 |
|
|
December 17, 2002 |
|
Welcome to the December edition of ACTion
News. Our newsletter is
distributed each
month in order to keep
you up to date with
events in the advanced
card industry. This
complimentary service is
provided by ACT
Canada; "building
an informed marketplace".
It is also available in
the Resource Centre
of our web site http://www.actcda.com. Please feel free to forward this to your
colleagues.
IN THIS ISSUE:
1. Editorial Comment
2. MasterCard Introduces
PayPass™ - Contactless
Card Payment
3. New Device Helps Smart
Cards Keep Their
Secrets
4. Making Solutions Possible
Roundtable -
February 17th, 2003
5. SchlumbergerSema Deploys
Complete Smart
Card Solution For Citi
Cards
6. Chrysalis-ITS Awarded
World's 1st Common
Criteria Certification
For A Hardware Security
Module
7. Visa Certifying 1st
Contactless Payment
Card
8. Setec To Supply Estonia's
Leading Banks
With EMV Cards
9. The Smart Card Revolution
ACT CANADA WOULD LIKE TO THANK OUR NEW & RENEWING MEMBERS:
GENERAL
Bank of Montreal ~ member since 1990
CUETS ~ member since 1990
Qunara ~ new member
|
| ATTENTION ACT CANADA MEMBERS: |
| |
 |
|
We have negotiated additional discounts for
our members at CardTech/SecurTech 2003 (May
12 - 15, Orange County Convention Center,
Orlando).
Register early for
CardTech/SecurTech
2003
& save:
Before December 31
- save 45%: CDN$1200
or
US$764.25
Before March 1 -
save 35%: CDN$935
or US$594.25
Before April 1 -
save 25%: CDN$670
or US$424.25
After April 1 - save
15%: CDN$400 or US$254.25
For more information about the CTST 2003,
please visit their web site at http://www.ctst.com.
In addition, CIT 2003 - Spain's 6th annual
payment, loyalty and smart card tradeshow
- is offering a 2 for 1 registration deal
for all international delegates. CIT 2003
takes place in Madrid, February 25 - 27,
2003. For more information please visit their
web site at http://www.iir-cit.com/indexIngles.asp
ACT Canada members
are also entitled
to a
50% discount at our
February 17th, 2003
"Making
Solutions Possible"
Roundtable.
On behalf of ACT Canada, we wish you happy
holidays and a prosperous new year.
| |
|
1. EDITORIAL COMMENT
Source: ACT Canada (12/16) |
|
|
|
|
Over the course of this year ACT Canada has
watched as identity theft and fraud has grown
in North America at an alarming rate. Our
concern was that Canadian & American
citizens were unaware of the risks and perhaps
more importantly where this money ends up.
Mainstream media, however, is now reporting
on this disturbing crime on an almost daily
basis. In the last two weeks, we have seen
no less than four newsworthy incidents reported
in the North American media.
3 men have been charged
with selling people's
personal and credit
information to criminals
who defrauded tens
of thousands in what
prosecutors
called the largest
identity theft case
to
date.
Philip Cummings worked
as a help desk employee
at Teledata Communications
Inc. in Bay Shore,
New York. The company
provides the software
and hardware allowing
banks and other lending
agencies to get commercial
credit information
from three national
agencies -- Equifax,
TransUnion and Experian.
"We know of
approximately 30,000
victims
-- and the numbers
are growing every
day
-- and of losses
that are in the millions
and growing every
day," U.S. Attorney
James Comey said.
"In short, with
a
few keystrokes, these
men picked the pockets
of tens of thousands
of Americans, and
in
the process, took
their identity, stole
their
money and swiped
their security."
Cummings is accused
of using his position
on the company's
customer service
desk to
obtain access codes
that companies use
to
check a potential
buyer's credit with
the
three major credit
agencies.
Prosecutors said
Cummings and a co-conspirator
who is now cooperating
with investigators
sold the reports
to criminals for
$60 apiece
and split the money.
The buyers then used
the information in
those reports to
defraud
consumers of $2.7
million known so
far.
FBI Special Agent
Kevin Donovan said
investigators
believe the probe
has turned up the
largest
known case of identity
theft. "We're
still continuing
to focus on the number
of
victims to focus
on the losses,"
he
said. "As we
continue to conduct
our
investigation, we'll
determine how extensive
the case is at the
present."
The ring was broken
because the men "got
greedy," Comey
said. Repeated downloads
of data -- 15,000
times in one case,
in the
name of Ford Motor
Credit Corp. -- sent
up
red flags at the
credit reporting
agencies.
The scheme gave access
to Social Security
numbers that can
be used to obtain
false
documents, but Comey
said prosecutors
have
no reason to believe
the ring was connected
to terrorist activity.
In Canada, hundreds
of British Columbia
residents
saw their bank accounts
drained and an illegal
Russian immigrant
is behind bars in
connection
with a $1.2-million
debit-card fraud
scheme
that stretched from
Vancouver to Kamloops
to Denmark.
The B.C. thefts come
a week after police
in Montreal smashed
a fraud ring in which
thieves cloned debit
cards to steal $2-million
from victims over
a two-month period
this
fall. Montreal police
arrested 18 people
there.
In Ontario, more
than 80 doctors were
victimized
by identity fraud
through the misuse
of data.
Police said that
a temporary employee
of
MD Management Inc.,
a financial services
company that serves
thousands of Canadian
doctors, used its
database to print
out profiles
of some of its clients.
The information was
used at stores to
obtain instant credit
approval.
The cards were then
used to the maximum
limit.
It is our belief
that a substantial
portion
of the proceeds of
these frauds end
up funding
organized crime and
terrorism. These
proceeds
of crime represent
a huge resource for
criminal
and terrorist organizations.
It is this "resource"
that threatens our
society on many levels
and by eradicating
it we will be able
to
make a significant
improvement in fighting
crime - if we don't
then we should simply
acquiesce to criminals
and terrorists.
We will continue
to see a growth in
identity
theft and fraud until
all card issuers
make
three changes:
1. improve the enrollment
process for their
services and products.
2. use of identification
technologies which
cannot be counterfeited.
3. for those persons
who have access to
the
personal information
of their customers,
the use of identity
authentication technologies
which cannot be counterfeited
and which provide
positive authentication.
Additional Sources: CNN (11/26); globeandmail.com
(12/05, 12/13)
| |
|
2. MASTERCARD INTRODUCES PAYPASS™ - CONTACTLESS
CARD PAYMENT TECHNOLOGY 2. MASTERCARD INTRODUCES
PAYPASS™ - CONTACTLESS CARD PAYMENT TECHNOLOGY
Source: MasterCard (12/12) |
|
|
|
|
MasterCard International announced MasterCard
PayPass™, a new "contactless" card
payment program that provides consumers with
a simpler way to pay. Using MasterCard PayPass,
consumers simply tap or wave their payment
card on a specially equipped merchant terminal
that then transmits payment details wirelessly,
eliminating the need to swipe the card through
a reader. The new solution is ideal for traditional
cash-only environments where speed is essential,
such as quick serve and casual restaurants,
gas stations and movie theaters.
MasterCard is currently
working with leading
financial institutions
- Chase, Citibank
and MBNA - to trial
MasterCard PayPass
with
numerous merchants
in the Orlando, Florida
area. Consumers taking
part in the trial
can use the card's
"tap & go"
feature at participating
Orlando merchants,
including Boaters'
World, Chevron, City
of
Orlando Parking,
Friendly's, Loews
Universal
Cineplex, Ritz Camera
and Wolf Camera.
Quick
serve restaurants
and additional retailers
will be added in
January. Since the
MasterCard
PayPass card can
be used exactly like
existing
magnetic stripe cards
in addition to the
new PayPass feature,
consumers can also
use
it at any of MasterCard's
more than 29 million
acceptance locations
around the world.
MasterCard recently
completed extensive
consumer
research that indicated
63 percent of consumers
surveyed said that
they would "definitely"
or "probably"
use MasterCard PayPass
if their bank offered
it to them. Also,
consumers
surveyed who would
"definitely"
use MasterCard PayPass
indicated that it
would replace cash
in more than half
(53
percent) of their
future transactions.
Consumers'
feedback indicated
that PayPass is perceived
to be "innovative"
and "fun
to use," as
well as an enhancement
that
"would make
shopping less of
a hassle."
MasterCard PayPass
is built around globally
interoperable standards
and relies on the
ISO Telecommunications
Standard #14443 to
transmit Track 2
data via radio frequency.
In North America,
where the majority
of transactions
are authorized on-line,
the payment application
data is based on
the magnetic stripe
information.
The card/terminal
interaction is based
the
MasterCard Proximity
Chip - Online Profile,
which is a subset
of EMV/ISO7816 commands.
The MasterCard PayPass
trial program is
designed
to test the real-world
applications of a
contactless payment
card. This test builds
upon the successful
employee pilot that
recently
took place at MasterCard's
Purchase, New
York headquarters.
Initial results from
the
employee pilot showed
that purchase transaction
time was reduced
by up to 64 percent.
In
addition, the average
transaction amount
increased by 10 percent
when using a payment
card in lieu of cash.
The Orlando trial
will test the operational
reliability, interoperability,
and cardholder
and merchant experiences
of MasterCard PayPass.
Chase, Citibank and
MBNA will be re-issuing
cards that feature
the enhanced payment
technology
to a sampling of
their Orlando-based
cardholders.
Upon the expected
successful completion
of
the Orlando pilot,
MasterCard plans
to introduce
MasterCard PayPass
to additional markets.
MasterCard PayPass
is MasterCard's global
program name and
it has already been
approved
for use in MasterCard's
key markets.
MasterCard Canada is a member of ACT Canada.
For more information, please visit their
web site at http://www.mastercard.com or http://www.paypass.com.
| |
|
3. A NEW DEVICE HELPS SMART CARDS KEEP THEIR
SECRETS
Source: CardTechnology (12/02) |
|
|
|
|
| A prominent cryptographer who developed a
sophisticated technique for cracking smart
cards today announced he is selling a system
for testing cards against that attack. San
Francisco-based Cryptography Research's system
allows card manufacturers, testing labs and
issuers to determine whether a smart card
is vulnerable to a differential power analysis
attack, in which secret codes on a chip card
can be determined by measuring variations
in the power consumption of the card as it
crunches numbers. Paul Kocher, president
of Cryptography Research, whose work on power-analysis
attacks roiled the smart card industry when
it became public in 1998, says the Differential
Power Analysis workstation is a combination
of software and hardware Kocher's company
uses internally. He says the company hesitated
to sell it, for fear it could be misused
by hackers. Kocher says he will only sell
the technology to legitimate organizations,
and that two companies already are using
the system. The price ranges between $120,000
and $200,000, depending on features, Kocher
says. Kocher says the greatest interest is
in Europe, and among issuers of cards that
cardholders have an incentive to clone, such
as cards used to identify consumers to pay
TV operators or chip cards used as transit
passes.
|
|
|
4. MAKING SOLUTIONS POSSIBLE ROUNDTABLE -
FEBRUARY 17TH, 2003
Source: ACT Canada (12/16) |
|
|
|
|
The Advanced Card Technology Association
of Canada is pleased to announce that plans
are underway for the second in our series
of Roundtables. In October, we hosted a sell
out crowd for our first Market Intelligence
Roundtable. Issuers and suppliers met to
hear the results of a card issues market
survey conducted by ACT Canada.
ACT Canada's National
Issuer and Infrastructure
Committee (NIIC)
introduced 4 white
papers.
Each defined an issue
and its current status,
identified desired
solutions and currently
available areas of
help, as well as
steps
that would diminish
or eliminate each
problem.
After which, issuers
and suppliers alike
then rolled up their
sleeves and set to
work
on the eight top
concerns as identified
by
the survey. By the
end of the day they
had
made substantial
progress on papers
and presented
their findings.
At the February 17th
Roundtable, a progress
report will be made
on the implementation
of the solutions
for the first four
issues.
Suppliers and issuers
are now working together
on a new paper that
tackles several infrastructure
components, including
standards, interoperability
and security.
For more information about the event, please
visit our web site http://www.actcda.com/calendar/symposium.htm, or contact Andrea McMullen at 905 426-6360
ext. 24.
| |
|
5. SCHLUMBERGERSEMA DEPLOYS COMPLETE SMART
CARD SOLUTION FOR CITI CARDS
Source: SchlumbergerSema (12/09) |
|
|
|
|
SchlumbergerSema announced it has delivered
to Citi Cards the smart cards, card readers,
loyalty applications and software applications
for its smart card products, including Citi.You®
Card and Citi Smart Card®. Citi Cards selected
the SchlumbergerSema solution, which includes
Cyberflex Palmera* 32K, a high security,
multi-application financial smart card for
credit/debit, loyalty and personal data management.
The SchlumbergerSema
Cyberflex Palmera
card
used in Citi
Cards smart
card products are
loaded with
loyalty applications
for smart
card transactions,
as well as
with software
applets for
enabling smart
card-based authentication.
When consumers
select their
smart card products
from the Citi
Cards website
at www.citicards.com,
they will also
order their
choice of a serial
or universal
serial bus
(USB) card reader,
manufactured
by SCM Microsystems.
"The advanced
functionality
that SchlumbergerSema
brings to Citi's
smart cards
helps us define
customer needs
and offer unique
versatility,"
explained Bill
Borden, Citi
Cards senior
vice-president
of Product
and Business Development.
"Creating
value through
enhanced security
and user-friendly
applications
is a key focus
for Citi Cards
and SchlumbergerSema."
Citi's smart
cards offer
the consumer secure
web-based transactions,
along with
the other
benefits, such
as security,
data storage
and convenience.
Additional
e-wallet functionality
encourages
cardholders
to engage in e-commerce
activities.
"Smart
card technology
has proven to
increase new
account acquisition,"
stated
Paul Beverly,
vice president
Smart Cards
and eTransactions,
SchlumbergerSema
North
America. "By
offering smart
card programs
along with
loyalty applications
and readers,
Citi is enabling
its card holders
to manage
valuable data,
as well as
perform secure
transactions
online."
With more than
20 years experience,
SchlumbergerSema
is the world's
largest supplier
of financial
cards with
global personalization
and manufacturing
facilities.
The company
provides a complete
range of services
to support
financial institutions
and large retailers
in the design,
development
and deployment
of their smart
card programs.
SchlumbergerSema is a member of ACT Canada.
For more information about either of the
above listed companies, please visit their
web site at: http://www.slb.com/smartcard & http://www.citigroup.com.
|
|
6. CHRYSALIS-ITS AWARDED WORLD'S FIRST COMMON
CRITERIA CERTIFICATION FOR A HARDWARE SECURITY
MODULE
Source: Chrysalis ITS (11/27) |
|
|
|
|
Chrysalis-ITS announced that its Luna CA3
product is the only hardware security module
(HSM) in the world to have passed ISO 15408
Common Criteria (CC) Evaluation Assurance
Level 4+ (augmented) (EAL4+). This prestigious
certification extends Chrysalis-ITS' market
leadership position, and assures customers
that Chrysalis-ITS' leading HSM, Luna CA3,
has demonstrated full compliance to standards
sanctioned by the International Organization
for Standardization (ISO). Customers such
as Australia's KeyTrust require a hardware
security module with CC compliance.
"KeyTrust is a service provider delivering
complete trusted e-business solutions to
the Australasian industry. Common Criteria
provides a means to clearly articulate our
requirements for an HSM and we've been looking
for just such a product to add enhanced security
to our offering," said Charles Greatrex,
CEO, KeyTrust. "We applaud Chrysalis-ITS
on their commitment to global security standards
and on Luna CA3 being the only HSM to achieve
this merit."
Common Criteria was developed through collaboration
among national security and standards organizations
within Canada, France, Germany, the Netherlands,
the United Kingdom and the United States,
as a common standard to replace their existing
security evaluation criteria. As such, it
is strongly supported by each of the organizations
involved. The national organizations have
worked with ISO to ensure that the CC was
suitable to become a formal standard, and
it is rapidly becoming the world standard
and preferred method for security specifications
and evaluations.
Chrysalis-ITS is a member of ACT Canada.
For more information, please visit their
web site at http://www.chrysalis-its.com.
|
|
7. VISA CERTIFYING FIRST CONTACTLESS PAYMENT
CARD
Source: CardTechnology (12/04) |
|
|
|
|
Visa International is in the process of certifying
a smart card chip that can run Visa payment
applications through a contactless interface,
allowing the cardholder to pay by waving
a card near a reader. This will be the first
chip certified by Visa to run debit and credit
applications in contactless mode, says Denny
Jensen, senior vice president of VisaSmart
chip implementations. Banks traditionally
have demanded the security of conventional
contact cards that must be inserted into
terminals. Jensen says one of the first uses
of such a contactless chip card is likely
to be in South Korea, where the two leading
mobile phone operators, SKT and Korea Telecom
Freetel, both plan to allow customers to
pay at retail shops with a wave of their
smart card-carrying mobile phones. U.S. issuers
might target contactless cards at fast-food
restaurants, where transaction speed and
convenience are key issues, Jensen says.
He says the JCOP 30 chip from Netherlands-based
Philips Semiconductors should be approved
by January. Cards carrying the chip, which
operates in both contact and contactless
modes, will be priced at a maximum of $3.90,
regardless of quantity, under Visa's Smart
Breakthrough program aimed at keeping down
smart card prices for Visa issuers.
The JCOP 30 chip uses the Java Card operating
software favored by Visa. MasterCard International
promotes the Multos operating system for
multiapplication cards, and a Multos card,
too, will soon be available with contactless
functionality. Australia-based Keycorp Ltd.,
which develops software based on the Multos
specification, is taking orders for its first
Multos cards that can access a single chip
through both a contact and contactless interface.
This would allow, for instance, a cardholder
to use their MasterCard credit application
to add value to a transit purse on the chip,
then use the contactless interface to pay
a transit fare, says Tim Fletcher, who heads
Keycorp's smart card technologies business
unit. However, unlike with the card being
tested by Visa, the MasterCard credit or
debit applications are not yet available
through a contactless interface. Fletcher
says there is no demand for that feature,
and few payment terminals that could accept
a contactless transaction. Fletcher says
the new dual-interface card from Keycorp
will be available in March, priced at under
US$5.
Both Visa and Keycorp are members of ACT
Canada. For more information about either
company, please visit their web site: http://www.keycorp.net & http://www.visa.com.
|
|
8. SETEC TO SUPPLY ESTONIA'S LEADING BANKS
WITH EMV CARDS
Source: ICMA Daily News (12/11) |
|
|
|
|
Finnish smart card company Setec has won
the international tender to supply new chip-based
debit and credit cards to the three leading
Estonian banks Eesti uhispank, Hansapank
and AS Sampo Pank. The first phase of the
agreement entails the supply of more than
100,000 cards. Estonian banks aim to completely
replace the existing cards with EMV cards
by 2005.
The first smart cards manufactured by Setec
for Eesti uhispank, Hansapank and AS Sampo
Pank will be delivered in early 2003, when
the banks launch EMV cards to their customers.
The banks have a combined share of more than
90 per cent of the Estonian banking market
and approximately one million debit and credit
card customers in total.
Estonia will start the migration to EMV with
cards that have the user authentication securely
embedded in their chips. Of the Eastern European
countries, Estonia is the leading country
in EMV migration. Estonian banks aim to completely
replace the existing cards with EMV cards
by 2005.
For more information about Setec, please
visit their web site at http://www.setec.com.
|
|
9. THE SMARTCARD REVOLUTION
Source: ICMA Daily News (12/10) |
|
|
|
|
In new research published by The Institute
of Financial Services (ifs) and SchlumbergerSema,
98% of card professionals have said that
domestic card fraud is the major influence
for the migration of payment cards from magnetic
stripe to chip and PIN technology. The biggest
hurdle to successful migration is seen as
achieving retailer buy-in.
In the spring of 2003, Northampton will become
the pilot location for a new stage in the
development of payment security in the UK
- the introduction of Personal Identification
Number (PIN) usage at point of sale (POS).
By 2005 payment cards will be equipped with
a chip to hold data rather than relying on
the magnetic stripe currently used, making
them far harder to copy.
Coupled with the chip card, PIN at POS will
attack card counterfeiting and fraud from
lost or stolen cards. These types of fraud
accounted for GBP274.3m of the GBP411m of
card fraud in 2001 according to Association
for Payment Clearing Services (APACS). By
2005 it is planned that all payments made
on the high street will be secured by chip
and PIN technology.
The ifs and SchlumbergerSema research, entitled
'Smart Revolution - the impact of chip cards
on retail finance', surveyed over 100 retail
financial services and card-specific professionals
from 40 institutions in the UK, including
Visa, Barclaycard and American Express, to
examine the preparedness for this change
in the retail payments arena.
The report found that:
* Despite almost 60% of credit cards being
issued with chips less than 10% of transactions
currently use the chip technology,
* Although the costs of migration and achieving
buy-in from retailers were seen as potential
problems, 66% of Card professionals believed
that the benefits that migration would bring
already outweigh the drawbacks,
* Almost 40% of the respondents expect the
move to chip and PIN will cause customers
to sway toward an increase in debit over
credit card usage, at least in the short
term,
* However, some 36% of respondents admitted
that they had not carried out research into
customer attitudes to PIN at POS and 18%
were relying on research carried out by APACS,
* Around 70% of the total respondents envisaged
that their company branded cards would carry
third-party loyalty schemes on them.
Following publication of the research in
the ifs' Financial World magazine, Eric Dobby,
Director, Institute of Financial Services,
says, 'The report is a particularly well
timed piece of research. Around 70% of respondents
believe that the implications of migration
haven't been fully explained to staff whose
work is non-card specific. The report is
an educational tool that addresses this issue.'
Jennifer Fitzgerald, Head of Business Consultancy,
SchlumbergerSema, says 'The research is very
useful now that the migration to chip and
PIN is underway in the UK. It provides fresh
insights into the progress that has been
achieved and the views of financial institutions
on the benefits that this investment will
bring them.'
The Institute of Financial Services (ifs)
is the official brand of The Chartered Institute
of Bankers (CIB), a registered charity and
one of the leading bodies for the provision
of education and life-long career support
services to the financial services industry.
Through a process of innovation and a desire
to provide 'winning' solutions, the ifs provides
a range of products and services that meet
the needs of the wider financial services
community. Through its faculty structure
the ifs develops and delivers a range of
appropriate qualifications, for which the
CIB continues to act as assessing and awarding
body.
The Faculties allow for the provision of
targeted services and specialist educational
programmes to particular sectors, including
the areas Banking and Finance, Regulatory
and Retail and E-Commerce and Technology.
SchlumbergerSema is a member of ACT Canada.
For more information, please visit their
web site at http://www.slb.com/smartcard.
|
|
|
| ACT Canada is an international non-profit
association for the advancement of card technologies.
We work on behalf of our members to promote
the awareness, understanding and use of all
advanced card technologies; including optical,
smart, capacitive and emerging technologies.
If you would like to learn more about ACT
Canada membership please visit http://www.actcda.com or contact our office at (905) 426-6360. |
|
|
|
| Please forward any comments, suggestions,
questions or articles to andrea@actcda.com.
If you would like to be removed from our
newsletter distribution list please reply
to this email with the word "REMOVE"
in the subject field. Please note that articles
contained in this newsletter have been edited
for length. |
|
|
|
Andrea McMullen
AVP
ACT Canada
tel: 905 426-6360 ext. 24
fax: 905 619-3275
email: andrea(AT)actcda.com
web: www.actcda.com
mail: 85 Mullen Drive, Ajax, ON, L1T 2B3 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
