Ben Woodhead - The Australian
DECEMBER 12, 2006
AUSTRALIA'S banks are positioning themselves for the final run to
introduce smart credit cards after years of baulking at the cost of phasing out
magnetic-stripe technology in favour of microchips.
The manoeuvring is being influenced by the federal Government's $1.1
billion welfare Access Card project, but fresh questions have arisen over whether or not
smartcards will provide consumers with significantly improved protection from credit card
fraud.
Banks have claimed major victories in cutting credit card fraud thanks to the implementation
of crime busting computer systems that use neural networking technology to detect illicit
transactions.
Visa Australia head of business development Vipin Kalra said computer
systems enabled banks to almost halve the cost of credit card fraud over the past five years.
Credit card fraud rates had been cut from up to 0.05 per cent of total
Australian credit card sales five years ago to less than 0.03 per cent, Mr Kalra said.
The most common forms of fraud were skimming and counterfeiting, he said.
The Australian Payments Clearing Association agrees that the highest card
fraud losses by value stem from skimming and counterfeiting, but estimates 2006 credit card
fraud at 0.039 per cent of card transactions, or $87.4 million.
"We've seen a big drop in fraud in Australia over the past couple of
years," Mr Kalra said.
"(The drop is because of) the banks' ability to put a lot of monitoring
systems in place so they can track activities on the card. Those systems are now starting to
show their benefits."
ANZ Bank widely advertised its Falcon neural network as part of a
campaign to establish its security credentials.
Falcon identifies anomalous credit card transactions and is one of three
platforms the bank uses to manage credit card fraud.
The others - Eagle and Hunter - are merchant-oriented systems to track
fraudulent credit card applications.
ANZ general manager of consumer cards Nick Reade said these systems had
helped the bank cut credit card fraud by 60 per cent in the past five years.
He cited examples where Falcon detected the use of a stolen credit card
before the cardholder knew his wallet had been purloined because of changes in the buying
patterns detected by the bank's systems.
Systems such as Falcon were an important part of ANZ's drive to establish
itself as the most security conscious Australian bank, he said.
"Pretty well everything we do nowadays we communicate that we take fraud
very seriously," Mr Reade said. "A lot of our own internal research on what's important to
customers - drivers of satisfaction, drivers of usage of credit cards - increasingly (show)
what's coming out as number one is security."
Mr Kalra said the fraud-fighting capabilities of computer systems such as
Falcon meant banks had not been under pressure to implement smart credit cards.
Microchip-enabled credit and debit cards have long been touted as an
important tool in the fight against payment fraud by Visa.
Many Australian banks have argued that the costs of implementing
smartcards was greater than the cost of fraud.
"We have to get (to smartcards) but because fraud is under control within
the banking industry there isn't a huge urgency to just turn over all the cards over night,"
Mr Kalra said.
Commonwealth Bank general manager of product and market development Brian
White said the success of crime-fighting technologies meant consumers were unlikely to notice
big reductions in creditcard fraud following the introduction of smartcards.
"(With smartcards) the consumer on the street has the confidence that
he's consistent with the current standard. Does that mean today he's at risk as a consequence?
Well the data shows he's not measurably," Mr White said.
Mr Kalra's and Mr White's comments were made at the launch of the
Australian Smartcard Users' Forum (ASUF) last week.
ASUF members include the big four banks. It was founded to pressure the
federal Government to use private-sector payment networks to process transactions associated
with the $1.1 billion welfare Access Card.
ASUF chair and NAB regional general manager for specialised businesses
Bruce Munro said the group would work to manage any consumer concerns if banks were seen to be
lagging behind the federal Government on using smartcards to protect consumers from fraud.
"One of the reasons we put the forum together was to try and manage
perceptions like that," Mr Munro said.
"Another risk, I suppose, is that the use of a chipped Access Card may
have some negative connotations that we have to manage for our own roll-outs,"
ANZ's Mr Reade declined to comment on the activities of his competitors
but said smartcards would play an important role in protecting consumers from fraud such as
credit card counterfeiting.
ANZ has issued 1 million smartcards and has a goal of converting all 3
million ANZ cards smartcards within a year.
The CBA, NAB and Westpac are yet to announce smartcard roll-out
timetables.
|
|
Smart Card Alliance slams RFID use in US passport card program
5th December 2006
By Staff Writer - Computer Business review On-line
The Smart Card Alliance is urging the US government to reconsider using
long-range RFID technology in implementing its passport card program.
The passport card has been proposed as an identification card for US citizens without
passports to verify their identity at land and sea border crossings.
AdvertisementThe Smart Card Alliance believes that vicinity-read RFID
technology proposed for the passport card is the wrong technology to implement a secure
identification card. It is suggesting an alternative in the form of 'proximity' contacless
smart card technology.
According to the alliance, long-range tag RFID is used typically to track
products, while contactless smart card technology is already in place at the border to
validate the identities of travelers with ePassports. Contactless smart card technology has
also been recommended by the National Institute of Standards and Technology for more than 10
million government employee and contractor identification cards that began to be issued in
November.
The alliance provided details of its concerns with the passport card
decision to use vicinity-read RFID technology, and gave recommendations for measures that the
US Department of Homeland Security and Department of State could implement to improve the
passport card program.
The issues with the proposal detailed in the response include: lack of
security safeguards in long-range RFID technology; potential for tracking and citizen
distrust; and duplication of required border infrastructure to accept this identity document
technology in addition to ePassports and potential operational issues with multiple
vicinity-read RFID tags in vehicles.
"The US government needs to focus on a policy for efficient border
crossing that increases border security and citizen privacy," said Neville Pattinson, director
of technology and government affairs at Gemalto and the co-chair of the Smart Card Alliance
Identity Council. "The necessary technology is readily available to back up such a policy.
Contactless smart card technology, compatible to that already being used globally in
electronic passports, possesses all the security features necessary to protect citizen
privacy, whilst upholding all operational parameters at the land border check points."
The alliance states that there are many advantages to using contactless
smart card technology for the passport card program, including the ability to support
electronic verification of authenticity to prevent counterfeiting and to use secure, encrypted
communications to thwart eavesdropping and replay attacks, and ensure privacy protection for
cardholders. |
Canadian Chip Technology Trial Scheduled For Autumn 2007
Members of the Canadian payment card industry -- Interac Association,
MasterCard Canada Inc., Visa Canada Association, and many of their respective card issuers and
processors -- have announced their commitment to conduct a chip technology trial in
Kitchener-Waterloo, Ontario. The trial will allow participants to test the infrastructure and
ensure interoperability of systems and devices in a controlled manner prior to each
participant's national roll-out plan.
The first chip transactions will occur in the autumn of 2007, with card
issuance and device deployment increasing over the months following, reaching a sufficient
volume for research by March 2008.
The migration to chip card technology represents a significant change in the Canadian payments
landscape and this multi-participant trial is an important step in ensuring a smooth
transition for all participants in the electronic payments system.
A chip card is a credit or debit card that contains an embedded computer
chip and provides increased protection against counterfeit and lost and stolen card fraud. In
addition to providing increased security, the chip card also offers a platform for future
opportunities, new product and service offerings. The migration to chip card technology
represents an evolution of the electronic payments systems designed to make an already safe
payments system even more secure. The Canadian payments system will be utilizing the
established "EMV" chip standard (Europay MasterCard VISA), which is a proven technology
currently in wide use around the world.
|
|
Schumer warns on no-swipe credit cards
04 December, 2006
By KAREN MATTHEWS, Associated Press Writer
Tens of millions of no-swipe credit cards have been issued in the past
year. When a customer uses the credit card to make a purchase, the card is processed by a
radio frequency identification reader operated by the retailer.
"All you need to be is within a couple of feet of the customer," Schumer
said. "You may as well put your credit card information on a big sign on your back."
"The card and the reader in the terminal are safe and secure, and the
transaction is handled the same way that credit cards are managed today," Thomas O‘Donnell,
senior vice president of Chase cards services, said when the company announced the launch of
its blink cards last year.
In addition, Schumer said contracts for the no-swipe credit cards should
have warning boxes disclosing "the known weaknesses of the technology."
A telephone call to Visa International Inc., the nation‘s largest credit
card brand, wasn‘t immediately returned.
|