Smart Card & Identity News A New Flavour for eCash

dentity News • Smart Card & Identity News • Smart Card & Identity News • Smart Card & Identity News • Smart Ca
ews • Smart Card & Identity News • Smart Card & Identity News • Smart Card & Identity News • Smart Card & Id
mart Card & Identity News • Smart Card & Identity News • Smart Card & Identity News • Smart Card & Identity Ne
rd & Identity News • Smart Card & Identity News • Smart Card & Identity News • Smart Card & Identity News • Sm
dentity News • Smart Card & Identity News • Smart Card & Identity News • Smart Card & Identity News • Smart Ca
March 2012 Volume 22 • Number 3
Smart Card & Identity News
Smart Cards, SIM, Payment, Biometrics, NFC and RFID
www.smartcard.co.uk
A New Flavour for eCash
1 • A New Flavour for eCash
7 • Overall Growth in CEE Cards
Market Masks Contraction in Several
Countries
10 • Making Money on the Move More
Secure
16 • Indian GSM Phone Networks
Fail to Meet Basic Encryption
Standards
At the Digital Money Forum in London this month Marc Brule the CFO of
the Royal Canadian Mint outlined the research they have been doing on the
evolution of currency. He explained the need to be able to handle cash like
transactions on the internet and how it might be achieved by an asset
transfer model which for those who were around in the 90’s might appear to
be reminiscent of Mondex. There are still a lot of people around who think
Mondex got it right but just 20 years too early.
Electronic cash has long been the holy grail of payment systems largely
because it’s the one area into which the current payment system players can
expand. This of course includes PayPal as well as Visa and MasterCard. The
properties of cash such as anonymity and immediacy without transaction
fees are of course diametrically opposed to the classic credit and debit card
systems for which the players have to validate the authenticity of each
transaction and are so involved in the transactions that they also have to
manage disputes and chargebacks. It goes without saying that this will incur
fees.
There are three ways to address a cash like electronic alternative,
1) Minimize the costs associated with the classical 4-Party model
2) Aggregate small value transactions for example as per a subscription
model
3) Remove the need for intermediaries in the individual transactions
Continued on page 4….
©2011 Smart Card News Ltd., Rustington, England. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in
any form or by any means, electronic, mechanical, optical, recording or otherwise, without the prior permission of the publishers.

Smart Card & Identity News
Published monthly by
Smart Card News Ltd
Head Office: Smart Card Group,
12 Meadway, Rustington,
BN16 2DD
Telephone: +44 (0)1903 734677
Website: www.smartcard.co.uk
Email: info@smartcard.co.uk
Researcher– Patsy Editorial Everett
Researcher – Patsy Everett
Technical Researcher –
Dr David Everett
Production Team – John Owen,
Lesley Dann, Adam Noyce
Contributors to this Issue –
Conie Mutters, Ian Hermon,
Eli Hizkiyev, RBR
Photographic Images –
Dreamstime.com
Printers – Hastings Printing Company
Limited, UK
ISSN – 1755-1021
Disclaimer
Smart Card News Ltd shall not be liable
for inaccuracies in its published text.
We would like to make it clear that
views expressed in the articles are those
of the individual authors and in no way
reflect our views on a particular issue.
All rights reserved. No part of this
publication may be reproduced or
transmitted in any form or by any
means – including photocopying –
without prior written permission from
Smart Card News Ltd.
© Smart Card News Ltd
Smart Card & Identity News • March 2012
Patsy Everett
Our Comments
Dear Subscribers,
Once more the annual Digital Money Forum
clicked into life in London’s east end on the
28/29th March. Mine host David Birch was his
normal self, shaking the tree of established
thinking to see if any interesting apples fall out.
Of course they always do, it’s whether you
notice it at the time!
Anette Brolos from the Copenhagen Financial IT Region (CFIR) got
the day rolling by discussing their project in Denmark that is looking
at the future of money and their vision of a cashless society.
Denmark of course was very early into the game with the Dankort
(debit card) and Dancoin. Anette reminded us that cash costs about
€26 Bn to manage in Europe and the impact that this has on
business. As has been pointed out in our lead article this month the
cost of cash is often hidden away because it’s not obvious who is
paying the bill. But we know this, don’t we? But also there is the
environmental burden, the impact of crime and isn’t money just plain
filthy? We are always hearing about how much cocaine you can find
on a standard used currency bill.
However not to be put off Anette seems clear that one day there will
be a cashless society (more or less) brought about by a number of
scenarios of which social development will be a substantial element
in our future. It goes without saying that technology will also have its
say with mobile wallets, NFC, bar codes and the like. But Anette
ended with a closing thought by telling us that according to a Danish
national bank study, cash is four times more expensive to use than
the Danish debit card (Dankort).
Now here’s the thing, if this is true and we hear similar figures for the
UK as well as the rest of Europe, who is promoting the continued
use of cash?
Of course everybody will tell you it is the criminals, organised crime
and the like that need the anonymity and fluidity of cash to harvest
their crimes. We might mention the grey economy (it just sounds
better than black) which everybody seems to do that gets you a lower
bill if you pay in cash or if you really don’t want people to know what
you are doing and you really don’t want to be traced.
I want to suggest that this is actually only a part of the story,
behavioural economics comes into this in a bigger way than you
might imagine. The truth is that people don’t like change. There is an
old tale that tells you that promoting radical new ideas are at best
ignored but in general are heavily criticised and resisted by those with
established positions. Only a small number of people follow a vision
and they are usually the ones closest to the evangelist. Sometimes this
can of course create a church of followers and this was perhaps the
greatest talent of Steve Jobs. If I’m right on this with the unfortunate
demise of Steve, then Apple has reached its pinnacle and only has
one way to go. You can do experiments in the laboratory to show
that all of this is normal human behaviour.
2

What I’m hinting at here is that there are a large number of players who are not motivated to a cashless society in
the visionary way and that obstacles are likely to appear that will slow progress in this area. So the challenge here
is to identify the source of the vision, is it the consumer, is it business, is it the government? Who is it that really
wants a cashless society? Answers on the back of a postcard please before the price of the stamps goes up by
25%.
Gill Ringland from SAMI Consulting brought up my favourite subject of what happens in 2050? Of course we
don’t know and back to behavioural economics we are lousy at predicting what is likely to happen. However
here I have a method, if in doubt you need to study your science fiction books have a look at how they are
paying in the year 2050 – they aren’t, there I’ve given you a clue, in 2050 we don’t need to buy things we just
exist in some environment where what we need is just provided. So wandering around the universe in our space
ship, you name it, we’ve got it.
I’ve got carried away here, this is not what Gill said at all, she was into the Washington Consensus originally
from the economist John Williamson in 1989 which is all about the economic prescription for developing
countries or at least that’s what he intended, will that hold in the future or will we be into some new paradigm?
I can’t leave the forum without mentioning David Wolman who has written about ‘the end of money’ as we
know it, see his book on Amazon and also Marc Brule from the Royal Canadian Mint on the future of currency.
How’s that for two extremes but actually if you read David’s book you’ll realise it’s not and we have talked about
the Royal Canadian Mint in our headline article this month.
Exciting times, it reminds me of the 90’s, lots of things are happening in our space. The smart card chip might
be well established but the applications surrounding mobile phones, NFC, barcodes and tablets well that’s a
whole new universe.
Patsy.
Contents
Regular Features
Lead Story . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Events Diary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
World News In Brief . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5, 9, 12, 17
Industry Articles
Overall Growth in CEE Cards Market Masks Contraction in Several Countries . . 7
Making Money on the Move More Secure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Indian GSM Phone Networks Fail to Meet Basic Encryption Standards. . . . . . . . 16
Events Diary
April 2012
19 Mobile & Contactless Payments - www.smi-online.co.uk/training
24-26 Infosecurity 2012, Earls Court, London - www.infosec.co.uk
25-27 Cards & Payments Asia, Suntec Singapore - www.terrapinn.com/exhibition/cards-asia
25-27 Prepaid Cards Asia, Suntec Singapore International Convention and Exhibition
/ /
3
Smart Card & Identity News • March 2012

Events Diary
May 2012
14-17 Mobile Money 2012 - http://www.mobile-money-gateway.com/event/mobile-moneyafrica-2012v
15-16 Cards & Payments Middle East- http://www.terrapinn.com/exhibition/cards-andpayments-middle-east/index.stm
21-23 Security Document World 2012, Queen Elizabeth II Conference Centre, London, -
http://www.sciencemediapartners.com
Source: www.smartcard.co.uk/calendar/
…. Continued from page 1
The Royal Canadian Mint has gone for the third approach by adopting a direct asset transfer model. There are
advantages and disadvantages of each approach which we will look at in more detail.
The 4-Party model is that commonly seen today when paying with a credit or debit card. The bank holds the
consumer’s accounts for which funds can be either pre-paid or post-paid. The bank that holds the account is
called the Issuer because it traditionally issues a card which allows the consumer to access their account. The
consumer is called the CardHolder because they traditionally hold the card that gives access to the account. The
Merchant is the provider of goods or services to the cardholder in exchange for payment. The fourth member
of the set is the merchant Acquirer which is the bank or service provider that acquires the transactions for
clearing and settlement within the networks of the financial institutions. In other words the Acquirer has to get
the funds from the Issuer on behalf of the merchant.
It doesn’t take very long to appreciate that all these various parties have costs and therefore want to charge fees
for their payment services. The Issuer charges an Interchange fee for the costs of managing the cardholder
relationship, the acquirer charges for the costs of managing the transaction (which will include an authentication
and authorization process) and the network processing costs applied by the payment operators such as Visa and
Mastercard. All these fees of course are accumulated and get applied to the merchant, sometimes called the
merchant discount fee. These fees are applied per transaction and for a small merchant may be 3% or more for a
credit card transaction. Debit card transactions are usually a fixed fee per transaction and for a small merchant
may be 25 pence or more per transaction.
It is immediately obvious that this 4-P model is unlikely to be economically feasible for very low value
transactions of a few pounds or less. In the cash world these small value payments dominate the market.
So the question is how can we reduce the cost of these 4-P model transactions. That’s not easy and the approach
adopted by the payment operators to date has been to remove the on-line authentication/authorization step.
Effectively what the Issuers are doing is taking the risk on an off-line transaction if the value is low enough (e.g
$20 or less). However ignoring the details for the moment it is clear that there is an increased risk and only a part
of the costs have been reduced. In addition you would want to minimise the risk of card fraud and at the least
would want the consumer to be using a secure smart card. This is really not a place for a magnetic stripe card.
From the consumers point of view there is an advantage because the Issuer often has to bear part of the
transaction risk under the various consumer protection laws and of course if you lose your card you don’t lose
your money (assuming you report it to the bank).
You don’t need a degree in economics to realize that this still isn’t going to work for transactions with a value of
say less than say $5 and in the virtual world of the internet there is a need to handle transactions perhaps less
than $1. The ultimate test is whether you can handle a transaction of 1 cent? Not by the 4-P model!
Smart Card & Identity News • March 2012
4

The second approach to handling low value payments is to have some form of aggregation. What you want to do
is to avoid the 4-P overheads of handing individually small value transactions. Cardis is a company
http://www.cardis-international.net/ that has been working on this for some time with a scheme that does
effectively aggregate small transactions leading to reduced costs. They have recently announced that Austria’s
Raiffeisen Bank International is to use Cardis software plug-in for low value payments in Q2 this year.
The other approach to aggregation is effectively a subscription model where you lodge funds with a service
provider on a pre or post-paid relationship. What is clear is that you are effectively setting up an account with the
service provider and although it is a closed system (only you and the service provider) there are still the
overheads of the service provider having to authenticate the consumer requests. This part of the transaction is
no different to the 4-P model and if the scheme is post-paid then there is also the risk overhead of the service
provider not being paid. Apple’s iTunes is effectively a subscription model. From a consumer’s point of view
this works with any intermediary you regularly use such as Amazon or iTunes, we will however save discussion
on the 30% fee taken from the service providers by Apple for another day. Can you do a 1 cent transaction?
Mmmm now that also seems unlikely because you still need to cover the overheads.
And then not last is the third model where the transaction does not require intermediaries. This is the approach
being adopted by the Royal Canadian Mint in their current R&D project. This is of course exactly analogous to
the use of cash. I can make a payment to you (in the physical space) where no third party is involved in the
transaction. In this case the asset is being handed from person to person. What the Mint has been working on is
the ability to do this electronically in the internet world so again you can pass 1 cent from person to person.
Now of course nothing really comes for free, in the UK it has been estimated that it costs £4 Bn per year to
manage cash. It is the cost of collecting it all up, counting it and securely distributing it between merchants,
banks and consumers.
Now this is the $64K dollar question (just changing currencies for the moment), can you electronically manage
electronic cash without hidden overheads? Mondex actually had a good go at this back in 1990 (can you believe
it’s that old) and suffered with a lack of infrastructure. There were few mobile phones in those days and who do
you know that was using the internet. So let’s see what happens to a 21st century approach to electronic cash.
Conie Mutters (Analyst, Electronic Payment Systems)
Ed: Since this article was written the Royal Canadian Mint has gone public with a developer Challenge to
test and gather industry ideas www.mintchipchallenge.com for its MintChip eCash system. They have provided a
lot more information on their web site which we will review next month.
World News In Brief
American Express Unveils P2P
Money App for Facebook
Serve from American Express has announced an
application that allows friends to send, receive and
request money from directly within Facebook.
The Serve app is currently the only application
available on Facebook that allows friends to send
requests and receive payments in just a few clicks.
"The way people exchange money is evolving, and
so is Serve," said Dan Schulman, group president,
Enterprise Growth, American Express.
"We're constantly working to bring our customers a
seamless and consistent payment experience -- one
that makes sense for our increasingly social lives,
Smart Card & Identity News • March 2012
whether that's paying a friend back for movie
tickets or sending someone money for your share of
the vacation house -- it can now be sent on
Facebook."
Exchanging money with friends takes three simple
steps:
Choose your friend to send money to, enter the
dollar amount, and click send.
Facebook friends are automatically populated
directly into the app's interface, so there is no need
to worry about finding a friend's email address or
gathering additional information. Once completed,
a message is immediately posted to the recipient's
Facebook wall providing directions on where to
collect their money or to sign up for Serve.
5

To request money the process is just as easy,
choose a Facebook friend who owes you money,
send a request and get paid back.
HID Global President and CEO
Speaks on CEO Vision Panel at ID
World Abu Dhabi 2012
HID Global has announced that the company's
president and CEO, Denis Hebert, will speak on
auto ID technology developments and the future of
credentials as part of a CEO panel during ID World
Abu Dhabi 2012, March 18-19 at the Emirates
Centre for Strategic Studies and Research in Abu
Dhabi, United Arab Emirates (UAE). Hebert will
also provide insights on the role of RFID
technology for machine-readable travel documents
and other government-to-citizen ID applications.
Also speaking at the conference will be HID
Global's Thomas Harenberg, vice president of sales,
Middle East and Africa, Government ID Solutions
- who will share his perspective on the future of
government ID programs including critical success
factors and emerging trends.
Harenberg will also explore the most pressing
government concerns, worldwide, including the
requirements to increase information system
security and improve electronic administration cost
efficiency, which are both critical factors driving the
evolution of advanced ID credential programs.
Raisonance Partners with Galitt to
Promote Smart Card Tools in North
America
Raisonance has partnered with Galitt Canada to
reinforce sales and technical support for customers
across North America.
Fuelled by booming interest in Near Field
Communications (NFC) for mobile phones and
notably in payment applications, Raisonance is
experiencing a corresponding increase in demand
for the test and certification tools that ensure the
reliability of this complex technology.
"To meet this increased demand and address the
concerns related to certification of payment
applications, it is essential to have a partner capable
of addressing both concerns. With Galitt's extensive
experience in smart card and EMV testing, we are
confident that they will offer both excellent counsel
and support for our North American customers,"
according to Benoit Hedou, Director of the
Raisonance Smart Card Test activity.
Smart Card & Identity News • March 2012
Ingenico, Santander & Orange
Develop the 1st Payment System with
Multi-brand NFC Mobile
Ingenico has worked together with Banco
Santander and Orange on the development in Spain
of the first payment system with multi-brand NFC
mobile, which will enable users in the city of Group
Santander, near Madrid, to make purchases of any
amount simply by putting their mobile telephone
close up to the sales point terminal. Ingenico has
been entrusted with providing state-of-the-art
contactless wireless terminals for this pioneer
project which will have a test stage in the Group
Santander City, with 40 sales points, and in shops in
Boadilla del Monte, Madrid.
The company has also undertaken the technological
development of these terminals so that they can
accept payment through NFC technology.
The system developed, based on NFC (Near Field
Communications) technology, will also allow its
users to make payments in places like restaurants,
convenience stores and "vending" machines in the
Group Santander City, as well as obtaining
information from the services that they can find on
it, through an advanced system of NFC labels.
It is the first time that it has been possible to make
contactless payments of any amount with the main
payment systems providers, MasterCard and Visa,
at the same time on the same terminal. The project
has been developed in co-operation with Banco
Santander, Orange, Oberthur Technologies, Visa,
MasterCard, Redsys and RIM.
NantWorks Releases iPhone App
That Helps the Blind to See
NantWorks LLC has released its much anticipated
'LookTel Recognizer' app at California State
University Northridge Centre on Disabilities' 27th
Annual International Technology and Persons with
Disabilities Conference.
LookTel Recognizer enables blind or visually
impaired users to recognise an object instantly by
simply pointing their iPhone camera at it and
listening to the phone tell them what it is.
Recognition happens in real time, with no need to
hold the Camera still or take a photo.
The app will identify many everyday objects from
packaged goods at the supermarket to identity
cards, as well as premise locations.
6

Overall Growth in CEE Cards Market Masks
Contraction in Several Countries
The number of payment cards in central and eastern Europe grew by 10% between
2008 and 2010 – this is one of the main findings in “Payment Cards Central and Eastern
Europe 2012”, the latest edition of RBR’s highly respected report on 14 key payment
cards markets in the region. Breaking the region down into countries showed, however,
that in four markets – Bulgaria, Estonia, Poland and Romania – the number of cards
actually fell over the same period.
In most cases this was due to the withdrawal of cards as a result of the global financial crisis, particularly in the
credit card sector.
Russia dominates growth once again
As we have become accustomed to seeing in recent years, Russia accounted for the vast majority of the growth
in the number of cards in the region between 2008 and 2010. Out of the 27 million new cards issued over that
period, 25 million were in Russia. Most of these Russian cards were issued in 2010 when domestic banks had
mostly resolved problems with their consumer lending businesses – which had performed poorly in 2008 and
2009.
Russia also accounts for nine out of ten prepaid cards issued in the region. One reason why so many prepaid
cards have been issued in Russia is that they are not reloadable – the cardholder must use all funds stored on the
card before it expires, and then take out a new card. Prepaid cards are mainly used for payments over the
internet and mobile phone top-ups. The vast majority of prepaid card products are managed by non-bank
organisations, although these cards are issued under bank sponsorship.
Number of Payment Cards in Central and Eastern Europe, 2006-2010 (million)
Source: Payment Cards Central and Eastern Europe 2012 (RBR)
Domestic payment cards accounted for just 9% of the CEE total at the end of 2010. Visa (including Visa
Electron and V PAY cards) and MasterCard (including Maestro and MasterCard Electronic products) accounted
for 99% of international cards in the region, with American Express cards accounting for most of the remainder.
Visa products are the most numerous in CEE with 52% of the total, followed by MasterCard with 38%.
Smart Card & Identity News • March 2012
7

Card payment value in CEE surpasses EUR 110 billion
The volume of card payments grew at a much quicker rate than the number of cards between 2008 and 2010 –
49% compared to 10%. Once again, Russia was responsible for the largest share of growth in the volume of
payments, but Poland also made a significant contribution. Polish cardholders are becoming increasingly
confident about using cards, while the acceptance network has also been growing.
A total of EUR 111 billion was spent on cards in the CEE region in 2010, up from EUR 90 billion in 2008. For
a number of years, Slovenia has had by far the highest average card spending per adult, followed by Estonia.
Bank account holding is extremely prevalent among Slovenian adults and salaries are rarely paid by any means
other than credit transfer. Furthermore, Slovenia’s infrastructure is advanced, with most outlets accepting cards,
and the pay later sector (specifically charge cards) is better established in Slovenia than in most other countries in
the region.
Over 90% of EFTPOS terminals are EMV-compliant
There has been considerable growth in acceptance networks throughout CEE. Even more developed markets
such as Poland, where certain merchant sectors (e.g. petrol stations and supermarkets) are approaching
saturation, have seen considerable growth. There remain many markets where there is room for further
advances, even under existing pricing and acquiring conditions.
The number of EFTPOS terminals grew considerably between 2008 and 2010 – by 20% to 1.3 million. The vast
majority of units are in Russia and Poland. These two countries account for 680,000 terminals, while no other
country has more than 100,000. Russia accounted for the largest share of new installations, while the Czech
Republic, Hungary and Kazakhstan also witnessed significant growth.
When the number of terminals is compared to the size of the population, Croatia, Estonia and Slovenia are the
largest markets. The first two were also the only markets in the region with less than 100 payment cards per
EFTPOS terminal, compared with the CEE average of 224. Kazakhstan, Russia and the Ukraine hold vast
potential for the deployment of new terminals as the ratio is well over 300 in each of these markets.
CEE banks have generally made more progress in upgrading EFTPOS terminals than in reissuing cards. Overall,
the most advanced countries are the Baltic markets (Estonia, Latvia and Lithuania), and the Czech Republic.
Some countries, such as Russia and the Ukraine, continue to lag behind.
8
Smart Card & Identity News • March 2012

World News In Brief
Cryptomathic Invents Cloud Wallet
Independent e-security solutions expert
Cryptomathic has invented the market's first 'Cloud
Wallet', a ubiquitous secure mobile wallet.
The Cryptomathic Cloud Wallet enables a secure
payment application to run off a connected, trusted
platform that is accessible through a network such
as the internet. It securely links the user and all their
devices - such as a smartphone, tablet or personal
computer - to their wallet.
This new method offers an alternative approach to
providing secure payment applications, which today
are generally delivered through either EMV chips
embedded in payment cards or secure elements of
smartphones. The Cryptomathic Cloud Wallet will
be of particular interest to payment schemes and
issuers as it addresses all the users' connected
devices while allowing the overall system to be
driven based on risk parameters; exactly like their
core business today.
Once a cardholder has enrolled their devices with
the Cloud Wallet, they can use their wallet to make
any number of transactions using any of their
enlisted devices. The Cloud Wallet can be used, for
example, to make near-field-communication (NFC)
payments at point-of-sale, enhance the security and
experience of the 3D Secure form of verification, or
even perform full-scale EMV-type transactions
between the cardholder and merchant.
Matt Landrock, CEO of Cryptomathic USA,
comments: "The Cryptomathic Cloud Wallet offers
a new approach to e-payments, and how this can be
delivered and managed by the payments industry.
This highly secure solution provides payment
schemes and issuers with full control of the
payment applications, without having to negotiate
complicated business relationships with mobile
network operators and without having to modify or
enhance the end-users devices. With over 25 years'
experience providing security to the banking
industry, we are delighted to announce this
groundbreaking invention."
Spire Supplies Mobile Card Payment
Terminals to Enterprise
Car (Enterprise) to provide a flexible, secure and
convenient mobile payments system.
Spire Payments has recently deployed its M4230
mobile card payment terminal to 350 Enterprise
office locations across the UK. The M4230 is a fully
accredited, secure chip & PIN device that takes
credit and debit card transactions at mobile
locations using GPRS as its method of
communication.
At the same time, and in conjunction with Spire,
TS3 Services Ltd has developed a solution that
enables Enterprise to easily process refunds and
secondary additional transactions for customers
wanting to extend their car rentals using the
payments industry innovation of Tokenisation. As a
result Enterprise can now cross reference any
subsequent transactions with a unique token which
the merchant can use in place of the original card
details.
"Spire's M4230 mobile handheld terminal authorises
the payment instantly and is perfect for any
application where payment needs to be taken off
premises, providing a clear customer service
advantage for Enterprise over its competitors."
Your Details Sold for Just TWO
Pence
Thousands of Britons are having their credit card
information, medical and financial records sold by
Indian call centre workers for a little as 2 pence
according to a report in The Sunday Times.
Undercover reporters met two men claiming to be
IT workers from several of the call centres. The two
data traders boasted on having 45 different sets of
personal information on nearly 500,000 Britons.
Many British companies outsource their services to
India, but due to the outrage over the use of foreign
workers some companies have already withdrawn.
Indian authorities are struggling to combat the
corruption, due to the unwillingness of companies
keen to avoid the negative publicity in reporting
data losses.
Spire Payments, the payment terminal provider and
the new name for Hypercom in the UK and Spain,
announce it has partnered with Enterprise Rent-A-
Smart Card & Identity News • March 2012
9

Making Money on the Move More Secure
Ian Hermon
Introduction
While different mobile payment methods jostle for top position,
a similar contest is underway concerning the security of these
new cashless services. Ian Hermon, Product Marketing
Manager, Thales e-Security, takes a look at the challenges in
establishing a solid foundation for secure payments on the
move.
With mobile phones set to become as indispensable as a wallet for buying goods and services, mobile payment
developments are rapidly gathering pace and different service providers are competing for their slice of the pie.
Last year, for example, saw the arrival of MasterCard’s PayPass scheme in the US while Google launched its
Android-based eWallet scheme and Starbucks trialled its Quick Tap PayPass service.
A recent study from Juniper Research forecasts that mobile contactless payment transactions are expected to
reach nearly $50 billion worldwide in 2014 and NFC solutions will be launched in 20 countries within the next
18 months.
But before adoption begins to accelerate towards these levels, not only is there much debate to be had around
which type of scheme works best in practice but also about which mobile payments security method is the most
robust.
Standardisation
As with traditional payments, standardisation is essential to bring about the time and resource benefits to the
industry. Several successful standards are already gathering momentum in providing a secure mobile payments
ecosystem:
• Managing Mobile NFC Services – The Trusted Service Manager (TSM) acts as an intermediary between
Mobile Network Operators (MNOs) and any third party service provider that wishes to add a service to
a mobile phone. GlobalPlatform’s ‘System Messaging Specification for Management of Mobile-NFC
Services’, defines the messaging between each of the three parties to ensure secure ‘provisioning’ of
services to the phone.
• The SIM Alliance Open Mobile API – Apps which use the Secure Element (the cryptographically
protected piece of hardware on newer mobile phones) to secure their critical operations such as
banking, payments or transport tickets, can have a component running in the phone’s operating system
so that the user can securely interact with the keyboard/touch screen and enjoy a rich graphical user
experience. The SIM Alliance Open Mobile API enables apps developers to use the additional security
of the Secure Element more easily, be this in a UICC SIM, a dedicated Secure Element built into the
phone, or a secure SD card, by providing a common means of interfacing with it.
• Trusted Execution Environment (TEE) – The Secure Element looks after critical data on the mobile
handset but it cannot easily host apps with a highly developed or cutting edge user interface. Apps that
require complex user interactions must run on the phone’s main processor. The Trusted Execution
Environment is designed to secure these apps and GlobalPlatform is leading the standardisation and
interoperability in this area to ensure that data and apps are adequately protected. For example, payment
apps that run their user interface in TEE and their transaction security in the Secure Element would
have an extremely high level of security.
Smart Card & Identity News • March 2012
10

Such standards help the industry work together and benchmark best practices but they remain just one
fundamental element of contributing to successful mobile payment security. Technology that makes the security
of provisioning mobile payment applications as secure as issuing cards is also required, to build that much
needed consumer confidence.
Consumer fear around fledgling mobile payments techniques often centre on security issues. Much of this
reticence to adopt mobile payments comes from the perceived risk of data being intercepted during a
transaction. But threats exist at every stage of the mobile payment lifecycle, including how to get a payment app
onto a phone securely and efficiently in the first place. Building the data needed to issue a payment application
and create the secure messages to personalise a handset can be a lengthy and inefficient process, the numerous
cryptographic functions posing a risk of exposing sensitive data.
This initial set-up process or ‘provisioning’ normally happens over-the-air (OTA). It is a process that increases
security risks due to the number of parties involved - typically the payment application provider (usually a bank),
a Trusted Service Manager, the Mobile Network Operator, and the end user. A critical success factor is keeping
this process highly secure to ensure that no data is compromised. Successful provisioning uses unique
personalisation keys, to not only protect the loading of information onto a device but also the subsequent
transactions made by the application.
As secure as traditional cards
By applying the latest cryptography methods, users can ensure that ‘provisioning’ happens as securely as possible
and at the same level as issuing traditional payment cards. Providers of physical cards tend to prefer Hardware
Security Modules (HSMs), which generate and protect the encryption keys that are essential to managing
issuance risk. This approach is also relevant for provisioning services to a mobile phone and can greatly simplify
the process while simultaneously avoiding the vulnerability of keys stored in software. Overall, the main benefit
of an HSM is to secure encryption keys and sensitive data in a way which ensures that such data is never
exposed. In this way, the risk for the service provider is significantly reduced.
However, while encryption is essential to the security of mobile payments, it isn’t the sole answer. For maximum
security in this new payments channel, encryption must be teamed with authentication technologies that provide
protection for data exchange and authorisation.
Minimise the risk
As the mobile payment world continues to evolve at lightning speed, industry best practices are far from being
agreed, with operators and related parties still undecided about who should control the mobile wallet. But one
thing that lies firmly beyond discussion is that security remains the primary barrier to adoption for most
consumers.
Overcoming this concern is no easy task, requiring a combination of robust standards and best practice, coupled
with the right technical path to guarantee the experience is safe from the second that a user decides to download
a payment app. If any business wants to take advantage of the impending explosion in mobile payments, security
needs to be at the foundation of their approach to minimise risk and encourage widespread consumer adoption.
Smart Card & Identity News • March 2012
11

World News In Brief
Smart Payment Card Shipments Hit
One Billion in 2011
In 2011, for the first time in history, the number of
smart payment cards shipped annually to financial
institutions worldwide passed the one billion mark
(1044 million), according to figures released by the
Smart Payment Association (SPA)
http://www.smartpaymentassociation.com
The six SPA members, who represent more than
85% of the total available market, shipped 898
million smart payment cards (of which 90% were
EMV cards); a healthy 12% rise in volumes on 2010
figures.
The highest regional climb was recorded in the
Americas. Here, Canada's completion of its EMV
migration, the increasing adoption of chip and PIN
cards across Latin America and the first significant
volumes of EMV cards to be issued in the United
States all contributed to a +29% jump in shipments.
The Asia Pacific market was similarly buoyant in
2011, with the region showing a +26% increase.
The annual review highlights the ever increasing
penetration of contactless payment, with pure
contactless and dual interface payment cards
accounting for 15% (130 million) of SPA member
shipments in 2011. By investing in contactless cards
issuers are increasingly able to offer faster, more
convenient and more intuitive payment options to
customers; while investments made on the
acquiring side (terminals and infrastructure) are
paving way for the expected growth in mobile NFC
payments.
Veritec Rolls Out Blinx On-Off
Smart Toggle Debit Card
Veritec, Inc. announces the roll out of their Blinx
On-Off Smart Toggle Debit Card. Veritec's new
Smart Toggle Card can easily be toggled on and off
by using a mobile phone or the web. Card holders
can receive instant notification of card activities and
transfers of funds in real time, within the Veritec
system.
Veritec's technology includes a Proprietary Secure
Financial Card Processing Software Platform and is
the approved Third Party Processor of debit cards
for banks and Visa.
Veritec is the patent holder for proprietary twodimensional
Matrix Symbology, VeriCode and
VSCode.
Smart Card & Identity News • March 2012
The Codes assist in the secure identification of
people and products. The combination of a
financial debit card and a secure identification card
make Veritec's Multi-Purpose Cards unique in its
field.
2011 Fraud Losses Continue
Downward Trend
The latest payment fraud losses for 2011, released
on 7 March 2012, by the banking and card
payments industry show that credit card, debit card
and online banking fraud levels have fallen again.
This continued success is thanks to efforts by the
industry, partners, and importantly, customers.
Fraudsters' activities in other areas have caused a
minor increase in cheque and telephone banking
losses.
Fraud losses on UK cards fell 7% from £365.4m in
2010 to £341.0m in 2011, resulting in a three-year
reduction of nearly 45%. Losses are at the lowest
levels since 2000. This healthy trend is a result of
the industry's efforts to deter, detect and prosecute
fraudsters.
Online banking fraud losses fell 24% from £46.6m
in 2010, to £35.4m in 2011. This decrease has
occurred despite a continuing rise in phishing
attacks and attacks involving malware. Phishing
attacks are up 80 % from 2010.
Telephone banking fraud losses rose from £12.7m
in 2010 to £16.7m in 2011 (an increase of 32%).
Most losses involve customers being duped by
criminals, using fake emails or cold calling, into
disclosing their personal security details such as
telephone banking passcodes.
To read the full report visit:
www.theukcardsassociation.org.uk
First Contactless Payment Program
in the Canary Islands with Ingenico
Ingenico announced the deployment of 645 wireless
terminals for the first program of payments with
contactless Visa cards in the Canary Islands.
More than 5,000 clients of the financial entity
Cajasiete will be able to benefit from the advantages
of payment with the SINcontacto card in more than
500 stores throughout all the islands, putting the
Canaries at the forefront of this technology in
Spain.
12

Cajasiete intends to extend this type of payment
system to other stores and to more clients
throughout the Canary Islands over the next few
months. All the cards and stores which enable the
use of this technology will be identified with the
"Wave" icon to facilitate their recognition.
cheques and PayPal using one simple product. No
matter how consumers choose to pay, PayPal Here
makes it easy, giving small businesses more sales
opportunities. Merchants can accept payments by
swiping cards in the card reader, scanning cards and
cheques using their phone cameras, or manually
entering card information into the app. They can
also send an invoice and set payment terms directly
from the app.
NEC Develops Ultra-thin Organic
Radical Battery Compatible with IC
Cards
NEC Corporation has announced the development
of an ultra-thin, 0.3mm thick, organic radical battery
(ORB) that is compatible within standard IC cards
of 0.76mm thickness. The adoption of these ultrathin
ORBs featuring greater flexibility, higher power
output and faster recharging speeds than existing
rechargeable batteries, including lithium-ion
batteries, is expected to enable advanced new
functions in IC cards, electronic paper and other
technologies.
Conventional ORBs of 0.7mm thickness are
difficult for IC cards of standard 0.76mm thickness
to adopt. These new, 0.3mm ORBs are less than
half the thickness of existing units, a size reduction
that was accomplished by using printing
technologies to integrate circuit boards with
batteries. As a result, IC cards embedded with these
batteries can be used for a wide range of functions,
including displays, transmission and advanced
encryption processing.
PayPal Unveils PayPal Here
PayPal announces PayPal Here, the world's first
global mobile payments solution that allows small
businesses to accept almost any form of payment.
The new service includes a free app and fully
encrypted thumb-sized card reader, which turns any
iPhone, and soon Android smartphone, into a
mobile payment solution. With PayPal Here, small
businesses, service providers and casual sellers can
send invoices or accept debit and credit cards,
Smart Card & Identity News • March 2012
There is no monthly account or set-up fees,
merchants pay a simple flat rate of 2.7 percent for
card swipes and PayPal payments.
WHSmith Goes Contactless with
Streamline & Visa Europe
WHSmith has become the latest business in the UK
to go contactless in partnership with Streamline &
Visa Europe. The new contactless payment option
will initially be available in 46 major travel locations,
such as London Heathrow, Gatwick, Stansted and
Mainline Railway Stations across the UK. These
stores are expected to go live throughout Spring
2012.
Matt Rowsell, Chief Commercial Officer for
Streamline, said: "Contactless payments are ideally
suited to time-poor shoppers, such as those
travelling through busy rail and airport locations.
We're confident that contactless will enhance the
customer experience and reduce transaction times
in these very busy stores."
TransCard Announces NFC
Certification to Enable Contactless
Payments
TransCard is pleased to announce the completion
of contactless NFC certification for MasterCard
PayPass contactless payment transactions.
Craig Fuller, CEO of TransCard, stated, "We are
tremendously excited about the momentum in the
NFC universe and the growing interest in
contactless and mobile payments. We believe an
entire eco-system is developing around NFC
payments and TransCard is proud to be one of the
select group of prepaid processors that is
contactless certified."
Apple and Nokia Battle over Nano-
SIM Proposal
Apple and Motorola Mobility have locked horns
again, this time over the so called 'Nano-SIM'. The
new Nano-SIM is approximately 60% smaller than
the traditional SIM card.
13

Both have tabled their proposals to the European
Telecommunications Standards Institute (ETSI)
and await the decision on which card future
smartphones and tablets will use.
According to the Financial Times, "Apple has
applied to become the largest voting group in the
ETSI having registered six European subsidiaries to
become full members".
Nokia in turn has questioned "whether it is right
that one group of companies can obtain a high
amount of votes by filing multiple membership
application".
Google Wallet Struggles for Market
Place
It is being reported that Google Inc is considering
sharing revenue with carriers to encourage them to
embrace the new technology after a slow take up.
This month Google has seen to Jonathan Wall, one
of the original creators and Marc Freed-Finnegan
lead product manager for Google Wallet leave to
start their own mobile shopping business 'Tappmo
Inc'.
The mobile payment market has created scores of
competitors to Google, including ISIS a joint
venture of Verizon, AT&T and T-mobile which we
understand are nearing a launch date.
PayPal Launches the PayPal Access
Prepaid MasterCard
PayPal UK has launched a new payment card that
lets customers spend and withdraw money from
their PayPal account on the high street and
everywhere that MasterCard is accepted around the
world.
A PayPal Access Prepaid MasterCard holder who
receives a PayPal payment can spend or withdraw
the money straight away with the card - there's no
need to transfer it to a bank account. The card
holder has direct access to their available balance
and can manage their card online via a simple single
sign-in process.
Gilles Coccoli, Managing Director of PrePay
Solutions, adds: "The new card is a highly integrated
and innovative product that has been carefully
developed to meet the needs of PayPal customers.
The addition of the new MasterCard PayPass
technology is a first for PayPal in the United
Kingdom and gives users even greater
convenience."
Smart Card & Identity News • March 2012
Microsoft Joins Financial Services
Industry to Disrupt Massive Zeus
Cybercrime Operation
In its most complex effort to disrupt botnets to
date, Microsoft Corp., in collaboration with the
financial services industry - including the Financial
Services - Information Sharing and Analysis Centre
(FS-ISAC) and NACHA - The Electronic Payments
Association - as well as Kyrus Tech Inc., announced
it has successfully executed a coordinated global
action against some of the most notorious
cybercrime operations that fuel online fraud and
identity theft.
With this legal and technical action, a number of the
most harmful botnets using the Zeus family of
malware worldwide have been disrupted in an
unprecedented, proactive cross-industry action
against this cybercriminal organisation.
This disruption was made possible through a
successful pleading before the U.S. District Court
for the Eastern District of New York, which
allowed Microsoft and its partners to conduct a
coordinated seizure of command and control
servers running some of the worst known Zeus
botnets.
Because the botnet operators used Zeus to steal
victims' online banking credentials and transfer
stolen funds, FS-ISAC and NACHA joined
Microsoft as plaintiffs in the civil suit, and Kyrus
Tech Inc. served as a declarant in the case. Other
organisations, including F-Secure, also provided
supporting information for the case.
As a part of the operation, on March 23, Microsoft
and its co-plaintiffs, escorted by the U.S. Marshals,
seized command and control servers in two hosting
locations, Scranton, Pa., and Lombard, Ill., to seize
and preserve valuable data and virtual evidence
from the botnets for the case. Microsoft and its
partners took down two Internet Protocol
addresses behind the Zeus command and control
structure, and Microsoft is currently monitoring 800
domains secured in the operation, which are helping
identify thousands of computers infected by Zeus.
Nine Finalists Announced in NFC
Forum & WIMA's NFC Global
Competition 2012
The NFC Forum, a non-profit industry association
that advances the use of NFC technology, and
WIMA, a worldwide event dedicated to NFC
technology, announce the nine finalists in their Tap
Into Innovation: NFC Global Competition 2012.
14

Created to recognise the development and
deployment of innovative and exemplary NFC
solutions around the world, this year's competition
attracted three times as many entries as the previous
contest in 2010, showcasing the tremendous growth
and interest in NFC implementations.
A jury composed of senior professionals and
recognised experts from academia and industry
evaluated all entries and selected three finalists in
each of three categories, as follows.
Best Innovative Solution for the entry that uses
NFC technology in the most inventive way to
address a market, business, or consumer need:
SAi (Israel): Tag-a-Bag luggage tagging and
identification: TapThat Games LLC (USA):
TapThat game: XIUS (USA): MIT Active Poster
Cafeteria Ordering System
Best Business Viability for the entry that offers an
NFC solution with the most commercial potential:
Barclaycard (UK): Quick Tap contactless mobile
payment service: Korea Smart Card Co., Ltd.
(South Korea): Mobile T-money ticketing solution:
NXP Software (China): MediaTribe media sharing
Best User Experience for the solution that best
leverages the power, ease, and convenience of NFC
technology:
good2gether (USA): good2gether and Do Good
Badges for non-profit support: Korea Smart Card
Co., Ltd. (South Korea): Mobile T-money ticketing
solution: NXP Software (China): MediaTribe media
sharing.
Finalists are invited to the awards ceremony on
April 12, 2012 at WIMA in Monaco, where the
three first-place winners will be announced.
Digital Money Forum Celebrates 15
year Anniversary
Consult Hyperion has announced its popular
Digital Money Forum is celebrating its 15th year.
This year's annual event is taking place at the
America Square Conference Centre in London.
Guest speakers include representatives from the Bill
& Melinda Gates Foundation, Google, Bitcoin
Consultancy, Telefonica, Royal Canadian Mint,
Gartner, Barclaycard, Sky TV, University of
Cambridge, the Cabinet Office and more. The
Forum will be chaired once again by Dave Birch,
Director of Consult Hyperion.
"We're delighted to be celebrating the 15th
Anniversary of the Digital Money Forum this year,"
said Dave Birch, Chair of Digital Money Forum and
Director at Consult Hyperion. "As we've developed
the Forum over the years it has established a worldwide
reputation. Our fantastic sponsors have
allowed us to put on a great 15th Anniversary
Forum, and we're looking forward to hosting it for
many more years. I'd particularly like to thank Visa
Europe for their forward-looking support for the
Forum over many years."
Hirsch Identive Showcases NFC
"Mobile Touch to Open" at ISC
West
Hirsch Identive will demonstrate at ICS West a new
access solution that enables customers to use NFCenabled
mobile phones as secure credentials to
access their facilities.
The "Mobile Touch to Open" demonstration
leverages Hirsch Identive's powerful new
DIGI*Net access control platform, Velocity 3.5
management software and multiple NFC door
readers to provide an end-to-end NFC physical
access solution.
"Many of our customers have been assessing the
use of mobile phones as an alternative to traditional
access cards as a more convenient ID device," says
Stephen Healy, President and General Manager of
Hirsch Identive. "Our NFC 'Mobile Touch to
Open' solution demonstrates how customers can
augment or over time replace their traditional access
credentials with NFC-enabled smartphones,
lowering the cost of credential issuance and
improving security by reducing forgotten access
cards."
This year's Forum, sponsored by Visa Europe,
Monitise and Barclaycard, will cover topics
including identity and privacy in payments, mobile
payments, the future of money around the world,
and the relationship between financial and social
inclusion.
Smart Card & Identity News • March 2012
15

Indian GSM Phone Networks Fail to Meet
Basic Encryption Standards
Eli Hizkiyev
The recent revelations from an Indian company that it can ‘tumble’ and clone the
credentials of mobile phone SIM cards over the airwaves will make anyone in security
give a sigh. But when they hear that it is apparently because certain Indian GSM
carriers are using the A5/0 minimal encryption system on their cellular networks, then
the only response is frustration. Once again, we have to face the fact that GSM voice
calls can no longer be considered secure.
What adds insult to injury is that it appears that the Indian cellular networks are switching off most of their
encryption to ease the load on their networks.
The problem is that, even if A5/1 encryption is switched on, it can be cracked and facilitate eavesdropping - as
researcher Karsten Nohl and his team started demonstrating some 18 months ago. If the cellular networks only
use the more basic A5/0 encryption, it also becomes possible to clone SIM card identities and make calls
charged to the legitimate user's account.
What makes the Indian network issue relevant and concerning, is that many of the UK GSM carriers are also
hitting digital gridlock on their networks in city areas at peak time, raising the question as to whether they too are
lowering the encryption technology used on their calls to cope with the demand?
It is interesting to note that none of the Indian cellular carriers were prepared to comment on the report, despite
the news appearing in The Hindu newspaper, which has a circulation of 1.5 million amongst the English
language speakers of India, as well as a global audience via its web site of many millions more.
The problem for the carriers - as one of the researchers commented on in the report - is that the cracked calls
appear to be coming from the subscriber's number, so it's difficult to see how they can stop these calls, apart
from looking for excessive usage and/or calls to international/premium rate destinations that may be flagged as
suspicious or unusual.
The takeout from this story - and from previous reports of the A5/1 encryption system on GSM calls being
cracked - is to switch to using 3G cellular services when making business and/or sensitive calls. However, since
the A5/3 encryption mechanism used on 3G calls is a derivative of the MISTY Feistel crypto methodology - and
some carriers are reportedly lowering the level of encryption - there is a danger that the diluted 3G encryption
system can be cracked in a few hours, as was reported at the start of 2010 (http://bit.ly/xAOpeA).
The real bottom line is that cellular calls - in common with all wireless transmissions - are inherently less secure
than wired telephony, for the simple reason that the mobile device can only automatically authenticate itself over
the airwaves.
Put simply, this means that all of the data transmitted can also be eavesdropped by hackers who - if they are able
to crack the underlying encryption system, all variants of which have clearly been found to be wanting - can
monitor the data stream and eavesdrop on the voice plus data transmissions.
This Indian newspaper report raises a number of security questions on several fronts, and this is before we even
start to discuss the number of people using their smartphone for Internet banking...
Smart Card & Identity News • March 2012
16

World News In Brief
OTI Files Patent Infringement Suite
against T-Mobile
On Track Innovations Ltd. (OTI) announce the
filing of a patent infringement lawsuit alleging that
T-Mobile USA, Inc. sells NFC enabled phones that
infringe OTI's U.S. Patent No. 6,045,043.
NFC technology enables contactless payments with
mobile phones, loyalty programs, data mining, and
other applications. The lawsuit is pending in the
United States District Court for the Southern
District of New York, Case No. 12-CV-2224.
"We believe in the strength and value of our
intellectual property and have the resources to
protect it," said Oded Bashan, OTI Chairman and
CEO. "
We are also happy to provide innovative technology
and partner with others in the industry to facilitate
the growing future of contactless payments, data
capture, loyalty programs, and more."
Shipments of NFC-enabled
Handsets Reached 30 Million Units
in 2011
According to a new research report by Berg Insight,
global sales of handsets featuring NFC increased
ten-fold in 2011 to 30 million units. Growing at a
compound annual growth rate (CAGR) of 87.8
percent, shipments are forecasted to reach 700
million units in 2016.
The global rise in smartphone adoption is also
driving higher attach rates for other wireless
connectivity technologies in handsets including
GPS, Bluetooth and WLAN. These connectivity
technologies are already a standard feature on highend
smartphones and most medium- and low-end
models. Declining costs will also enable broader
integration in the feature phone segment that is
rapidly gaining smartphone-like functionality.
Watchdata Wins 2012 Asian Sesames
Award with SIMpass-SC
Watchdata Technologies has won the prestigious
Asian Sesames Award for the second time in three
years. It won this year with its breakthrough mobile
payment solution, called SIMpass-SC, which
transforms any existing mobile phone handset into
a full-function NFC device.
Smart Card & Identity News • March 2012
The SIMpass-SC technology embeds a secure
element, an active front end and an antenna into a
single dual-interface SIM card form factor,
providing one of the most elegant and practical
ways to deploy the widely accepted NFC
technology in mobile phone handsets in any
existing market, from highly developed urban
centres to the remotest locations on the planet,
even in regions with few banks and very poor
financial infrastructure.
"The SIMpass-SC solution is a significant
improvement in mobile payment technology, and
we feel privileged to help advance the frontiers of
knowledge in this market," said Michael Yu,
President of International Business at Watchdata.
NFC Forum and GlobalPlatform
Partner to Accelerate Deployment of
Interoperable NFC Solutions
GlobalPlatform has entered into a Memorandum of
Understanding (MoU) with the NFC Forum. The
partnership aims to harmonize specification activity
to support the development of interoperable, multiapplication
NFC-based mobile solutions in the
wider mobile services ecosystem, and to support
NFC Forum certification activities.
To accelerate the deployment of new mass market
NFC-based use cases, the NFC community and
wider mobile services sector must establish neutral,
sustainable and scalable infrastructures that support
secure communication between all stakeholders and
technology platforms. This new, formal partnership
will open up opportunities for innovative solutions
across multiple industries by leveraging the NFC
Forum's deep technical knowledge and extensive
library of NFC-based standards and GlobalPlatform
Specifications for managing contactless services,
which serve multiple actors and support several
business models.
NXP and HID Global Enable Mobile
Access for NFC Phones
NXP Semiconductors N.V. and HID Global
announce their collaboration to introduce a global,
generic Mobile Access solution for NFC-enabled
mobile phones. NFC enables the secure and
convenient sharing of information from one device
to another over short distances based upon existing
contactless standards, making it ideal for deploying
easy-to use mobile access control applications.
17

HID Global and NXP helped create the current
market for card-based physical access systems and
are now jointly moving these solutions to mobile
phones as NFC becomes a standard feature.
The contactless cards that employees use to enter
corporate buildings and parking garages can now be
transferred to an NFC-enabled phone storing digital
access credentials. The credentials are stored on
NXP's embedded Secure Element within the
handset and are presented by the mobile phone in a
manner that is compatible with access control
readers and systems. As the use of NFC smart
phones for access control becomes increasingly
more popular, consumers and enterprises can
expect the same high level of security with
improved convenience on a mobile device.
MasterCard Introduces New Tool
that Predicts the Potential for
eCommerce Fraud in Real Time
Ecommerce merchants have a new tool at their
disposal to help mitigate the risk of fraud in online
transactions, with MasterCard's introduction of
Expert Monitoring Fraud Scoring for Merchants.
The new tool enhances merchants' insight into card
behaviour beyond a merchant's website or a
cardholder's shopping cart. The service provides
merchants with a predictive fraud score for Card-
Not-Present transactions in real time to measure the
likelihood that a transaction is fraudulent. This is
done using fraud detection models designed
specifically for eCommerce merchants, which
uniquely enables merchants to evaluate a longer
span of transaction history to deliver a fraud score
that more accurately describes online cardholder
behaviour.
eCommerce merchants continue to face heavy
losses from fraudulent transactions. According to
the Lexis-Nexis 2011 True Cost of Fraud Study,
merchants incurred costs of more than $2.33 for
every $1 of fraud committed, absorbing more than
$102 billion in total losses in 2011. To lower their
risk in this space, eCommerce merchants utilize an
average of four to seven fraud detection solutions
to validate orders and identify fraudulent
transactions.
Accumulate and Potevio Signs
Agreement for Mobile Payment and
NFC Solutions in China
Accumulate and Potevio have signed an agreement
to cooperate, develop and deploy secure, innovative
and easy to use mobile financial and mobile in the
Smart Card & Identity News • March 2012
authentication services on the Chinese market.
Projects will include a unique NFC solution that
will have its first customer deployment before
summer this year. Other projects are in mobile
payments and a solution for secure payment of
utility bills.
"This agreement is a great milestone for
Accumulate and Accumulate Asia. We are already in
discussions with large players in the China financial
and telecom industry. So, soon new mobile
payment and mobile authentication services
projects, based on this cooperation, will be started",
says Kelei Wang, Managing Director of Accumulate
Asia Ltd.
Services developed and deployed under this
cooperation will support all major mobile platforms
including; Android, Blackberry, iPhone, Java and
Windows.
PrePay Solutions awarded European
Best Breakout Company of the Year
The leading prepaid services company in the UK
and Europe has been crowned Best Breakout
Company of the Year at the Paybefore Awards
Europe 2012, a major industry event.
PrePay Solutions is one of just 12 companies
honoured at the awards which took place at the
Gift Card, Gift Voucher and Reloadable Card
Summit.
Gilles Coccoli, Managing Director of PrePay
Solutions, commented: "This award is Europeanwide
recognition of our success in the industry, and
we are committed to remaining a leader in our field
with innovations in prepay."
Paybefore CEO Marilyn Bochicchio commented on
the awards: "The introduction of Paybefore Awards
Europe provides the opportunity for Paybefore to
specifically highlight businesses offering prepaid
products in Europe and to applaud their success in
addressing local market needs."
Iris ID Systems Announces
Interoperability Between Its'
IrisAccess Platform and NFC-
Enabled BlackBerry Smartphones
Iris ID Systems Inc. and HID Global announce
that the IrisAccess platform iCAM7000 can be used
with select NFC enabled BlackBerry 7 smartphones.
The BlackBerry Bold 9900/9930 smartphones
activated with HID Global's iCLASS digital
credentials will be compatible with the installed
base of iCLASS readers that are embedded
18

iCAM7000 series for applications ranging from
physical access systems in buildings to applications
that track time and attendance, and other identity
dependent applications.
Using a NFC-enabled BlackBerry smartphone, the
iris templates of a user are securely stored to an
iCLASS digital credential on the phone. That
credential can then be presented for authentication
by simply holding the NFC-enabled BlackBerry
smartphone in front of an iCAM7000 series iris
camera.
Andrew Bocking, VP Handheld Software Product
Management, at RIM, said, "Having added NFC
capabilities to a range of our BlackBerry 7
smartphones, we're excited to be able to support
the secure storage of an Iris ID biometric template
to an iCLASS credential. NFC enables smartphones
to become even smarter mobile computing
platforms, and this is another great example that
demonstrates the potential that NFC on mobile
devices brings to the physical access control space."
Pilot programs using BlackBerry smartphones
activated with iCLASS digital credentials and iris
identification are planned for later this year.
More than 100 million MULTOS
Chips Shipped in 2011
MULTOS technology providers saw a record
breaking 2011 with over 100 million chips being
delivered to customers in just one year, bringing the
current MULTOS issuance total to well in excess of
300 million cards, reports MAOSCO Ltd., the
Secretariat of The MULTOS Consortium.
MULTOS products are deployed in markets that
require the security, flexibility, ease of issuance and
open supply chain that are the hallmarks of the
MULTOS platform; especially suited to EMV
migration, government ID and embedded security
markets.
The 2011 results were predominantly related to the
significant uptake of MULTOS cards within the
banking industry for EMV migration, covering all
the global payment brands and now including
numerous local and regional ATM/debit card
schemes.
Dave Meadon, Chairman of The MULTOS
Consortium Council, comments "It has been a
phenomenal year for MULTOS. These 2011 results
show that MULTOS is recognised as a trusted
platform for the payments business around the
world. MULTOS' presence within the ID market
also remains strong with a number of fully
Smart Card & Identity News • March 2012
established National Identity implementations in
place.
As a growing group of organisations dedicated to
maintaining, developing and promoting MULTOS,
the MULTOS Consortium is committed to
ensuring that this platform continues to meet the
ever evolving needs of the payments, identity, and
other markets."
Western Union Advances with Cross-
Border Mobile Services
Western Union announced that the company now
has mobile money transfer agreements with a total
of 26 mobile wallet providers in 22 countries.
Twenty of these agreements are with mobile
network operators, collectively representing over
285 million subscribers, while the remaining six are
with banks and independents.
The company has already launched mobile money
transfer services in nine countries: Bangladesh,
Burkina Faso, Canada, Kenya, Madagascar,
Malaysia, the Philippines, Tanzania and the U.S.
"According to Gartner, mobile payment services are
expected to reach US$245 billion in value
worldwide by 2014," said Diane Scott, Chief
Marketing Officer and President, Western Union
Ventures.
Western Union also recently announced new
mobile service launches in Bangladesh with
Banglalink, Burkina Faso with Inova, and
Madagascar with Telma.
These three launches follow four new strategic
alliances announced this week at the Mobile World
Congress in Barcelona.
Smartcard News Subscription
Smart Card & Identity News is an independent
international newsletter. Our Key industry topics
are smartcards, biometrics, cryptography, identity
management, RFID, Mobile and payments.
Within these industries we cover technological
advances, security breaches, new products,
personnel changes, contracts and company takeovers.
We also include opinion pieces and technical
tutorials from the industry’s leading experts.
To subscribe please contact us on +44 (0)1903
734677 or email info@smartcard.co.uk,
subscription can also be purchased on Amazon by
searching for “Smart Card & Identity News”
19

Registration
Now Open
THE GLOBAL HUB FOR NEXT GENERATION
CITIZEN & GOVERNMENT ID SOLUTIONS
QUEEN ELIZABETH II CONFERENCE CENTRE, LONDON
CONFERENCE: 21–23 MAY 2012 | EXHIBITION: 22–23 MAY 2012
Security documents, border control, ePassports, eID,
registered traveller programmes, document design,
technology and anti-counterfeiting…
More than 100 companies exhibiting from around the world
Register to attend the exhibition for free, or book now for
preferential rates to attend the conference – The earlier you
book – the lower the rate!
Discounted rates for Government delegates – plus buy one
place and get the second half price
Lowest rate conference places for delegates from African,
Asian and South American nations
New for 2012: Document Examiners’ Forum – DocEx 2012
If Government and Citizen ID markets are your
business, SDW2012 has the answers…
www.sdw2012.com
Organised by: