Re: floppy drive SCRs (was IP: Smart Cards with Chips encouraged)

[Rachel Willmer]

 I predict the floppy smart card reader will be a dumb flop. Here's why:

Here's another one. These things are driven from watch batteries, rather
than from the computer's mains power.

There is at least one digital cash smartcard which draws sufficient
power that the battery life just isn't up to reasonable usage. I did a
US trip two and a half years ago (omigod, is it really that long ago...)
demonstrating our Mondex Internet payment software using a Fischer
Smarty as the SCR on my laptop, and discovered fairly quickly that we
needed to replace the battery every day to be sure of finishing the demo
with some battery life left. 

So, I am a huge fan of Mondex for Internet cash usage, as everyone who
knows me knows, but the combination of Mondex and a battery driven SCR
would probably not prove satisfactory for reliable usage. 

(Caveat: haven't checked up on currently available hardware, there may
be a mains driven floppy SCR available now or in the offing...)

On the other hand, I have found an easier acceptance of the idea of
smart card usage when I show one of the floppy SCRs to a potential user
rather than a serial port or USB, just because it *looks* familiar.

And as an aside, I'm not entirely convinced that the choice of the name
"Mr. Floppy" was a good one (which is what the Fischer Smarty sells as
in Asia)

:-)

Rachel

Re: Why smartcards? (was IP: Smart Cards with Chips encouraged)

[Rachel Willmer]

Arnold Reinhold wrote:

 And what is the value proposition for the consumer? SSL works swell.

This is true iff :

(1) the consumer is an adult who has a credit card

(2) the consumer is content that the transaction is traceable through
their credit card statement

(3) the consumer is happy to pay the extra cost needed to cover the cost
of the credit card hierarchy (which may be hidden in the ticket price
but most certainly is there when the merchant calculates the selling
price as he considers the cost to him of the credit card charges,
potential chargebacks, insurance against chargebacks, etc)

(4) the consumer wants to spend money with a merchant who is able to get
a merchant account with a credit card processor (this is a real problem
over here in the UK)

or

(5) the consumer wants to exchange money with a merchant rather than a
friend 

In short, for the commerce model we have today (essentially the old mail
order metaphor taken online), SSL and credit cards works just fine.

For tomorrow's other commerce models, you need (and will have) digital
cash smartcards, loyalty smartcards, identification smartcards (probably
all on the same card). SSL doesn't provide a solution for everything.

Rachel

PS I'm considering starting a new mailing list to look at smartcards on
the Internet - would anyone find this interesting/useful ? the list that
this email is getting forwarded to seems rather large...

Re: IP: Smart Cards with Chips encouraged

[Steven M. Bellovin]

In message v04210104b40d7088a106@[24.218.56.100], Arnold Reinhold writes:

 And what is the value proposition for the consumer? SSL works swell.

Bingo.  Consumers will adopt this if and only if cost savings are passed on to 
them, which in turn can only happen if the credit card companies (a) see a 
reduction in fraud or other decrease in their costs, and (b) pass those 
reductions on to the merchant.

--Steve Bellovin

IP: Smart Cards with Chips encouraged

[Robert Hettinga]

I remember Ian, Adam, someone else and I talking about the 
card-in-a-floppy thing at CFP '96.

Soulda, woulda, coulda, and all that...

Cheers,
RAH

--- begin forwarded text


From: [EMAIL PROTECTED]
Date: Mon, 20 Sep 1999 08:50:44 -0500
To: [EMAIL PROTECTED]
Subject: IP: Smart Cards with Chips encouraged
Cc: [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]

Source:  New York Times
http://www.nytimes.com/library/tech/99/09/cyber/commerce/20commerce.html

September 20, 1999

By BOB TEDESCHI

New Hardware Could Help Web Merchants Cut Fraud

Credit card companies love the Internet, since they pocket a share of most
e-commerce transactions. But like everything in the world of revolving
credit, that love has limits. Stolen cards used to make purchases online,
in particular, cost credit card issuers millions each year -- pushing the
price of doing business on the Web higher for banks, merchants and,
ultimately, users.

So even as the major credit card companies and the banks that issue those
cards explore ways to build Internet market share, they are also looking
for creative ways to limit fraud.

The recent launch of the American Express blue card, which comes with an
embedded computer chip, is an example of both efforts. Since the card's
chip can access a user's personal information, it will eliminate the hassle
of typing in that data in every Web purchase -- and, American Express
hopes, encourage people to use  its card. At the same time, the chip limits
the fraud by guaranteeing the shopper's identity and offering greater
protection to the buyer's information during the transaction.

The key to these features is a piece of computer hardware that, until now,
has been foreign to the desktop: a credit card reading device. Starting in
November, blue card owners will be able to obtain such a device, which they
will be able to plug into their PC's, enabling them to swipe the card at
home much like a sales clerk would at a retail store.

Other credit card issuers are exploring similar technologies. One company
that makes a card-reading device for personal computers, UTM Systems,
recently announced that four major U.S. banks affiliated with both Visa and
Mastercard International will begin distributing its system free to
consumers before the end of the year. UTM's founder and chief executive,
Robert Lee, declined to name the banks, but said they served "well over 10
million customers."

The device, which costs the card issuers $6 a unit, is simple. When a user
is ready to make an online purchase, the credit or debit card is placed in
the UTM card reader, which is inserted into a floppy disk drive. A small
window then appears on screen, asks for a personal identification number
and sends the encrypted information to the retail site. When the
transaction is complete, the window disappears.

David Robertson, president of the Nilson Report, a credit card industry
newsletter, predicted that credit card companies would be aggressive in
spreading such technologies. "American Express is the first, but you'll see
everyone start to do this by the end of the first quarter of next year," he
said. "It's inevitable."

From the standpoint of fraud prevention, card issuers have great incentive
to promote the devices, he said. Issuers lose roughly 8 cents for every
$100 in online sales to fraudulent card use -- "slightly higher than the
market at large, but it's growing," Robertson said.

"The industry has been fabulously successful at pushing fraud down in
general," he added. "But that just highlights the liability associated with
the Internet."

Which is not to say that Visa, American Express and Mastercard are stepping
lightly into the electronic frontier. Each has begun major Internet-related
advertising efforts, of which Visa's is the most aggressive. According to
the Nilson Report, 59 percent of Internet credit card purchases are made
with Visa, 28 percent with Mastercard and 12 percent with American Express.
Off line, Visa has a 51 percent share, compared with 25 percent for
Mastercard and 17 percent for American Express.

In part, the success of PC-based credit card readers hinges on how secure
consumers feel about credit card transactions on the Web. While such
devices in fact provide users more security than typical Internet
transactions, surveys indicate that consumers are less concerned about
entering their credit card data online than they used to be. One recent
survey by Navidec, a consulting firm, indicated that 21 percent of Internet
users worry about credit card security during transactions, about half the
number that expressed such concerns in 1997.

However, Paul Hughes, an analyst with the Yankee Group consulting firm,
says that new Internet users might warm to these devices, given the
trepidation with which many still approach online shopping in general.
"That said, the credit card companies are going to have to do some c