CH 5
CH 5
CH 5
Everyone agrees that the payment and settlement process is a potential bottleneck in the fast-
moving electronic commerce environment, if we rely on conventional payment methods such as
cash, cheques, bank drafts, or bills of exchange. Electronic replicas of these conventional
instruments are not well suited for the speed required in e-commerce purchase processing.
Irrespective of the money, there are two distinct sets of properties to consider in money transfer:
the ACID test (atomicity consistency, isolation, durability) and the ICES (Interoperability,
conservation, economy scalability). The ACID Test .There are four ACID Tests and these are:
1. Atomicity: This test says that a transaction must occur completely or not at all. For
example, when you transfer Rs. 5000 from savings to checking, the full amount must
debit the savings and credit the checking account before the transfer is considered
successful.
2. Consistency: All parties involved in the transaction process must agree to the exchange.
For instance, in a customer-retailer relationship involving a purchase, the customer must
agree to purchase the good for a specific price and the merchant must agree to sell it at
that price, otherwise, there is no basis for exchange.
3. Isolation: Each transaction must be' independent of any other transaction and be treated
as a stand-alone episode.
4. Durability: It must always be 'possible to recover the last consistent state or reverse the
facts of the exchange. This means reversing charges in the event the customer changes
his or her mind.
.
1
The ICES Test
The ICES test addresses four important properties of money transfer:
1. Interoperability: Ability to move back and forth between different systems.
2. Conservation: How well money holds its value over time (temporal' ~ consistency) at:\d
how easy money is to store ,and access (temporal durability).
3. Economy: The prime condition for processing a transaction should' be inexpensive and
affordable. This property has a direct relationship to the size of the transaction. For
instance a Rs. 50,000' purchase costing only Rs. 450 to process is quite economical. If the
charge IS the same for a Rs. 50 item, it may be considered expansive. In banking, for
example, wiring money from one bank to another usually costs a fixed amount of money
(say, Rs. 625), regardless of the amount of money transferred.
4. Scalability: This test means to the ability of the system to handle multiple users at the
same time. '
Cash has all the ICES properties except conservation. Checks and credit cards as electronic
methods of payment do not. A check transaction is not isolated, because anyone can write a
check and proceed to withdraw the money from the bank well before the check is cleared; the
check writer can also put a stop on the check. Checks are money-transfer atomic, although there
is usually a 1-to-3 day delay in clearing the check for final payment.
In the case of cash, the ACID properties are fulfilled. The problem with cash is transportability
and storage of large amounts. Credit cards may appear atomic to the seller, but they are not. The
seller is guaranteed payment, but the credit card issuer may lose out if the card is stolen or used
fraudulently. Also, the question of storing and retrieving value is not applicable in a credit-based
system.
Cash is probably the most anonymous form of payment with respect to the bank and the
merchant. Anyone can walk up, purchase an item, and pay in cash without having to show
identification. Checks and credit card transactions are less anonymous than cash, although some
forms of digital transactions can hide the identity of the buyer from the seller and vice
2
E-money is unique to credit card, and debit card transactions. The buyer is clearly
identified and the card is validated against the issuing bank's computer before payment is
made. Making a deposit at the teller window is another example of a transaction that is
identified and online. The teller asks for a picture ID to identify the customer and uses the
workstation to credit (or debit) the account online.
2. Identified and off-line (+1 -L).
iii) E-Commerce Payment Systems on the Bases of Parties involved, duration of payment,
cost of capital
1. Electronic Cash
What it is:
a. Value storage/exchange system managed by a private entity.
b. No paper documents or coins involved.
c. Used for small payments (under $10) or by people without credit cards.
d. Scrips are e-cash that works like a gift certificate acceptable at multiple stores;
can be exchanged for goods or services but not cash.
How it works:
3
e. Users open an account with an e-cash issuer (e.g., banks, PayPal).
f. Users can withdraw e-cash from online account by providing proof of identity
(digital signature) and a bank or CC account number.
g. Issuer transfers e-cash to user’s e-wallet or transfers money to third party accounts
and debits user account.
h. Debited amount replenished at the end of month from bank or credit card account.
2. Advantages:
a. Processing is cheaper than credit cards (no authorization required).
b. Portable: Freely transferable the Internet.
c. Preserves user anonymity (cannot be tracked to source).
3. Disadvantages:
a. Potential money laundering concerns (due to lack of audit trail).
b. Less secure: Susceptible to counterfeiting.
c. Double-spending potential: spending the same cash more than once.
d. Different types of e-cash not interchangeable.
4. Security issues:
a. Encryption (digital signatures) used to create tamperproof e-cash that can be
traced back to its source (loss of anonymity).
b. Anonymous e-cash requires embedding serial numbers by issuer (potential for
double-spending between banks remains).
5. Widely used e-cash system on eBay, Yahoo, and Amazon auctions.
6. Peer-to-peer (P2P) system providing free payment clearing for individuals.
7. How it works:
a. Users and merchants create PayPal accounts w/ valid e-mail address.
b. Users fund account by authorizing a transfer from their checking account or via
credit card.
c. Deposited money can be used for online payment; buyer’s account is debited and
seller’s account is credited (instant settlement).
d. Cash can be withdrawn from PayPal account via ACH withdrawal.
8. How PayPal makes money:
a. Transaction fee charged to businesses and recipients (free to senders).
b. Earns interest on float (money deposited in PayPal accounts but not used
immediately).
2. Credit Cards
Major credit card types are MasterCard, Visa, American Express ,Discover, Diners For
consumers, the difference between a "debit card" and a "credit card" is that the debit card deducts
the balance from a deposit account, like a checking account, where the credit card allows the
consumer to spend money on credit to the issuing bank. In other words, a debit card uses the
4
money you have and a credit card uses the money you don't have. "Debit cards" which are linked
directly to a checking account are sometimes dual-purpose, so that they can be used as a credit
card, and can be charged by merchants using the traditional credit networks. A merchant will ask
for "credit or debit?" if the card is a combined credit+debit card. If the payee chooses "credit",
the credit balance will be debited the amount of the purchase; if the payee chooses "debit", the
bank account balance will be debited the amount of the purchase.
As the bank or credit issuing agent or credit association will make payment for the merchant
from the bank account itself, the access to credit card is quite limited as compared to debit card
where anyone who has a balance in the bank can have access to. This shows that credit cards are
eligible only to those the bank has more chance of getting the amount it pays on behalf of the
merchant. Below are some of the criteria for qualifying customers for getting credit card.
1. Promonency
2. Credit Standing
3. Collateral
• Advantages:
– Worldwide acceptance.
– Built-in security for merchants and users (e.g., fraudulent purchases).
– Maintains audit trails (purchase and payment histories).
– Convenient for consumers (don’t have to carry cash).
– Payment is simple any where and in any currency, thus matching the global reach
of the Internet.
– The credit issuing bank company shares the transaction risk; helping overcome
consumers fear and reluctance to buy goods they have not actually seen.
– Transaction costs are hidden from users (i.e. basically met by sellers and passed
onto all customers, not just credit card users.)
5
• Disadvantages:
– Merchants pay per-transaction fees and monthly fees, which may be expensive (3-
5%) for small payments (under $10).This relatively high transaction costs makes
them impractical for small value payments.
– They cannot be directly for individuals to make payments for other individuals
(peer to peer transactions )
– Reluctance from the customers side.
– Are not very democratic, even though they seem to be ubiquitous. Adults with
low income cannot qualify for credit cards.
This document provides an overview of how online credit card processing works. Credit card
payment processing for your store takes place in two phases: authorization (getting approval for
the transaction that is stored with the order) and settlement (processing the sale which transfers
the funds from the issuing bank to the merchant's account).
The flow charts below represent the key steps in the process starting from what a customer sees
when placing an order through completing the sale and finishing with the merchant processing
the sale to collect funds.
Authorization process
1. When the buyer clicks the "Checkout" button, they are sent to secure servers to complete the
checkout process. The Buyer (cardholder) places an order at the merchant's site by clicking the
"Send Order" button on the Review Order page during checkout.
2. Yahoo! sends the authorization request to First Data Merchant Services (FDMS), the payment
processor.
6
3. FDMS sends the authorization request to the issuing bank (or credit card association). The
authorization request includes:
o the credit card number
o expiration date
o the billing address (used for Address Verification System (AVS) validation)
o Card Verification Value (CVV) response codes or CVV number (if entered)
o the amount of the order
If approved, the amount of the order is reserved from the total of available credit for the
cardholder.
4. The Issuing bank (or Credit Card Association) sends the authorization response to FDMS. The
authorization response consists of either an approval along with Address Verification System
(AVS) and Card Verification Value (CVV) response codes or a decline.
5. FDMS adds response codes to the authorization response and passes the authorization back to
Yahoo! Store. If the merchant has enabled Risk Tools, the rules set by the merchant will be run
when the response is received from FDMS. The authorization (if approved) is stored on secure
servers at Yahoo! for later processing by the merchant.
6. Depending on the state of the authorization, the buyer (cardholder) receives instructions or
confirmation of the order:
o If declined, the buyer (cardholder) is informed and asked to try a different payment method.
o If the authorization is approved by the Issuing Bank (Credit Card Associations) then the buyer
(cardholder) is taken to the Order Confirmation page.
7
Settlement process for PayPal (separate authorization and capture)
1. The merchant signs in to their account and goes to the Order Manager. The merchant reviews the
order (including AVS and CVV response codes) for signs of fraud. When ready to complete the
sale, the merchant clicks the "Capture Funds" button in the transaction panel of the order.
Clicking "Capture Funds" initiates the settlement process.
2. The amount captured is transferred immediately to your PayPal account.
Note: It is also possible to set your PayPal Website Payments Pro service to authorize and
capture funds immediately without review. Yahoo! does not recommend this process as it does
not allow you time to review orders for any issues before settlement.
Settlement process for First Data™ and other FDMS compatible merchant accounts
1. The merchant signs in to their account and goes to the Order Manager. The merchant reviews the
order (including AVS and CVV response codes) for signs of fraud. When ready to complete the
sale, the merchant clicks the "Sale" button in the transaction panel of the order. Clicking "Sale"
initiates the settlement process. The sale is then stored in a batch for settlement request submitted
each night. By default, batches are submitted nightly between 6-11 pm (PST). Merchants can
also choose to submit batches manually.
2. The settlement request batch with all completed sales is sent to First Data Merchant Services
(FDMS), the payment processor for Yahoo! Store.
8
3. FDMS submits the settlement request for the buyer's order to the Issuing Bank/Credit Card
Association of the buyer on behalf of the merchant.
4. The Issuing Bank/Credit Card Association sends the response to the settlement request back to
FDMS. If the request is accepted, the buyer (cardholder)'s account is debited for the amount of
the order. It is possible that the settlement request will be declined, e.g., if the buyer has
exceeded their credit limit between the time of the authorization and settlement.
5. FDMS sends the approval and details of the payment to the merchant's bank (Merchant Account
Provider). The settlement of funds between the issuing bank and the Merchant Account Provider
occurs.
6. Following the settlement, the Merchant Account Provider credits the merchant's account. For
information about when funds will be deposited, contact your merchant account provider.
Are accounts created by depositing funds into an account and from which funds are paid out or
withdrawn as needed? They are similar in some respect to checking transfer but which also
stores funds but do not involve in writing checking.
Examples include debit cards, prepaid certificates, prepaid cards and smart cards, prepaid phone,
copy, subway/bus cards.
A debit card (also known as a bank card or check card) is a plastic card which provides an
alternative payment method to cash when making purchases. Functionally, it can be called an
electronic check, as the funds are withdrawn directly from either the bank account (often
referred to as a check card), or from the remaining balance on the card. In some cases, the cards
are designed exclusively for use on the Internet, and so there is no physical card.
The use of debit cards has become widespread in many countries and has overtaken the cheque,
and in some instances cash transactions by volume. Like credit cards, debit cards are used widely
for telephone and Internet purchases.
Debit cards can also allow for instant withdrawal of cash, acting as the ATM card for
withdrawing cash and as a cheque guarantee card. Merchants can also offer "cashback"/"
cashout" facilities to customers, where a customer can withdraw cash along with their purchase.
9
There are currently three ways that debit card transactions are processed: online debit (also
known as PIN debit), offline debit (also known as signature debit) and Electronic Purse
Card.
Although many debit cards are of the Visa or MasterCard brand, there are many other types of
debit card, each accepted only within a particular country or region, for example Switch (now:
Maestro) and Solo in the United Kingdom, Interac in Canada, Carte Bleue in France, Laser in
Ireland, "EC electronic cash" (formerly Eurocheque) in Germany and EFTPOS cards in Australia
and New Zealand. The need for cross-border compatibility and the advent of the euro recently
led to many of these card networks (such as Switzerland's "EC direkt", Austria's
"Bankomatkasse" and Switch in the United Kingdom) being re-branded with the internationally
recognised Maestro logo, which is part of the MasterCard brand. Some debit cards are dual
branded with the logo of the (former) national card as well as Maestro (e.g. EC cards in
Germany, Laser cards in Ireland, Switch and Solo in the UK, Pinpas cards in the Netherlands,
Bancontact cards in Belgium, etc.). The use of a debit card system allows operators to package
their product more effectively while monitoring customer spending. An example of one of these
systems is ECS by Embed International.
Online debit cards require electronic authorization of every transaction and the debits are
reflected in the user’s account immediately. The transaction may be additionally secured with the
personal identification number (PIN) authentication system and some online cards require such
authentication for every transaction, essentially becoming enhanced automatic teller machine
(ATM) cards.
One difficulty in using online debit cards is the necessity of an electronic authorization device at
the point of sale (POS) and sometimes also a separate PINpad to enter the PIN, although this is
becoming commonplace for all card transactions in many countries.
Overall, the online debit card is generally viewed as superior to the offline debit card because of
its more secure authentication system and live status, which alleviates problems with
processing lag on transactions that may have been forgotten or not authorized by the
owner of the card. Banks in some countries, such as Canada and Brazil, only issue online debit
cards.
10
Typical examples may include ATM cards and VISA Cards.
ATM Cards
CBE(Commercial Bank of Ethiopia) was trying to offer ATM(Automated Teller Machine) Card
to its customers in the capital. Despite its effort, its customers do not seem to be happy with the
quality of the service.
For effective ATM Cards service well established infustructure where many banks giving the
service have interdependence and network with one another.
Visa Cards
Dashen Bank is the exclusive Visa card agent in our country so far May 2009.Below is
requirements to be eligible to be Visa card agent:
Hence, why Dashen Bank can easily be an exclusive Visa card agent is simply because it has
fulfilled the above requirements.
Which part of customers is entitled to get Visa card from Dashen bank and what further
provisions are there?
Though Visa card can and is being used for international payment purposes in other nations, in
our country context the Visa card Dashen Bank provides to its customers is used only for
domestic use.
Here all literate customers of the bank are entitled to get Visa card upon their freewill .That
means if the customers are illiterate and cannot put their signiture, they will not be allowed to get
Visa card. For better safeguarding the customers, the bank is implanting one customer one card
system.
The other element to still protect customers if in case they lose the card is limiting the amount of
withdraw using best of 24 system ( 5:30 p.-5:300 a.m) where customers will be allowed to
withdraw up to 3000 birr with in 24 hours.
Prominent Problems with the Visa cards paymwnt system are the following:
11
1. Offline
Every day the system will process the day’s transaction and customers will not have chance
during those 30 minuses to 1 hour time.
2. Network Problems
The lack of sustainable Internet connection makes big challenge for both the bank and the
customers, where customers raise too many complaints on the bank where in fact the bank
cannot do anything!!
3. Usage Problems
The Visa card only permits for users to try to insert their PIN code 3 times. If they insert a wrong
number in their 3rd trial, they won’t have any more chance. Plus a customer should be alert
enough to take the card after 30 seconds , otherwise the card and money will be denied to be
given thinking that the customer has forgotten the card !!
Some authors indicate that there is preparation from Wegagen Bank to be the 2nd Visa card
agent in Ethiopia.
For the purpose to such transactions, the magnetic card readers are used. The customer swipes
their cards through the reader and the Personal Identification Number or PIN is entered in the
machine.
By doing this, the exact price of the purchased commodity is transferred into the shop-owners
account from the cardholder's account. This process is safe and convenient for the shop-owners
too because the shop-owners are not exposed to any kind of risk. There are a number of
requirements for the online debit transaction.
12
The customer should have access to the following facilities:
Merchant Account
Debit Processing Service
Payment Terminal
PIN Pad
These transactions take nearly three days for clearance. In this type of transaction, the
cardholders are not required to provide their Personal Identification Number. There are a number
of credit card companies that issue offline debit cards. These cards are accepted in all the shops
where transaction through credit cards is allowed. Transaction on Internet is also allowed for
these offline credit cards.
For the purpose of transaction, the cardholders give their offline debit card to the shop-owners.
The card is then swiped trough the payment terminal and the transaction are almost done. After
this the sales draft is signed by the cardholder and the respective shop-owner receives the
transaction amount in a maximum period of three days. These transactions are subjected to
transaction fees and a number of discounts that are also enjoyed by the debit cardholders.
Both these forms of debit transaction are preferred by the customers but if online vs. offline debit
transactions are analyzed, the online transaction is preferred as it is more fast and convenient.
Offline debit cards have the logos of major credit cards (e.g. Visa or MasterCard) or major debit
cards (e.g. Maestro in the United Kingdom and other countries, but not the United States) and are
used at the point of sale like a credit card.
Using this Visa card the bank also provides POS (Point of Sale), where customers can use the
card to directly puchase fuels, or get services from hotels like Dire International Hotels, Rift
Valley Hotels etc. Here, they can spend up to 5000 birr per day.
This type of debit card may be subject to a daily limit, and/or a maximum limit equal to the
current/checking account balance from which it draws funds. Transactions conducted with
offline debit cards require 2–3 days to be reflected on users’ account balances.
In some countries and with some banks and merchant service organizations, a "credit" or offline
debit transaction is without cost to the purchaser beyond the face value of the transaction,
while a small fee may be charged for a "debit" or online debit transaction (although it is often
absorbed by the retailer). Other differences are that online debit purchasers may opt to withdraw
cash in addition to the amount of the debit purchase (if the merchant supports that functionality);
also, from the merchant's standpoint, the merchant pays lower fees on online debit transaction as
compared to "credit" (offline) debit transactions.
13
iii) Prepaid Debit Card
Prepaid debit cards, also called reloadable debit cards or reloadable prepaid cards, are often used
for recurring payments. The payer loads funds to the cardholder's card account. Particularly for
US-based companies with a large number of payment recipients abroad, prepaid debit cards
allow the delivery of international payments without the delays and fees associated with
international checks and bank transfers. Web-based services such as stock photography websites
(istockphoto), outsourced services (oDesk), and affiliate networks (MediaWhiz) have all started
offering prepaid debit cards for their contributors/freelancers/vendors abroad.
Smart-card-based electronic purse systems (in which value is stored on the card chip, not in an
externally recorded account, so that machines accepting the card need no network
connectivity) were tried throughout Europe from the mid-1990s, most notably in Germany
(Geldkarte), Austria (Quick), Belgium (Proton), France (Moneo), the Netherlands (Chipknip and
Chipper), Switzerland ("Cash"), Norway ("Mondex"), Sweden ("Cash"), Finland ("Avant"), UK
("Mondex"), Denmark ("Danmønt") and Portugal ("Porta-moedas Multibanco").
The major boom in smart card use came in the 1990s, with the introduction of the smart-card-
based SIM used in GSM mobile phone equipment in Europe. With the ubiquity of mobile phones
in Europe, smart cards have become very common.
Clarifying further, smart cards are kinds of stored value system based on credit-card-sized plastic
cards that have embedded chips that store personal information. Where as credit cards store a
single charge account number in a magnetic strip on the back, smart cards can hold 100 times
more data, including multiple card numbers an information regarding health insurance, personal
identification, bank acconts and loyalty program such as frequent flyer account.
The capacity makes them more attractive alternate to carrying a dozen or so credir and ID cards
in physical wallets. Smart cards can also require can also require a password, unlike credit cards,
adding another layer of security.
In order for contact cards to be read, they must be physically placed into a card reader.
Have antenna built in that enables transmission of data without direct contact.
14
Advantages and Disadvantages of Debit Cards
Debit and check cards, as they have become widespread, have revealed numerous advantages
and disadvantages to the consumer and retailer alike. Advantages are as follows (most of them
applying only to some countries, but the countries to which they apply are unspecified):
A consumer who is not credit worthy and may find it difficult or impossible to obtain a
credit card can more easily obtain a debit card, allowing him/her to make plastic
transactions.
Use of a debit card is limited to the existing funds in the account to which it is linked
(except cases of offline payments), thereby preventing the consumer from racking up
debt as a result of its use, or being charged interest, late fees, or fees exclusive to credit
cards.
For most transactions, a check card can be used to avoid check writing altogether. Check
cards debit funds from the user's account on the spot, thereby finalizing the transaction at
the time of purchase, and bypassing the requirement to pay a credit card bill at a later
date, or to write an insecure check containing the account holder's personal information.
Like credit cards, debit cards are accepted by merchants with less identification and
scrutiny than personal checks, thereby making transactions quicker and less intrusive.
Unlike personal checks, merchants generally do not believe that a payment via a debit
card may be later dishonored.
Unlike a credit card, which charges higher fees and interest rates when a cash advance is
obtained, a debit card may be used to obtain cash from an ATM or a PIN-based
transaction at no extra charge, other than a foreign ATM fee.
Some banks are now charging over-limit fees or non-sufficient funds fees based upon
pre-authorizations, and even attempted but refused transactions by the merchant (some of
which may not even be known by the client).
Many merchants mistakenly believe that amounts owed can be "taken" from a customer's
account after a debit card (or number) has been presented, without agreement as to date,
payee name, amount and currency, thus causing penalty fees for overdrafts, over-the-
limit, amounts not available causing further rejections or overdrafts, and rejected
transactions by some banks.
In some countries debit cards offer lower levels of security protection than credit cards.
Theft of the users PIN using skimming devices can be accomplished much easier with a
PIN input than with a signature-based credit transaction. However, theft of users' PIN
codes using skimming devices can be equally easily accomplished with a debit
transaction PIN input, as with a credit transation PIN input, and theft using a signature-
based credit transaction is equally easy as theft using a signature-based debit transaction.
15
In many places, laws protect the consumer from fraud a lot less than with a credit card.
While the holder of a credit card is legally responsible for only a minimal amount of a
fraudulent transaction made with a credit card, which is often waived by the bank, the
consumer may be held liable for hundreds of dollars in fraudulent debit transactions. The
consumer also has a much shorter time (usually just two days) to report such fraud to the
bank in order to be eligible for such a waiver with a debit card[6], whereas with a credit
card, this time may be up to 60 days. A thief who obtains or clones a debit card along
with its PIN may be able to clean out the consumer's bank account, and the consumer will
have no recourse.
In the UK and Ireland, among other countries, a consumer who purchases goods or
services with a credit card can pursue the credit card issuer if the goods or services are
not delivered or are unmerchantable. While they must generally exhaust the process
provided by the retailer first, this is not necessary if the retailer has gone out of business.
This protection is not provided when using a debit card.
When a transaction is made using a credit card, the bank's money is being spent, and
therefore, the bank has a vested interest in claiming its money where there is fraud or a
dispute. The bank may fight to void the charges of a consumer who is dissatisfied with a
purchase, or who has otherwise been treated unfairly by the merchant. But when a debit
purchase is made, the consumer has spent his/her own money, and the bank has little if
any motivation to collect the funds.
In some countries, and for certain types of purchases, such as gasoline, lodging, or car
rental, the bank may place a hold on funds much greater than the actual purchase for a
fixed period of time[6]. However, this isn't the case in other countries, such as Sweden.
Until the hold is released, any other transactions presented to the account, including
checks, may be dishonored, or may be paid at the expense of an overdraft fee if the
account lacks any additional funds to pay those items.
While debit cards bearing the logo of a major credit card are accepted for virtually all
transactions where an equivalent credit card is taken, a major exception in some countries
is at car rental facilities. In some countries car rental agencies require an actual credit
card to be used, or at the very least, will verify the creditworthiness of the renter using a
debit card. In these unspecified countries, these companies will deny a rental to anyone
who does not fit the requirements, and such a credit check may actually hurt one's credit
score, as long as there is such a thing as a credit score in the country of purchase and/or
the country of residence of the customer.
The smart card is one of the digital icons of the Information Age. Smart card technology is being
applied in various ways to facilitate trade, gain access to services and products, verify identity,
and establish and influence relationships. In the UK there have been many applications, for
example, the electronic purse - Mondex, the Shell loyalty card and the Social Security Benefits
Card. Similar examples can be found in different parts of the world. In Spain a smart card has
been introduced for benefit payments and access to government databases. A smart patient data
16
card is being tested in a region of the Czech Republic to replace the paper-based system that had
limited capacity, was inaccurate, labour intensive to maintain and open to widespread abuse.
Two million smart cards have been issued to the poor in Mexico for distributing food and cash
benefits.
A recent study found that 27% of smart card applications were within banking, 18% within
health and welfare and 15% within transport. Other applications included; telecommunications,
identification, phone cards, retail loyalty schemes, metering, radio security, physical access and
gambling. The use of multifunctional smart cards was commonplace.
Smart cards have three broad functions; authentication, storing value and storing personalised
information. Authentication is concerned with ensuring only authorised individuals gain access
to systems and buildings. A smart card can be used as an electronic purse to store units of value
in different currency denominations as well as credit and other units of value such as bonus
points or air miles. Values can be replenished on a smart card. The smart card can also be used as
a portable storage device independent of some fixed location and with the capability of holding a
large amount of data of different forms and for different purposes but usually of a personal
nature.
Clearly there are beneficial outcomes from the application of smart cards. Realising these
benefits both for individuals and organisations may well profoundly change the relationship
between clients or consumers and suppliers or government bodies. A smart card that is your
passport, driving licence, credit and debit card, access to your place of work and your car
ignition key will undoubtedly alter relationships due to potential uneasiness about what data is
held, accessed and modified. Such cards are already being piloted. For example, in South Korea
a national citizen card is being introduced which is used as a driving licence, identity card,
pension card and medical insurance card.
17
Consider just one example. Smart card technology has the capability of addressing access,
independence and equality of opportunity issues for the disabled through facilitating adaptive
interfaces. Individual requirements could be stored on the smart card so that the interface at the
point of use would automatically adapt to the preferred customer verification method (for
example hand geometry), input (for example voice activation and speech recognition), operation
(for example reduced functionality) and output (for example large colour specific characters).
Contactless smart cards could be used to remove the necessity of card insertion into readers, to
unlock and open doors, to activate location signals, to increase road crossing times and to adjust
access heights of facilities.
There are potential pitfalls for individuals and society in general regarding smart card
applications and these include:
It has been suggested that a number of principles should be adhered to when considering if and
how a smart card scheme should be implemented. Of these the key principles are:
Smart cards must properly respect the legal and ethical rules pertaining to the rights of
the card holder
Individuals should have the right to refuse a cards
The card holder's prior consent is required for all uses of the card and disclosure of
information it contains
Cards should not be used as tools for overt or covert surveillance
Having decided to implement a smart card scheme certain design features seem appropriate and
are summarised as:
18
identified transaction trails should only be used where no acceptable alternative exists
identity should be safeguarded using pseudonimity
ensure integrity across applications on multi-purpose cards
the design of smart card schemes must be transparent to the individual
biometric and encryption key data should be held on the card
two way device authentication must be used
Smart cards offer great potential benefits to society. Given its pervasive nature careful policy,
design and implementation strategies must be in place. With these one can envisage a time when
the lack of ownership of a multi-functional smart card will result in a dramatic loss of
opportunity and of help in times of need for the "non-citizen". The aim must be to achieve
sensitive usage and ensure ordinary people are involved in the technological decision making
process which precedes application of smart card technology.
19