Chapter 21: Electronic Payment Methods Through Smart Cards

“Crito, I owe a cock to Asclepius; will you remember to pay the debt?”

—Socrates (470–399 B.C.)

Overview

The electronic payment card has been in existence for many years. It started in the form of a card embossed with details of the cardholder (account number, name, expiration date), which could be used at a point of sale to purchase goods or services. The magnetic stripe was soon introduced as a means of holding more data than was possible by embossing alone. The magnetic stripe also allowed cardholder details to be read electronically in a suitable terminal, so that checks could be made with little or no human intervention about the cardholder’s creditworthiness or whether the card had been reported lost or stolen.

Card technology has advanced over the years to keep ahead of the worldwide increase in card-related crime. As the criminal fraternity found ways of producing sufficiently good counterfeit cards, the card companies introduced new ways of combating the problem. A succession of antifraud measures have been introduced over the years, such as the hologram, the Card Verification Value (CVV, a value stored on the magnetic stripe that can be used to determine if a card has been produced illicitly), and in some cases, photographs of the cardholder^[2].

Magnetic stripe cards have now been developed to the point where there is little or no further scope for introducing more anticrime measures. This has caused the card associations to look at new technologies to take the plastic card well into the twenty-first century. One technology that offers many benefits is the smart card—essentially, a small computer chip embedded into a plastic card with the same dimensions as the magnetic stripe card. The only difference the cardholder sees is a small metal area on the face of the card that contains a set of electrical contacts through which the chip can be accessed.

From the anticrime perspective, there are a number of benefits in adopting the smart card. The card itself (or in conjunction with the terminal) can make decisions about whether or not a transaction can take place. Secret values can be stored on the card that are not accessible to the outside world—allowing, for example, the card to check the cardholder’s PIN without having to go online to the card issuer’s host system. Also, there is the possibility of modifying the way the card works, while it is inserted in a point-of-sale terminal—even to the point of blocking the card from further transactions if it has been reported lost or stolen.

As well as these antifraud measures, the smart card is seen as offering a number of other benefits to the card issuer and cardholder. These additional benefits are an integral part of building the business case for introducing smart card technology. Some of the other benefits of introducing smart cards are:

• The ability to have more than one payment application resident on the card. For example, a card could contain an “electronic purse” to provide the equivalent of cash, usually for lower-value transactions, such as parking, tickets, newspapers, and so forth.

• The ability to have other applications, such as loyalty schemes, and access to information facilities (libraries) coresident on the card.

• The possibility of reducing online validation costs by allowing the card to operate offline more of the time.

There are many issues to be resolved before such all-embracing cards become commonplace, the most obvious ones being who owns the card and who controls which applications can be loaded or deleted. Today, the banks are interested mainly in providing payment-related services to their customers and most of the current activity surrounding the provision of smart card-based credit/debit services—sometimes with an additional electronic purse facility.

^[2]Vacca, John R., Identity Theft, Prentice Hall PTR, 2003.