1. No category

Using Smart Cards in Electronic Commerce

Using Smart Cards in Electronic Commerce
Dr. Efraim Turban
California State University Long Beach, CA
[email protected]
Debbie McElroy
California State University Long Beach, CA
[email protected]
Abstract
Smart cards have been in use for over two decades
mainly for storing small amount of money. People carry
them to pay for telephone calls, transportation,
photocopying in libraries and the like. These cards have
become very popular in Europe and Asia. Recently, the
use of smart cards has expanded considerably. For
example, in several countries smart cards are used as
identification cards which include information ranging
from health status and insurance to retirement benefits.
The latest development in smart cards technology
is its Internet related applications, which are mostly
related to the support of payment systems and security.
Key words: Smart cards, electronic commerce, electronic
payments, Internet
I. Introduction
Conventional smart cards are about two decades old
and have gained widespread acceptance in Europe and
Asia where they are primarily used as stored-value cards
for buying goods and services. A Frenchman named
Roland Moreno, who patented this technology, invented
smart cards in 1972. These cards have matured over the
last twenty years and today’s smart cards are defined as
credit-card-size plastic cards embedded with computer
chips that store and process data. The latter is an
important evolution from the widely used memory-only
cards such as magnetic strip cards. With smart cards,
applications can now be built into servers and other
environments with transactional elements. 1
Now smart cards, and the computerized systems
that use them, are designed to provide and record
information about the user or the user’s account. For
example, a smart card may be used to authorize payments
or purchases, without the need for telephone links to the
card-issuer. Similarly smart cards can be used to maintain
computerized individual medical records without the
need for a centralized database or computer system.2
But, most sources agree that merely loading a stored
value application onto a card isn’t enough to make a
business case for the cards. Still, by the end of 1997,
more than 100 million smart cards will be in use
worldwide; 95 percent will be in Europe. Given this
information, it is apparent that smart cards applications
are spreading rapidly. 3
A. How do smart cards work?
There are two basic kinds of smart cards. The first
type of card is often called a memory card. Memory
cards are primarily information storage cards that contain
stored value which the user can “spend” in pay phone,
retail, vending machines or related transactions. This is
the more familiar smart card and it contains a magnetic
strip that is similar to credit cards and ATM cards. These
cards have been used, for example, in mass transit
systems throughout the world.
The second type of card is an “intelligent” smart
card, which contains an embedded microprocessing chip.
This type of card contains a central processing unit that
actually has the ability to store and secure information,
and make decisions as required by the card issuer’s
specific applications needs. Because intelligent cards
offer a read/write capability, new information can be
added and processed. For example, monetary value can
be added and decremented as a particular application
might require. There are many examples where this type
of card could be used from buying a Big Mac to making
phone calls or paying parking meters or tolls.
The intelligence of the integrated circuit chip
allows the protection of the information stored on the
cards from damage or theft. For this reason, the
intelligent smart cards are much more secure than
magnetic stripe cards, which carry information on the
outside of the card and can be easily copied or damaged.
Newer smart cards are an effective way of ensuring
secure access to open interactive systems, such as
encryption key mobility, secure single sign-ons and
electronic digital signatures. As faster microprocessors
increase in power, these credit-card-like IDs will work
their way into employee pockets and enterprise servers
for use in security, electronic commerce, and other
For example,
cryptographic-based applications. 5
accessing network resources may soon be more like
charging groceries at the store or getting cash from an
automated teller machine: one swipe of the card and you
are in a working system. As the cost of cards is reduced,
an era of integrated electronic ID cards that are capable
of defining a user’s profile and network-access privileges
- with the potential to hold financial and health-care
information and other personal data will begin.
1060-3425/98 $10.00 (c) 1998 IEEE
B. Where are smart cards used?
Smart card applications are becoming more and
more pervasive within our society. There are many uses
for these cards such as: 6
•
•
•
•
•
Education: Smart cards are being used on university
campuses to link students with their schools by
personalizing the student’s administrative data and
managing all student services on campus like grades,
fees, library, sports, healthcare.
Transit: Create secure and easy-to-use ticketing and
payment methods for public transportation (trains,
buses, ferries), plane tickets, parking meters, and toll
roads.
Access Control: Control and limit access to
restricted areas: buildings, offices, doorways,
computers, networks, software applications, and
confidential data files.
Community Services: Improve the interaction
between individuals and their community services:
library cards, tickets, local taxes, water usage fees,
driving licenses.
Electronic Payment: Offer an ideal solution for a
myriad of applications: electronic purses, public
telephone phone cards, payment coupons, customer
clubs, electronic shopping, and Pay-TV.
Most of these types of applications require a stored
value type smart card. These cards are used for a variety
of transactions and can be purchased with a pre-set value,
which is then debited at each transaction. This is the case
with the education and transit type cards. Many large
banks are exploring the use of smart card technology for
electronic payments. These cards are capable of being
loaded with cash values from ATM machines or even
home computers. Banks are now escalating their trials of
digital cash and smart-money cards, so soon consumers
will be able to use them in may businesses such as
restaurants and hotels. 7
II. Smart Cards Adoptation: The United
States vs. Europe and Asia
Compared with European and Asian countries,
adoption and use of smart cards within the United States
has been rather slow. Recently there have been a number
of pilot projects with one of the biggest occurring in
Atlanta during the 1996 summer Olympic games. On the
other hand, as shown in Table 1, smart cards in some
European and Asian countries are more prevalent. The
question for the future of smart cards in the USA is how
to overcome various structural problems to make multiapplication smart cards, with all of their advantages a
commonplace? 8
Application and
Location
Master Card Cash
stored-value card
Visa Cash storedvalue card, Atlanta,
GA
Number of
Cards
10,000 issued
Proton stored value card,
Belgium,
Netherlands, Brazil,
Australia
Social security ID
Card, Spain
90,0000 issued
more than one
million
500,000 issued,
seven million
by
1997, 40 million
by
2001
Status
Started in March
1996
Cards usable at
Olympic
sites, transit
system, and
several thousand
stores
Full scale
introduction in
progress
Full scale
introduction in
progress. Card
gives access
to medical benefits
and is
verified by stored
fingerprint
Citizen ID Card,
1,500 issued
Pilot Project. Cards
South Korea
include ID, driver’s
license, medical
insurance and
retirement benefits
Health Insurance
80 million
Started in 1994 for
Card, Germany
issued
identification only
Health information 200,000 issued
Pilot project for
card,
starting in 1996 cards
European Union
containing only
essential
information for
medical
treatment
Contactless transit
3 million issued Pilot project started
fare card,
by 1997
November 1995.
Hong Kong
System wide
introduction in
progress
ID and stored
12,500 issued
In use. Cards work
value card,
in vending
Washington
machines, laundry
University, St.
and others smallLouis
value applications.
They also serve as
ID cards for access
to campus facilities
Table 1. Smart Cards usage in different Countries
Source: Scientific American, Aug. 1996
1060-3425/98 $10.00 (c) 1998 IEEE
One industry in the U.S. that has a lot to gain by
the use of smart cards is the banking industry. To digress
a little, let’s look at the finance side of banking. Since
1966, its asset base has grown from $400 billion to $2
trillion - a five-fold increase. Yet, total deposits have
dropped from 38% to 24%. In addition, computerized
systems expenses for the U.S. banking industry have
grown from less than $1 billion in 1966 to over $20
billion in 1996. Banks have high fixed overhead to
support, yet have substantially fewer dollars to work
with. 9 This is leading the banking industry to use home
banking and new electronic payment mechanisms, which
are significantly cheaper, and which may involve smart
cards.
In Europe, the banking industry is dominated by
very large institutions that can adopt new programs easily
by foreclosing consumer choices. This has made it
relatively easy to form large consortia of banks,
merchants,
telecommunications
companies
and
governments to launch new technologies such as smart
card programs. 10 The United States, on the other hand
was built on Adam Smith’s laissez-faire principles, and
people were raised to think and act in their own interests.
The result on the macro side includes: fragmented
banking, merchandising and telecommunications
systems, not to mention competing credit card programs.
Industry observers point out that Americans like to think
they control their own checking accounts. Europeans on
the other hand are used to having their utility bills, for
instance, paid directly out of their accounts to the billing
authority. Since many smart card programs work as
debit cards, it may take some selling to convince
Americans that smart cards are a smart move for them.
Another reason is the size of the countries involved, and
the centralized control of health services, driver’s
licenses, and insurance which are natural areas for smart
cards. Therefore, it may take five to seven years before
smart card technology in the US will catch up with that
of Europe and Asia.
III. The Internet and Smart Cards
Cyberspace access continues to grow, with usage
of the Internet more than doubling every year. For
example, nearly one-quarter of Americans and Canadians
over the age of 16 - or 50.6 million people, were hooked
up to the Net at least once during the month of December
1996. 11 Many Internet users frequently visit virtual
storefronts, although most are still window shoppers.
Only about 5.6 million people, or 15 % of Web users,
actually make purchases on-line, but this number is
growing rapidly.
Forrester research Inc., estimates that $300 million
in transactions were completed on the Internet in 1995.
By 2000, over $25 billion in transactions are projected.
Currently less than 10% of all payments processed by
U.S. banks are made electronically. The remaining 90%
require a high level of manual labor to process. Paperbased payments cost up to $0.60 / transaction to process.
Electronic payments are estimated to require only $0.02 /
transaction to process. 12 For this reason the US federal
government is mandating electronic payment of all
government entitlements to bank accounts or to smart
cards by the year 1999. It would seem logical to think
that as consumers become more comfortable shopping
electronically, paying electronically would be an ideal
bridge. Internet payments can be made by electronic
checks, electronic credit cards, electronic cash or
electronic debit cards. All of which have advantages and
limitations. Some of these limitations can be removed by
using smart cards.
Therefore, several companies are developing smart
cards that can be used for shopping over the Internet.
These cards slip into a smart-card reader that is a standalone unit, or installed in the PC and have been dubbed
“Plug and Pay.” In the UK for example, Visa is testing
its “electronic purse” card for Internet purchases. And in
France, the Banque Nationale de Paris, Gemplus, and
various other organizations are working together to
develop a secured way to purchase goods and services
over the Internet by using smart cards. In the United
States, Verifone demonstrated in mid 1997 its Personal
ATM system, which is designed to support downloading
of virtual cash from your bank account into a smart card
that you slip into a card reader. 13
The recently debuted WebTV includes a smart card
reader in its hardware. WebTV is an Internet service
provider that aims to capture a large part of what its
management hopes will be the mass-market future of the
Internet, including bank-originated electronic commerce.
IV. Smart Cards applications and their
benefits
Those who advocate the use of smart cards contend
substantial advantages like cheaper administration, better
fraud protection, support of multiple financial services
through the electronic channel, better prospects of data
mining and, in their stored-value incarnation, an interestfree loan to the bank from the cardholder. These all
represent good enough reasons for card issuers to adopt
smart cards.14 Such benefits can be observed in the
following applications:
A. Cash Cards
The technological limitations of the magnetic-stripe
card are recognized by many, including the large credit
card issuers such as VISA and MasterCard. These cards
have limited storage capacity and are passive devices
without built-in logic for security control. With the
power and capacity of integrated circuit chips growing
1060-3425/98 $10.00 (c) 1998 IEEE
rapidly, coupled with falling costs, the intelligent smart
card is increasingly being acknowledged as the most
likely alternative for the magnetic stripe.
While credit cards are commonplace in developed
countries, especially the United States, they remain
uncommon in other countries, particularly those with
undeveloped credit markets and developing economies.
But, even with credit cards, cash transactions have
consistently accounted for more than half of total global
personal expenditures. In 1993 alone, cash transactions
accounted for $8.1 trillion of $14 trillion in global
personal spending. 15 The new system of digitized
commerce can be seen as market expansion for credit
card companies. People who use only cash by choice, or
cannot qualify for a credit card because they have yet to
build a credit history, are ideal candidates for smart
cards.
B. Transaction Savings
Smart cards enable customers to make payments
without requiring communication between the merchants
and a centralized credit card information network or
ATM clearing system. They also avoid the high costs of
physical check clearing and, unlike checks, entail no
credit risk. As such, smart cards offer the convenience of
cash without collection risks.
Another advantage is that like checks but unlike
cash, smart cards could pay interest on account balances.
Since the chip within the card costlessly keeps track of
the timing and amounts of transfers, smart card banks
could share several financial benefits with cardholders.
These would include the cost savings from avoiding
cleared-check processing and interest earned on the
money while “stored” on the card.
C. Security Applications
Smart cards have advantages over software
implementations for security by providing tamper-proof
devices that users can carry with them to protect
corporate data and communications. On a corporate
level, it looks to be somewhat simpler to add smart cards
to a security system than with consumer-banking-type
applications. Smart cards are the attractive option for
remote corporate users because private cryptographic
keys, certificates, profiles, and other user data are held
apart from the enabling device, and if a computer is lost
or stolen, encrypted files and data will be protected.
D. Fraud Protection
The best way to appeal to the user’s mind, say
experts, is to appeal to his(her) common-sense selfinterest, and stress smart cards’ strong fraud protection.
Since preventing fraud is in everyone’s best interests,
offering it should prove a strong selling proposition.
With credit card fraud topping over $1 billion
annually in the United States alone, the need for
enhanced authentication mechanisms are the main
catalyst of the search for alternative solutions. In France,
for example the Cartes Bancaires program reduced credit
card fraud from about .27 percent when it was introduced
in 1987, to nearly zero in 1996. Another study showed
that in France, the use of smart cards with a personal
identity number, cut the costs of fraud from around $4 $5 per card in 1992 to almost nothing in 1996. 17
E. Cash Error Handling
Similar in nature to fraud is cash pilferage from
industries like restaurants, hotels, and tolls. Traditional
cash-management practices attempt to reduce pilferage,
shortages, and overages, which inevitably occur with
currency in cash handling with the help of a physical and
perpetual inventory of cash. With smart cards, and their
digital cash transactions, these problems should be
eliminated along with the time-consuming accounting,
auditing, and adjustment activities. 18
The ability to store and in some cases to process
data in a small wallet sized card is the primary strength of
smart card technology. This strength translates into
reduced loads over telecommunication networks, since
there is no need for authentication and authorization from
remote banks or certifying institutions. Also, there is a
more efficient service delivery due to automated data
access. The automation of previously manual processes
through the use of smart cards results in an overall
reduced cost of service delivery. Because of their
relatively large data capacity, more elaborate security
measures can be incorporated into smart cards. Digitized
pictures or thumbprints would prevent theft and reuse.
Proprietary encryption schemes can also be employed to
prevent forgery.
V. Implementation Issues
In the on-going use of smart cards in future
applications there are a number of issues which need to
be addressed. Some of these include:
A. Encryption
The U.S. Congress once again faces a crucial
though somewhat esoteric issue - U.S. encryption policy.
Three bills have recently been introduced that would
liberalize current export restrictions and derail some of
the Clinton administration’s attempts to guarantee access
to encrypted communications. The results of the debate
will have profound implications on electronic commerce.
At the heart of the issues is how the law should be
updated to account for changes in technology and the
1060-3425/98 $10.00 (c) 1998 IEEE
global political environment. Electronic commerce and
the security of electronic messages rely on the
encryption. Traditionally encryption was used by spies
and governments during the Cold War to keep secrets.
With this in mind, encryption hardware and software,
certain technical data and discussions of the higher math
that form the basis of cryptography, have been treated by
the U.S. as munitions. Nowadays however, much
stronger forms of encryption than those used during the
World War II are used to protect a $5 smart card you can
use to buy a Slurpee at the local 7-11. Nonetheless, the
law has not changed to match the evolving role of the
technology, or the environment in which that technology
is used. A manufacturer of security software offered a
reward to the first person who would crack the strongest
level of encryption that would be readily allowed for
export under the administration’s liberalized policy - it
took a college student only 3 1/2 hours to collect. The
currently exportable standard of encryption does not
provide adequate protection for particularly sensitive
data. 19
B. General Security
In a report released in February 1997, the
Computer Security Institute (CSI) and the FBI revealed
that 47% of the 563 U.S. organizations surveyed had
been attacked through the Internet, up from 37% reported
in a 1996 CSI-FBI survey. The survey also contradicts
the conventional wisdom that the vast majority of attacks
come from within the organizations. While 43% of
respondents reported attacks from within, 47% said they
experienced external attacks. Smart cards are tools that,
if used properly, can provide a high level of security.
Hewlett-Packard broadens its security offerings in May
1997, with two smart-card solutions that include the
cards, readers to scan the information stored on the
processor embedded in the cards, and a management
system. Also included is a developer’s toolkit to let
third-party vendors build hooks into applications that can
then use the smart-card authentication capability.
C. Infrastructure and Standards
Lack of established smart card standards are a
primary weakness of the technology. Until technology
standards are developed it will be difficult and ill advised
to implement large-scale smart card applications. The
lack of a nationwide infrastructure to support smart card
based transactions limits the wide spread use of stored
value smart cards,20 but widespread usage is only waiting
for the availability of card readers integrated with
computers. The cost of readers is relatively small,
although the installation and support could be high21.
Furthermore, the PC/SC Workgroup, a consortium of
PC and smart-card vendors led by Microsoft, is ironing
out the standards for interfacing smart cards and card
readers with PCs.
The specifications will insure
interoperability among smart cards and readers and
provide high-level APIs for application developers. HP
is developing a keyboard with a built-in reader device,
and Verifone is introducing low-cost readers attached to
PCs. Currently plug-in devices that read smart cards are
available for disk drives and PC card slots
D. Securing Privacy
One of the unknown elements in smart card
technology is how much data mining will be built into
smart card applications. Most people are very protective
about privacy and issues relating to their rights to
privacy. In fact, this quote was recently made: “Since
privacy is such an evident value in our society, where
technology threatens the value, entrepreneurs can be
counted on to seek means to defend it,” (Chairman of the
USA Federal Reserve System’s Board of Governors,
Alan Greenspan). If we wish to foster innovation, we
must be careful not to impose rules that inhibit it. To
develop new forms of payment, the private sector will
need the flexibility to experiment without broad
interference by the government.
Alan Westin, a Columbia University researcher of
privacy issues, cited a 1996 Louis Harris & Associates
survey that found 83% of consumers believe they have
lost control of how information about them is gathered
and used. That figure was up from 80 percent only a year
earlier. If smart cards are going to become ubiquitous in
our society, consumers are going to demand that the
issues of privacy be addressed right up front.
E. Legal Issues
As scores of banks and businesses charge onto the
Internet, cyber-commerce and electronic cash (dubbed ecash) transactions are creating a swamp of untested legal
issues. One urgent issue: Is e-cash really cash and legally
recognized currency? After months of study and debate,
lawyers from Silicon Valley to Capitol Hill seem to be
saying that e-cash is not a legal tender, like paper money
and coins. That conclusion will have vast implications
for future consumer protection and banking regulations.
E-cash is not real cash but an obligation that an issuer has
created to pay a monetary amount at some future date.
Unlike cash, which by law a merchant is obligated to
accept, a merchant can refuse a payment from a storedvalue card. Transactions conducted with real money are
overseen by a range of state and federal laws and
government agencies. Bank deposits, for example, are
federally insured up to $100,000. What about insuring ecash contacted on a stored-value smart card?
Other related legal issues include: who is liable if a
smart card is lost or stolen? What kind of contract is best
1060-3425/98 $10.00 (c) 1998 IEEE
for all parties, including banks, merchants, and
consumers? Will e-cash be affected by state civil and
criminal laws on the Internet? Should e-cash be
regulated by federal laws and policies? Or should the
federal government let the cybermarket police itself?22
VI. The Next Steps
A. Smart Card Incentives
Since cash has been a perfectly good medium of
exchange for thousand of years, many smart card experts
are aware that the adoption process for smart cards may
not be so easy. So, in order to “jump start” this process,
there is talk of offering incentive programs to induce
consumers to change to the new technology. The
vendors realize that convenience is not enough. The 1996
Olympic Games in Atlanta was a test-bed for smart
cards. The depleted cards were saved as collectibles, so
more people were motivated to use smart cards.
Wells Fargo is developing and testing a number of
financial and technology incentive programs for paying
for fast food. To find out how much incentive it will take
to wean consumers off cash about 900 Wells Fargo
employees are using the cards with 22 selected merchants
near their downtown San Francisco headquarters.23
B. Banking and Stock Trading
Web users who bank, shop, and trade stocks online via the Internet will be able to use cryptographyenabled smart cards by 1998 for authentication, to access
restricted areas, and to sign documents. Several pilot
tests of cryptographic smart cards are under way in the
corporate environment, and applications for intranets and
business-to-business networks are expected to begin
rolling out by the end of 1997 24. The advantages to
stock traders in using smart cards relates to security. If
you have the card and know what that encrypted
password on the card is, a more secured environment can
be created.
C. Digital Signatures
Smart cards are more secure, more portable, and
more useful than software-based digital certificates.
Public key certificates also called digital certificates,
digital IDs, and certificates of authentication, are crucial
for electronic commerce. Most Web experts expect the
certificates to become as ubiquitous as driver’s licenses.
But as software, digital certificates are vulnerable to
viruses and to tampering with the hard drive. They
cannot be easily transferred among computers that many
workers need to use at the office, at home, and on the
road. A cryptographic smart card, can be taken anywhere
where there is a card reader. In 1997, the reader’s price
was $100 - 300, therefore the price needs to come down a
bit for wide-range acceptance and use.
Digital signatures can be used in other areas of
electronic commerce, especially in business-to-business
trading where you want to ensure that the person placing
electronic orders is the person authorized to perform that
function. In today’s markets where competing on time is
critical, an additional piece of security can expedite
trades and facilitate electronic commerce tremendously.
D. Multi-application Cards
Although most current smart cards can only handle
basic cryptographic processing, which is primarily used
to verify digital signatures, future versions will be able to
hold and process multiple applications.
Sun
Microsystems Inc. introduced in 1996 the Java Card
APIs, and Gemplus and Schlumberger have licensed the
APIs for use in developing an interoperable smart-card
Operating System. The Java APIs are expected to allow
multiple applications to be loaded and upgraded in a
single card. Schlumberger introduced a Java-based smart
card in May 1997 called CyberFlex, which include
support for Secure Electronic Transaction.
Spyrus, a San Jose-based smart-card developer,
developed a smart card, in June 1997, that supports
multiple encryption algorithms and key management
capabilities for verifying digital certificates. With the
introduction of Web Wallet certificates in mid 1997,
Spyrus smart cards are able to process security, financial,
and other applications on one card.25
However, early adopters should beware. Until
smart-card solutions are widely available, it may be
difficult to piece together best-of-breed and standardsbased cards, applications, and software infrastructure.
It’s like the chicken and the egg, the standards won’t be
established until enough people start to deploy the
technology. But, multi-application capability is seen as
necessary for the widespread adoption of smart card
technology. Otherwise we will be walking around with
15 cards.26 A typical smart card should be able to handle
cash, access to financial services, mass transit, medical
information, and also provide credit card capabilities.
E. Infomediaries
Consumers are realizing that they get very little in
exchange for the information they divulge so freely
through their commercial transactions and survey
responses. Now technologies such as smart cards, Web
browsers, and personal financial management software
are allowing consumers to view comprehensive profiles
of their commercial activities, and then choose whether
or not to release that information to companies.27 Smart
cards could easily be enhanced to capture and store the
names of vendors and transaction amounts. The smart
1060-3425/98 $10.00 (c) 1998 IEEE
card user then could routinely download this information
into a PC to produce an integrated profile of his or her
purchases. What would the value of this information be?
Advertisers might be willing to pay handsomely for it.
Such easily collected profiles would provide explicit
measures of how advertising drives purchasing activities.
People can chose whether or not they want to participate
in programs like these. If they do not wish to reveal
information, the technology makes denial possible.
These infomediaries would in fact play a very
traditional role. When ownership of information shifts to
the consumer, a new form of supply is created. By
connecting information supply with information demand
and by helping both parties involved to determine the
value of that information, infomediaries would be
building a new kind of information supply chain.
VII. Summary and Conclusion
In looking at the information available on smart
cards, it is apparent that there are compelling reasons to
use this technology to provide new solutions to some
electronic payment problems. Smart cards offer a clear
advantage to card issuers, merchants and customers.
They reduce cash handling expenses, reduce losses due to
fraud, expedite customer transactions and enhance
customer safety and convenience. In addition, new
services will begin to evolve, or payment mechanisms for
existing services will start to change. For example,
through the use of smart cards, software could be paid for
on a per use basis instead of through a license fee.
Journalism could be bought by the article much more
easily than today. Many companies would be able to setup an on-line business and begin to receive revenue.28
Managers need to take a close look at their markets
and their products to determine what their best strategy
are regarding electronic cards systems. In the long run,
you can count on mass acceptance of electronic card
payment systems. However, managers need to ask
themselves many questions. Does our current payment
handling system offer the level of service our customers
expect? Is the electronic card payment industry heading
in a direction that best suite our business? If not, should
we get involved in the standardization effort to ensure
our interests considered? Would it be advantages to
implement our own electronic payment system before a
multifunctional card is widely accepted? If we develop
our own electronic payment handling system, do we
adhere to the developing standard? The answer to such
questions can help companies in the development of
smart cards strategy.
Appendix I: Major Smart Card Vendors and
Products
MasterCard is a major player in the Internet
business. It’s gross dollars have been growing at a
consistent 15 - 20% annually. And there was a recent
acquisition of 51% ownership of Mondex International,
the smart-card-based electronic cash venture started by
the National Westminster Bank of London.
In a move to hasten the acceptance of on-line
transactions, AT & T said in May 1997 it plans to use the
Mondex electronic cash system to let consumers buy
items such as music, published articles and games on the
Internet. Hewlett-Packard and OpenMarket Inc. are
working with AT & T to provide hardware and software
for the system.
Microsoft, Hewlett-Packard and Oracle are
developing smart-card support in operating systems,
keyboards, servers and network computers, and a bevy of
card-based applications is emerging as well. By 1998 the
infrastructure should be in place to deploy smart-card
systems that allow secure access from browsers, network
computers, and other devices into servers, operating
systems, databases, and other network resources.29
HP is working with Informix and Gemplus on its
ImagineCard, a single-sign-on smart-card system that
will provide secure access to network resources and a
mechanism for secure transactions over the Internet. The
system, which includes cards, readers, databases, servers,
and software, will accommodate either passwords or
stronger
digital-signature-based
authentication
procedures in combination with smart cards. In the
future, the ImagineCard may incorporate biometrics,
nonrepudiation, and the capability to write Java applets to
the cards improve Intranet convenience and security.
New processors such as Motorola’s fast crypto chip
used in Visa cash cards and Certicom’s elliptic-curve
cryptographic engine, which is embedded in
Schlumberger’s Multiflex smart card, are some of the
first to enable fast processing of digital signatures at a
low cost. Depending on capabilities, intelligent smart
cards cost anywhere from $3 to $30 in their first
generation, with varying memory and processor
configurations. The real issue has been that although
smart cards are ideal for security, they haven’t been able
to get public-key cryptography done fast enough and at a
low-enough cost, like in the $3 or $4 range.
Netscape and Microsoft are also developing APIs Crypto API and Security Native API to link
cryptographic functions to existing network operating
system. Browsers, servers, and applications, and
Windows NT 5.0 will support smart-card integration.
With NT directory support, IS administrators will be able
to add cryptographic, key-based authentication’s to
existing password-based systems for network-access
functions. Microsoft will also release standard driver kits
to link smart-card-enabled applications and devices to
PCs. Toolkits to build such applications are currently
available from smart-card developers such as
Schlumberger, Certicom, and SCM Microsystems.
1060-3425/98 $10.00 (c) 1998 IEEE
Fischer International Systems Corp. developed a
way for banks to use personal computers to read smart
cards without waiting for PC manufacturers to add
special readers. The company developed the Smarty, a
smart card reader in the form of a floppy disk. The device
can help banks with network security and other smart
card applications. The user slips a smart card into a slot
on the Smarty, then slips the device into a computer’s
ordinary floppy disk drive. The Smarty translates the
information on the card's chip into a magnetic signal that
the floppy drive can read. In addition, the Smarty can
write new information on the card, under the computer’s
direction. This device is selling for around $60. Two
commercial banks are testing Fischer International’s
technology. Wells Fargo is using the Smarty in several
pilot programs, including an Internet banking application
and its test of Mondex. Finally, Bank of America is
developing a smart card that combines security as well as
commercial applications
17.
18.
19.
20.
21.
22.
23.
24.
References
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
Jones, Chris, “Special News Report; Sizing up Smart
Cards”, Info World, March 10, 1997, pg.1
“Smart Cards”,
www.best.com/%7Erdcormia/search/smartcard.html
Future Banking section, “The U.S Smart Card Debate
Rages on”, The America Banker, March 17, 1997
Ibid.
Johnes, Chris, “Special News Report; Sizing up Smart
Cards”, Info World, March 10, pg. 1
ASE Smart Card Application Ideas, www.aks.com/
Sheel, Atul; Levever, Michael. “The implications of
digital cash for hotels and restaurants”, Cornell Hotel
Restaurant Administration Quarterly, December 1996, pg.
92
Future Banking section, “The U.S Smart Card Debate
Rages On”, The American Banker, March 17,
Coleman, Arthur, “Java Commerce, A Business
Perspective”,
http://java.sun.com/products/commerce/bizper.html
Future Banking section, “The U.S Smart Card Debate
Rages on”, The American Banker, March 17, 1997 pg.
10A
Angwin, Julia, “Internet Usage Doubles in a Year”, The
San Francisco Chronicle, March 13, 1997, pg. B1.
Ibid.
“Plug and Pay Up”, PC Magazine, April 8, 1997, pg. 10
Future Banking section, “The U.S Smart Card Debate
Rages On”, The American Banker, March 17, 1997 pg.
10A
Sheel, Atul; Levever, Michael. “The implications of
digital cash for hotels and restaurants”, Cornell Hotel and
Restaurant Administration Quarterly, December 1996, pg.
92
Davis, Beth and Violino, Bob. “Security-Window of
Vulnerability”, Information Week, March 10, 1997, pg.
25.
26.
27.
28.
29.
14
Smart Cards: A technology whose time has come”,
Financial Times, October 2, 1996, pg. 1.
Sheel, Atul; Levever, Michael. “The implications of
digital cash for hotels and restaurants”, Cornell Hotel and
Restaurant Administration Quarterly, December 1996, pg.
92
Loundy, David, “Congress scrambles to address
encryption”, Chicago Daily Law Bulletin, March 1997,
pg. 5.
Smart Cards, The State of Maryland Information Systems
Technology Plan,
www.mec.state.md/us/mec/mdplan/apdx-dsm.htm
Jones, Chris, “Special News Report; Sizing up Smart
Cards”, Info World, March 10, 1997, pg. 1
Iwata, Edward, “Invisible Cash” The San Francisco
Examiner, March 7, 1997, pg. B1.
Winkler, Connie, “Wells Fargo stakes out new frontiers”,
Computerworld, November 1, 1996, pg. F14.
Roberts, Bill, “Internet gives smart cards whole new life”,
Computing Canada, March 3, 1997, pg. 14.
Jones, Chris, “Special News Report; Sizing up Smart
Cards”, Info World March 10, 1997, pg. 1
Mead, Wendy, “Device Lets Ordinary PC Disk Drives
Read Smart Cards”, The American Banker, March 4,
1997, pg. 17.
Hagel, John III and Rayport, Jeffrey, “The Coming Battle
for Customer Information”, Harvard Business Review,
January/February 1997, pg. 53.
Fox, Justin, “Cyberbunk: What’s New About Digital
Cash”, Fortune, September 30, 1996, pg. 50
Jones, Chris, “Special News Report; Sizing up Smart
Cards”, Info World, March 10, 1997, pg. 1
1060-3425/98 $10.00 (c) 1998 IEEE

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz