The Bankwatch

Tracking the consumer evolution of financial services

Archive for the ‘Smart Cards’ Category

6 years is too long for elimination of mag strip debit cards

We were just hit today with a case of fraud that affected my family personally, and it just validates my view that the security of our payments networks is a problem being swept under the carpet.  Every day, all banks contact thousands of customers to cancel their debit card because it was or may have been compromised.  This is a well kept secret, and has not made mainstream press yet.

In our situation we actually were the card compromised, and I know enough about the card usage to narrow down the location of the compromise which is why this one worrys me.  The compromise took place at a merchant, either a restaurant or a sporting goods store.  No ATM was involved so the compromise had to be a parasite POS terminal.

In our case the criminals used an ATM to withdraw cash shortly afterwards.  Incidentally thanks to our Bank for picking up on this event within a few hours and dealing with it.


Chip migration offers hope but only after mag stripe is eliminated, and that is another 6 years off, even though chip cards are now being isued in 2009.  The entire POS terminal fleet in Canada could be replaced quickly if their was a will to do so.

Chip Migration plans | EMV Canada

Interac Association has established migration dates for cards and terminals. Complete card and ABM conversion is required by the end of 2012; complete point of sale (POS) conversion is required by the end of 2015. After 2015, Interac debit magnetic stripe transactions will no longer be accepted at devices in Canada.

and this from Interac

The chip transition timeline

Every Acquirer (or payment service provider) has its own timetable in place for providing chip terminals. In order to ensure a smooth transition, Interac Association has implemented final conversion deadlines that work within merchants’ normal business cycles, so that merchants will be able to transition to chip within the set timeline and with minimum impact.

  • Interac chip cards and terminals are already being rolled out across Canada.
  • Complete migration to chip technology will take several years and the timetable for the introduction of chip will vary from one financial institution, and one service provider to another.
  • All Automated Banking Machines (ABM), point-of-sale (POS) terminals and banking cards across Canada will be upgraded.
  • Magnetic stripe debit card transactions will no longer be accepted at ABMs after December 31, 2012.
  • Magnetic stripe transactions will no longer be accepted at POS after December 31, 2015.
  • Chip cards will continue to carry the magnetic stripe, not only to facilitate the chip transition period, but also to allow cardholders to use their debit cards in other countries that do not use chip technology.

Relevance to Bankwatch:

Chip cards are coming, but the timeline is unacceptably long, out of desire to keep merchants, acquirors and issuers costs down.

In Japan, debit has never taken off.  On the other hand Suica and Pasmo are very popular, and gaining outside the original use of train service only into convenience stores and other small purchase locations.  That includes beer, other alcohol, magazines and movie rentals.

The idea of leaving thousands of dollars in full view with a 4 digit number as the only key is insanity.

suica 250px-Suica

Suica is successful because its handy being a wireless swipe,  and low risk with small amounts stored.

Chip will introduce the security of a non copyable card (we hope), but the 6 year wait in Canada is going to be an unfortunate inconvenience for the thousands that are compromised and have to replace their cards.

Reaearch by Nobuyo Henderson

Written by Colin Henderson

June 20, 2009 at 20:35

Consumers still need convincing on smart cards

Fewer than half of consumers would  switch to smart cards according to a “survey” by  terminal makers Ingenico. They arrive at the conclusion based on surveying people using the cards.

There is an enormous gap between use of cards, and the benefits of the cards.  The simple truth is that people do not associate any benefits with the switch to the smarter cards.

Convenience to drive contactless uptake, but consumers still need convincing | finextra

Convenience, rather than security, will be the driving force behind the UK adopting new payment methods, according to a survey of 1000 British consumers conducted on behalf of Ingenico.

Written by Colin Henderson

February 15, 2009 at 23:04

The smart card olympics commence

The branding olympics are underway now. G&D announce they are supplying a commerative Olympic smart card for Chinese Banks.

Smart Cards for Olympics

The Bank of China and the China Everbright Bank are offering their customers special Visa Olympic-edition credit cards. China Mobile is marketing a gift box containing six prepaid telephone cards, which is the fourth set of commemorative cards for 2008 Beijing Olympic Games launched by China Mobile. The Olympic smart cards are supplied by Giesecke & Devrient (G&D), a leading provider of smart card solutions.

Written by Colin Henderson

June 5, 2008 at 11:56

Posted in Smart Cards

Holland – debit cards eating up smaller transactions

 Some stats from Linkdump indicating that debit cards are achieving scale in the smaller payments, that some had hoped stored value smart cards could achieve.

… the debit-card eats up the low value segment

Source: Linkdump on Payments: Debit card moves in on low-value payments


Technorati tags: , ,

Written by Colin Henderson

February 12, 2007 at 10:46

Posted in Smart Cards

Finextra: Bank of America begins contactless m-payments trial

This is a smart move by Bank of America to start testing contactless cell phone payment now.  This is a smart card in a cell phone.  Its quite prevalent now in Japan, but this is the first instance I am aware of in North America.  Many Customers will like this.

Around 500 staff at the bank’s offices in Wilmington, Delaware are expected to take part in the pilot and will use their mobile phones to pay for purchases at vending machines, in a cafeteria and at an internal convenience shop.

Source: Finextra: Bank of America begins contactless m-payments trial


Technorati tags: , ,

Written by Colin Henderson

November 5, 2006 at 22:24

Posted in Smart Cards

Did Barclays err in going with card readers for two-factor security?

In a follow up to the earlier announcement from Barclays, David on Zdnet questions if consumers will accept the solution.  I agree with that assessment.

» Did Barclays err in going with card readers for two-factor security? | Between the Lines |

Are you supposed to bring a bulky card reader with you everywhere you go? In contrast, RSA makes versions of its securID solution that fit on your keychain. Think I’m crazy about the sort of mobility that people want out of their online banking?

As I earlier noted:

Relevance to Bankwatch:
While this will buy some time, it remains to be seen if its a complete solution.  Meantime its an expensive gamble to issue and support the tokens.  The security infrastructure that supports the tokens is expensive.

There is a space for devices that support smart card authentication, and that provides clear ‘something you have’ characteristics.  But I remain convinced this is not a mass solution. 

Finally David notes an intersting anecdote from Target, the US retailer, and their failed attempt.

To boot, card reading solutions as a means for securing online transactions have not been met with consumer enthusiasm.  Way back in 2001, Target (the retailer) announced that it would be issuing card readers (like this Target-branded one on saleTarget-branded “smart Visa Cards” to help secure payments (card readers ensure that the end-user actually has a card as opposed to just the card number).  But, by 2004, the entire smart card program was failing so miserably that Target pulled the plug on the whole thing.

Technorati Tags: , ,

Written by Colin Henderson

August 9, 2006 at 17:24

Posted in Security, Smart Cards

Update on click fraud

Good article at Wired which describes the issue in clear detail. It goes on to conclude as I did earlier, that the real solution is participate in cost per action.

Wired News: Google’s Click-Fraud Crackdown

Google is testing a new advertising model to deal with click fraud: cost-per-action ads. Advertisers don’t pay unless the customer performs a certain action: buys a product, fills out a survey, whatever.It’s a hard model to make work — Google would become more of a partner in the final sale instead of an indifferent displayer of advertising — but it’s the right security response to click fraud: Change the rules of the game so that click fraud doesn’t matter.

Technorati Tags: , ,

Written by Colin Henderson

July 13, 2006 at 19:01

Posted in Marketing, Smart Cards

Smart Card Group Tackling Contactless EMV

US, which has resisted adoption of smart cards/ chip cards, may win out with the potential to go straight to contactless cards.  The rest of the world will be left with expensive old style “dip” acquiring terminals, and ATM’s.

Card Technology, The Smart Card News Source

Representatives from EMVCo., the organization that maintains the standard, are meeting in Japan to better define the business requirements for a global standard covering contactless payments made with EMV-compliant cards.

“We’re hoping to have a fully stable position by the end of this year,” Simon Pugh, senior vice president of MasterCard Worldwide’s advanced payment solutions unit and a member of EMVCo.’s board of managers, tells Card Technology

Relevance to Bankwatch:
Given the scale of investment in the rest of the world, its unclear what the impacts of a shift to contactless will be.  But consumers will much prefer the option, when they recognise the speed, and convenience differential of contactless.

Technorati Tags: , ,

Written by Colin Henderson

July 13, 2006 at 18:14

Posted in Smart Cards

More on contactless and mobile chip evolution

If you need to know where this is all going, then look to Japan & South Korea.

Japan, South Korea lead world in contactless payments : Contactless News

In Japan, FeliCa has created innovative businesses such as Suica (East Japan Railways’ transit card) and Edy (BitWallet’s e-money service), through which credit card and financial services, transportation and mobile service companies have aggressively adopted FeliCa-based smartcard payment solutions.

Furthermore, FeliCa has been installed in mobile handsets, so called ‘Osaifu-Keitai’ and ‘Mobile FeliCa’, allowing them to be used in a wide variety of contexts: as credit card, pre-paid e-money, transit card, and as identification for entrance management.

Read the rest of this entry »

Written by Colin Henderson

May 26, 2006 at 17:40

Just when we thought we had chip cards figured out … doh!!

Every bank is somewhere on the pace of conversion to chip /smart cards, even if they are just thinking about it.  Well, we had better be including the conversion to contactless in that plan as phase 2, and using a cell phone as phase 3;  according to ABI Research and others I have seen lately.

Contactless Payment To Shift from Cards to Cell Phones, Says ABI Research | Tekrati Research News

“Contactless commerce is on a steep growth curve, but cards are only an intermediate step,” says Erik Michielsen, director of ABI Research’s RFID and M2M practice. “By 2010, more than 50% of cellular handsets–some 500 million units–will incorporate NFC capabilities that will be used not only for payments at points of sale and remotely, but also to access information from ‘smart objects.’

Imagine, for example, seeing a poster advertising a concert you want to attend. Hold your phone near the poster, and it connects you to a website where you buy your tickets, download them to the phone, and tap the phone at the turnstile to enter the show.”

Relevance to Bankwatch:
Its probably true that most banks have the chip card strategy in the ATM group, but it would be a mistake to exclude your technology strategists, and online banking people who probably see more of where this is really going.  Most are basing their chip strategy on fraud reduction.  The real meat, and consumer expectation will be more of a mobile / wireless / ecommerce play.

Technorati Tags: , ,

Written by Colin Henderson

May 26, 2006 at 17:33

%d bloggers like this: