A combined EMV and ID card ---------------------------------- In Sweden banks are gearing up (in "bank-speed"...) for issuing combined EMV and ID-cards. The reason behind that is to reuse the card infrastructure as well as due to the fact that banks already are ID-issuers. This system apparently already exists in Norway although not in electronic form yet.
Technically I see no difficulties with this, but my (open) question is if this should be considered as a short-term "fix" or a viable long-term scheme even on a global scale. Personally I have some problems with mixing an "account" which is a potentially sharable resource, with an "ID" which is not legal to share with others, as well as a nuisance to be without. That is, if I let my kids pay for something on the Internet, I will using a "combo" card give them a "passport" to possibly a myriad of other things as well. To have different PIN-codes may be a possibility but most people don't appreciate multiple PIN-codes. I am one of them :-) Currently this is "theory" as EMV on the Internet is still mostly a dream. ID on the other hand is for real. Regarding Internet-payments, it seems that you long-term, rather would give other valid [and properly authenticated] users of an account, an "entitlement" to perform certain payments using 3D Secure-like schemes instead of requesting credit cards for your kids (or employees). Because then, You, the account owner can administer and monitor account sharing yourself in the on-line bank holding the account. Probably, banks will find this idea slightly "challenging", but it is indeed a logical next step. It looks to me that the need for secure IDs is much bigger than the need for secure "payment-tokens" if we restrict the scope to Internet-payments. Just my 0.2 EUR Anders Rundgren Consultant, PKI & e-Business +46 70 - 627 74 37
