Mifare, Oyster and ITSO Cards Hacked Smart Card & Identity News

More documents

Recommendations

Info

attled queues at old machines and station windows. Liberal transport spokesman Tim Nicholls said the card was now facing credibility issues. Trial commuters had already told him they were not receiving discounts while encountering problems topping up the card. "We hope it is fine, but none of this bodes well for the future of smartcard," Mr Nicholls said. L-1 to Provide Fingerprinting For South Carolina Law Enforcement L-1 Identity Solutions, a supplier of identity management solutions and services, received a contract from the State of South Carolina, South Carolina Law Enforcement Division, to provide digital fingerprinting services for civil applicants statewide through the South Carolina EasyPath network. The three-year indefinite delivery/indefinite quantity contract has four possible one-year renewals and a potential value of $30 million if all options are exercised. Integrated Biometrics Technology, will provide the fingerprinting services and initially open five enrollment centers in Columbia, Greenville, Charleston, Myrtle Beach and Rock Hill, with plans to increase service to more than 30 locations throughout the State. State-of-the-art L-1 Enhanced Definition TouchPrint live scan systems will be used to collect fingerprints. It is expected that approximately 500,000 applicants will be processed through the new system, which is expected to be fully operational by early 2008. website: www.l1id.com INSIDE Contactless Receives $38m Funding For NFC INSIDE Contactless, a provider of contactless payment chips and NFC technologies, announced a new round of investment led by Nokia Growth Partners, the global private equity and venture capital management arm of Nokia. This new investment round of €25m ($38m), will allow the company to accelerate its international presence and broaden its product portfolio. "This is more than a financial investment, this is about a strategic partnership with key players who are committed to building and driving the NFC Smart Card & Identity News • January 2008 eco-system", says Rémy de Tonnac, CEO of INSIDE Contactless. "Three years ago a similar strategic investment was made with Visa which brought the company to a leading position in the field of Contactless payment. We hope that this new development for INSIDE will lead to a similar success in the NFC market." website: www.insidecontactless.com Near Field Communication Forecasts Revised Downward The worldwide market for contactless technology in transportation ticketing and contactless payments grew more than 15 percent in 2007. The market now stands at a value of more than $200 million but will reach more than $820 million by 2013, according to the latest market analysis from ABI Research. Positive growth in contactless card rollouts took place during the last half of 2007, while the uptake of contactless capabilities in mobile handsets - dubbed NFC (Near Field Communication) - continued to be stymied by difficulties in bringing the technology to the consumer market. Accordingly, NFC handsets did not ship in any volume toward the end of 2007 and the market will remain limited for the first half of 2008. ABI Research now believes there will be longer than anticipated delays to NFC deployments and has again adjusted its latest quarter and next annual figures accordingly: the previous forecasts for total NFC device shipments stood at 1.1 million for 2007, and 9.81 million for 2008. The revised forecast stands at 0.65 million and 6.52 million respectively. However, says Collins, "Given the strength and interest among carriers around the world for NFC, our long-term forecasts remain unchanged." The bulk of the growth of contactless demand over the next five years will stem from the uptake of contactless payments from cards and mobile handsets. Europe took its first real steps toward contactless payment adoption in 2007. The initial UK contactless rollout in London that began in the second half of the year will prove a bellwether for the technology in Europe, especially given the scale of the initial rollout and the integration of contactless with the established EMV smartcard payment system. website: www.abiresearch.com 8
Carl-Otto Künnecke Growing market for PIN applications By Carl-Otto Künnecke Managing Director, OK systems Personal Identification Numbers (PINs) are very versatile and can be used for manifold applications. They are not only utilized in the banking sector (mostly for debit and with an increasing number also for credit cards), but also become more and more important for health insurance funds, where secure data are protected with a password on the chip of a health card. PINs are also employed for ID cards as for example the new German ID card. In this case PIN and chip form a digital signature which can be applied in the field of e-government, signing of contracts or secure entry into public facilities. In general, the PIN consists mostly of four characters (like they are used to access ATMs). However, some applications require PINs with more characters. The PIN is generated via an encryption procedure using different algorithms such as DES (symmetric Data Encryption Standard), RSA (asymmetric encryption system) or ISO 9564-1. The entire PIN handling is situated in rooms with highest security levels. If PINs and cards are personalized in the same building, the processes must be physically disconnected from each other. Due to this risk, PIN personalization is mostly completely separated from card personalization. The outsourcing trend visible in the card personalization sector does not have the same momentum for the PIN personalization process. Even though PINs have become indispensable in bank applications, there is no Visa/ Mastercard certification for PINs. This affects the products itself as well as PIN generation and transportation to the end customer. More than ever, transportation is an extremely insecure element when PINs are forwarded to the end customer or bank agency. In countries where bank cards are sent directly to the customers the PIN is dispatched delayed by a few days or sent prior to the card mailing. The common understanding is that PIN and card should never meet in the same post box on the same day. In cases of indirect distribution where the card holders have to fetch their card and PIN at the local branch office packages of cards and PINs are often sent by separate courier to the branch. In just a few cases cards and PINs go together with the same carrier and in the same envelope. What seems to be a high risk can be discounted when PIN and card are not activated yet. In case of stolen or opened envelopes the cards and PINs are of no use at all. Either by activating the package at the bank office or by special telephone verification the issuer activates PIN and card and the customer can use it. The reason for financial institutes to use this approach is reducing dispatch costs because postage is the biggest portion of the whole product in most cases. By sending only one product the banks save production costs as well as costs for dispatch and courier services. And the costumer will get one product instead of two. Besides this classic process where a printed PIN is used with paper, there are some cases where electronic transmission is employed like in China. Or – like in Korea – the PIN is generated through the application form when a card holder applies for a new card. However, due to high security risks these are only exceptions. Traditionally, PIN letters have been generated on 3-layered carbon copy paper, and have been labelled with address and PIN on needle printers. Due to visual aspects and security risks this process is not contemporary any more for many banks. Card carriers and enclosures convey the marketing ideas of the financial institute and the PIN stills looks like in the beginning of the computerized era. So the change in demands for a new product which fits the overall corporate design of a financial institute is mostly based on new marketing needs, but also on the fact that in many countries banks issue several PINs for each customer: one for ATM, one for electronic banking and sometimes even a third one for ATMs abroad. The oldfashioned “dot.matrix” makes this impossible and thus application and layout have to be changed. Therefore, some new processes have been established on the market. All these processes use laser printers to print the information on the PIN letter. The advantage is that significantly more information can be forwarded to the end customer. As another benefit the issuers can also use their own color logos and thus make the PIN letter a means of advertising. The foundation for all processes currently available on the market is the issuers’ need for corporate design, secure products and production processes as well as costs for the consumables. Smart Card & Identity News • January 2008 9
Page 1 and 2: dentity News • Smart Card & Ident
Page 3 and 4: Contents Regular Features Lead Stor
Page 5 and 6: Payzone To Target The 'Unbanked' Wi
Page 7: What are the changes or differences
Page 11 and 12: Versatile Hardware Security With Cr
Page 13 and 14: True Hardware-based Security Crypto
Page 15 and 16: It is important to note that the cr
Page 17 and 18: attacks. The Mifare card because it
Page 19 and 20: Buying into Contactless Payment By

Mifare, Oyster and ITSO Cards Hacked Smart Card & Identity News

Create successful ePaper yourself

Delete template?

Save as template?