Monday, December 20, 2010

Has NFC Got A Little Closer This X-mas?

It hardly seems possible but the end of the year is upon us once again. Those of you in the UK will know what I mean when I say we are all looking forward to a White Xmas….

This month NFC is hot on the table again with the latest news of the Samsung Android phone with NFC built in. I’ve looked back through my notes and discovered we’ve been saying this for the last 8 or 9 years, the NFC bit, not the Android which has appeared very suddenly and is already zooming up the charts in the smart phone world. Who would want to be in the shoes of Nokia with both NFC and Android to worry about? If one were to have a Xmas punt it would probably be the thought of Nokia giving up on Symbian now exclusively theirs with all the other smart phone manufacturers (except Apple and Blackberry of course) moving over to Google’s Android smart phone offering.

So has NFC got a little closer, will it go zooming up the charts like Android? Well there can be no doubt that there has been a lot going on in the background and all the major players including Apple and RIM (Blackberry) making sweet noises about their support for NFC. However I am reminded of those heady days in the late 80’s when we were all convinced that the world was going to be flooded with smart cards. Our own publication started in 1992 because we knew that smart cards were going to be the new technology revolution for every application you could possibly imagine and of course all financial payment cards were going to have a chip in them.
I would be the first to admit that I didn't see it coming, those early mobile phones, did somebody say they were portable? How big a battery pack can you carry on your back? In fact originally they were promoted for in car use where you have a mighty big battery to call on. How wrong can you get, who would have imagined in 1990 that by the end of the decade children would be taking a mobile phone with them to school.

Suddenly smart cards took off largely in the form of mobile phone SIM cards and about a decade later the banks followed along with the now well known chip and PIN, the rest of course is history.

So here’s the thing what’s going to make NFC take off? For those enthusiasts who would want to assure me that very soon every phone will have NFC I would remind them that every phone had Bluetooth long before anybody really started using it and even now it’s very much a minimal application probably because of the drain on the battery. Just for the record I actually don’t think we are going to see NFC in every phone for some time to come but let’s go the other way and try to see where the tipping point might be.

For years everybody said it was payments, NFC was going to be the way to do contactless payments on your mobile phone but if you think about it in most retail environments it doesn’t really make a difference. If the value of the payment is high enough to need a PIN, £10 or £20 wherever the risk limits are set then you are most likely to use the contact interface anyway. For low value payments without a PIN such as mass transit well then yes, contactless is the way to go but will you use your phone? We’ve talked about it before but there is also the issue of user convenience. Is it easier to get out your phone, select the payment application (I need convincing on the viability of defaults) and wave your phone or is it easier to just get the contactless card out of your pocket? Do we really want to have everything on our phone or might we just like a little bit of variety, a sort of back up you might imagine. I admit this quietly but I also have a few problems with the phone being charged, just at the wrong moment the battery seems to go flat. Am I unique in this?

Well for me the case for NFC in unproven, not the technology you understand, I wouldn’t dare argue about that but what is the killer application? Many argue that it won’t just be one application but instead the richness of a number of applications. You can call me old fashioned if you like although I Twitter with the best of them, but for me there has to be ‘The Application’ and as of Xmas 2010 I can’t see what it is.

Happy Xmas to all our readers and best wishes for a happy and prosperous New Year.

Patsy.

Thursday, November 18, 2010

CARTES Calling...

Cartes 2010 is now upon us and you can’t help thinking about the years gone by. Several people have told me that this year they are not sure if they are going. It’s a mature market and most companies are trying to keep the expenses down, if you’re coming from the USA then it’s not an insignificant cost.

In the early days of Cartes it was exciting because there would always be something new and often inspirational but in more recent years you knew before you got there what you were going to see. Now is this because we are so much better informed through the internet or is it that there really isn’t anything that new. This is going to be my mission for 2010 to find something new and exciting, it’s a bit like the projects they give on ‘The Apprentice’ a UK BBC program designed to find a new recruit for Lord Alan Sugar’s business empire. The potentials on the TV usually screw up and it’s fun to watch so I’ll try and do a little better, at least I’ll listen to what people have to say.

But of course that’s not the main reason for going, it’s really all about meeting friends new and old to chat about what’s happening in the industry. I guess from our stable we’re still quite intrigued by NFC, will it end up in every phone, will Apple adopt NFC? We hear so much talk about stickers (i.e. contactless labels) that you attach to the back of your phone to do payments. Everybody seems to see it as an intermediate step on the way to full NFC, call me dumb but I can’t see it, I’d just as soon have a contactless card in my purse. Anyway we shall be there as always to wrestle with these issues in the bar, please feel free to join us.

Oh and I forgot to mention it but at the moment there are no strikes with the RER in Paris forecast for the duration of the show, that will be a change, a normal Metro service to the exhibition.

Our lead article this month is all about the competition in smart mobile phones between the main operating systems including the latest rumours about Apple and Gemalto working on a super SIM. This is to allow users to make their choice of network operator when they buy their phone (or iPad). The suggestion is that the SIM might not be removable it could even be a virtual SIM buried in the memory of the iPhone although the security experts have told me that is unlikely because somewhere you need to securely manage the cryptographic keys that authenticate your phone for billing purposes.

So here’s the thought, how much do you value the removable SIM that can be changed from phone to phone? Of course in the early days everything was stored in the SIM card including your SMS messages and contact lists. Today most of it goes into the phone memory so the SIM plays a small role in the applications. I know we have SIM Toolkit but does anybody use it?

The next problem of course is that the phone is usually locked to the network operator that has subsidised the purchase of the phone so although you can change phones, changing operator is more bother.

Technically I’m assured that you could have a chip built into the phone and it could be configured over the air waves. Now what would that do for the business profile of the likes of Gemalto and Oberthur Card Systems? I wouldn’t dismiss it Apple seem to be hovering in an area that could lead to just that….

See you at Cartes.

Thursday, October 28, 2010

USBs, SIM Cards and Memory Cards: Different Standards, Different Formats

Is it just me that gets confused? What I can’t understand is standards, well what I mean is why do I need so many? Just take charging up your mobile phone they all look so different. Don’t worry I’ve been told there is a new standard based on micro USB or is it mini USB? I do pride myself on having reasonably modern phones and I can assure you the charging pods are all different. The reason for the annoyance, you know there is going to be one and that being that I took the wrong charger for my phone on holiday. They all look the same and the difference between mini and micro USB is for the electronics buffs amongst you. Why can’t I have colour coded plugs, blue for mini and red for micro, well that’s what my mother used to say about dresses anyway? Something about red for danger apparently.

Now it doesn’t stop there because the joy carries on with memory cards, just about every device I have seems to have a different format for the memory card. It’s hard to believe there are so many, I really don’t know what they all are but my card reader boasts of being a 19 in 1 card reader, I’m not going to bother you with the names because I don’t think I could tell one from the other. All I know is that when I take the memory card out of the camera I go round each slot in the reader until I find one that it fits. It sounds horrendous but does anybody do anything different?


Closer to home I have been totally bemused by mini and micro SIM cards. The other half impatient to the end clutching an iPhone 4 in one hand and an iPad in the other has entered the world of micro SIMs. Now we could all get bored about how many people ever used a full sized credit card for a phone SIM, I thought I was old enough but I certainly don’t remember them. In fact a SIM card was a SIM card, who ever called them a mini SIM? But anyway we now have the micro SIM. And of course you can’t change it from phone to phone or iPad to phone and all the other combinations you can think of unless they are all the latest models from Apple.


This may not be a problem you might think? Well the holiday was a technological extravaganza because the back fell off his iPhone 4. It looks like it never had the two bottom case screws inserted but according to O2 it’s now a write off as uneconomical to repair. Can you believe that, 2 miniature screws or micro screws or what have you and they’re more expensive to put in than the £430 O2 have demanded for a replacement phone? Apparently we’re off to Maplins this weekend to buy some of these screws for a DIY repair. I hope there aren’t too many standards involved here. I’d hate to think that two screws that look the same are totally different.


Anyway the fun didn’t stop there, the Channel Islands (Jersey in our case) are interesting and recommended to all for a few days at least (I never realised the average rainfall is 16 days per month, it makes the UK seem positively dry) but the Island is devoid of Wi-Fi (except in St Helier but that’s a permanent traffic jam) you really are dependent on your mobile broadband. There was a good 3G signal all round the Island but that doesn’t help you when you can’t carry your phone around and apparently it’s difficult to stick it together with sticky tape when you’ve only got a touch screen. So here we are, buy a disposable phone and pop the SIM card in it. I can still remember the look on the guys face in the mobile phone shop (only in St Helier of course) when he looked at the micro SIM, you would have thought it could only have come from Dr Who’s Tardis. So you can’t easily buy mobile phones that use a micro SIM and surprise number 2 was that if you have a UK pay as you go SIM you can’t have cellular data in the Channel Islands. Apparently the islands are foreign territory although Wikipedia thinks they are a Crown protectorate. Apparently the only way you can have cellular data in foreign lands and the Channel Islands is to have a contract SIM – just make sure it’s not a micro SIM unless you have a spare phone with a micro SIM socket. Perhaps we could have adaptors, a 19 in 1 do everything – just joking.


Don’t forget, Paris strikes permitting that Cartes 2010 is just around the corner for 7th to 9th of December.


Patsy.

Thursday, September 30, 2010

Is Virtual World The Latest Crime Centre?

This month there was a magnificent article in the Guardian by Josh Klein entitled ‘Coins of the online realm’ http://www.guardian.co.uk/commentisfree/2010/sep/21/internet-computing it was particularly interesting to me because it raised two important issues,

  • The virtual economy (for swords, laser guns, and even virtual flowers)
  • Identity, Authentication and Reputation in the virtual world

I have long puzzled over internet games and their virtual armaments and even more at the thoughts of buying virtual guns with real money but this is a serious economy worth some $5bn today (this is just an estimate because nobody really knows the exact size but what everybody does agree is that it is already billions, $1bn in South Korea alone) and still accelerating.

Now I’m not going to get hung up on the exact size of this virtual economy but if we accept it’s in the $billions what does that suggest to you? Yes, it’s crime, where there is money the criminal will not be far away. What’s the old saying, if you’re looking for the crooks then follow the money.

Now I’ve always been bemused by how many €500 euro notes you can stuff into a cornflakes packet, apparently some €300,000 or at least that was what they found when they captured Eftychia Symeonidoy who stood outside a London apartment, casually holding the box under her arm. Part of a 13 strong money laundering gang offering a service to the UK criminal underworld they were caught by the HMRC and were duly prosecuted and jailed. The article http://news.bbc.co.uk/1/hi/8678979.stm goes on to describe the problems of moving money when in its £20 note form compared with the €500 note form. Just for those that can’t wait, £1million in 20 pound notes would weigh some 50 Kg while the same amount in €500 notes would only weigh about 2Kg. Apparently these guys were handling between £1million and £4 million per month.

But now the world has changed, who needs to stuff cornflake boxes when you have got virtual cash? Why not move money around in the form of Linden dollars (from ‘Second Life’) or perhaps in the form of virtual spaceships, there can be no bounds to the imagination. I would just offer a little note of caution to those thinking about a career change, don’t forget you have to get the money in and out of the virtual system which in general is regulated (read monitored). Of course you could continue your life totally within the virtual world of ‘Second Life’ or similar, perhaps the crims will no longer feel the need to move to the South of Spain, they could set it all up in their back bedroom with sun lamps.

Anyway on to the other issue of who you are in this virtual world, what is your persona? Now the interesting thing here is that on the internet in general people like to be anonymous. Visit the crime centre of the virtual world (its called eBay) and you will struggle to identify any of the players, sellers and bidders alike. The way that all these virtual environments work is on authenticated pseudonyms, you are dealing with some constructed user name or email address. When you trade you do so based on the reputation of the handle being used by the participants. Does this matter, well yes it does because your legal redress is more difficult and in the case of eBay we know that PayPal (now owned by eBay) spends most of its time (I’ve heard as much as 80%) resolving disputes. I can’t see that people are going to start using identities on the internet so what is currently missing is an accepted way of handling reputations that can be locked to an internet persona. We have so far to go, did you know you can’t leave negative feedback on eBay and of course the practiced fraudsters artificially set up a reputation before they have their fleecing spree.

I must admit I do shop on ebay but nervously and never for high value goods.

Patsy

Monday, August 30, 2010

Is Your Password Easily Accessible?

Is it just me or do other people have problems with passwords? One of the side effects of the internet is that we now need a vast array of passwords to access the different sites from Amazon to PayPal and everything in between.

Now here’s the thing can you have one password for accessing all these different sites? Of course not, can’t you hear the security experts screaming in your ear but actually you really don’t want that many. I have a simple strategy that I don’t mind sharing with you, there is the very secure password for the bank and PayPal and then there is the floppy password for all those sites that really don’t matter. If you can break into my wine account (no credit card stored) and change my preferences then frankly I really don’t care.

However you know what I’m about to say, real life is not like this. All these different web sites have different password strategies, no less than 8 characters, must have a number, must have a non alpha/number character, must be numeric only, it goes on and on. Well just last week I met the ultimate condition, no consecutive numbers, even just 2, up or down. Now I think my brain is starting to hurt, what nutcase decided that? In any random sequence of numbers there are bound to be consecutive numbers in one direction or the other, for my mathematical friends what are the odds in a sequence of 8 digits that at least 2 digits are consecutive? So of course you end up having to write them down, somewhere that you can lay your hands on in a hurry.

In the old days we all used to carry around those little booklet things called diaries, but now relegated to the museum we have electronic diaries in the form of mobile phones. Do you remember the Palm Pilot? Oh I felt so up to date when I first got one of those but now it’s the iPhone (just wanted to drop that in, it’s only the iPhone 3, you can guess who’s upgraded to iPhone 4).

I wouldn’t want my phone to be stolen, it stores far too much personal data. Probably all the data should be encrypted which is of course only as good as the password. But very few people seem to have their phones in encrypted mode?

Anyway all this came to mind this week when reading about the iTunes and PayPal hack with lots of people complaining about having their PayPal accounts emptied. There is not absolute clarity on exactly what has happened but the stories seem to be consistent that the hack has happened through iTunes and that somehow the fraudsters have managed to get hold of a number of iTunes account details/passwords and have then gone around doing loads of downloads funded through iTunes against PayPal. Both PayPal and iTunes have denied their systems are broken, PayPal has specifically stated that they are unaware of any account breaches on their system. iTunes have been a little more cautious suggesting that if your password has been stolen you should change it right away. Others have suggested that maybe the iTunes users were subject to some Phishing scam that resulted in the loss of their account details including the password.

Now what ever happened to 2-Factor Authentication? Just a few years ago it was on everybody’s lips it was only a matter of time before we would all be carrying a smart card or token that acted to give us secure authentication into whatever sites we were registered. It’s all gone quiet and yet the problems with passwords have never been more rampant. Just think about it, one smart card or token, one password for access to the smart card and hey presto you can log in securely to any web site. But more to the point the hacker without access to your smart card and password is permanently locked out, no more Phishing!

Am I missing something here?

Patsy

Tuesday, August 3, 2010

Is making Payments on the Internet Safe and Secure?

I couldn't help but chuckle reading in the paper today about the unemployed lorry driver who sold the Ritz hotel in London for £250 million when it's worth two or three times that price. He was so successful that he even managed to get £1 million popped into his bank account before the fraud was discovered.

Remember the old saying that if it sounds too good to be true it probably isn't so good! You can't help wonder about the people who are duped by such offers, are they not perhaps just as dishonest as the fraudster in thinking they can make a quick buck to somebody's disadvantage.

So how does this work in the antiques trade? If I pop into a shop with an old plate from mother's collection and get offered £300 to hear later that it was worth £100,000 who is wrong? Is an antique dealer obliged to pay the potential market value for which of course he is on risk? He might have made a mistake or an expert further down the road might throw it out as a copy. How would you mark his reputation? Arguably you could say he is paying you what it is worth to him at that moment in time, is he obliged to tell you it might be worth £100K?

And what happens if you are an expert and see some artefact in a shop marked up for $50 that you know is worth $50,000, should you tell the shop keeper about his error? Perhaps I'll cause an uproar here but it seems to me that many antique collectors are out to discover just such an opportunity.


So down to basics, what happens if you get given a £1 coin that you subsequently discover is a counterfeit? We have been hearing this month that 1 in 36 £1 coins in circulation are counterfeit. Now I'm sure you all know that as soon as a coin accepted in good faith is found to be counterfeit, it is immediately rendered worthless. Attempting to pass it on is an offence.

I'm sure we all hand our counterfeit coins in to the bank so that they are taken out of circulation. I still remember as a youngster getting foreign coins in change and not being too excited about it when discovered. Not me of course but some of my friends developed an art for passing them on undetected to the next person.

Now I'm not setting out to cause any unnecessary guilt complexes but only want to raise some fundamental issues of today’s society and it's all about reputation and trust which are closely related. So in our previous scenarios do we trust antique dealers and what is their average reputation? Of course they are going to differ but how can I tell the reputation of a particular individual?

Now imagine the same antique dealer going to his bank for a loan, can the bank trust him (or her)? The basis of trust and reputation are really quite different, you could be very good at spotting a bargain making large profits but particularly bad at repaying loans. So the bank is only interested in your reputation in that one area and that's not straightforward because your reputation can change overnight, an unforeseen event perhaps (maybe somebody has defrauded you) and you can no longer pay your bills.

You may be wondering where all this is leading, well dear subscribers lets enter the wild, wild, West or to put it another way the internet. Here the system of reputation and trust is even more on trial. Last week a friend was telling me about her experiences on an on-line dating site, she met up with a great guy and they seemed to have so much in common and then out of the blue came the call for money. The details don't matter but this is really common and many innocent people are robbed of all their savings.

We all do it, yes, eBay can be great fun and you can get some bargains but this really is the haven for every fraudulent idea ever invented by man and there are new ones occurring every day. So how do you pay for your purchases? PayPal of course, in most cases at least but this doesn't stop you from getting involved in fraud whether the seller or the purchaser. The goods were never sent or never arrived give me my money back depending on which party is the fraudster. Disputes like this are legion and it's not too difficult to get your PayPal account frozen and it's often very difficult to get it released.

So the question I'd like to leave you with this month is when making payments on the internet who do you trust and what will your bank or PayPal do in the event of a dispute. Do we need a better way to pay?

Happy holidays,

Patsy.

Tuesday, July 6, 2010

Authenticating people: Arent' there any better way out?

Do you ever have one of those weeks when everything just seems twice as hard as it should be? I don’t know about you but I dread having to call my bank for whatever reason, having gone through all the automated, please enter your account number rig morale, we eventually get to a human being and then it gets worse.

Please can you tell me what transaction you did on the 16th day of last month? It goes on and eventually you get so confused and flustered you begin to wonder if it’s actually your account let alone bank and who exactly is the customer here. I don’t know if this has ever happened to you but then sometimes you are told, not always politely, that you have failed security and they are unable to help you, good bye!

There has to be a better way, authenticating people has just become too difficult. The first problem is that each organisation has a slightly different approach to how they authenticate you, there may be passwords or PINs involved a check on recent transactions or perhaps a check on previously shared personal information. Don’t we need a standard way of authenticating people?

Then there are those PINs and passwords, sometimes they are numeric, sometimes they are alpha based, sometimes there must be a number, sometimes at least 9 digits, oh and successive digits in a sequence are not allowed. I could go on and on but what a ridiculous state to be in. We can debate whether it is advisable to have a common password but dear friends tell me who can remember 10 different passwords unless they are used everyday, so then we have to write them down, is that safe? Any way all these different systems prohibit a common password by their weird and wonderful rules of acceptability. Has anybody ever examined the reaction of users to all these different systems?

Well I can hear you thinking what is the solution then? So let’s gently wander through the garden to see what might be acceptable to both the prover and the verifier (don’t worry this is just about the extent of my technical knowledge). In everyday use we need to prove our identity in both the physical and virtual worlds. In the former case a photo identity card like a driving license is widely accepted, now I have no problem with this but how about those people who don’t have a driving license? Well why don’t they just go and get one! So I guess the thing here is that we have a common document that does involve a registration process. Now here is the test, if I went to the bank and on presentation of the photo ID I (previously registered with the bank) was allowed to empty my bank account would that be OK? Well who would be on risk here in the event of fraud? What is the probability that someone could counterfeit my photo ID and look sufficiently like me to be accepted by the bank teller? Doesn’t this just make you feel a little nervous?

It all sounds a bit like single factor authentication so we just need something else. Now I can speak with authority here, the other part of the family has spent at least 30 years trying to persuade people to carry widgets not too different to the gizmos the banks are currently providing to be used in conjunction with your debit or credit card for on-line banking. However in this case, you don’t need to carry them around at all because normally you would be doing the banking at home in the evening.

There is light at the end of the tunnel, everybody these days does carry a widget around with them, usually in the disguise of a mobile phone. So what I need the teller to do is to authenticate the phone in my purse as the one belonging to me and previously registered with the bank. They could send some code by SMS which I just replay to them, probably wouldn’t take more than 10 seconds. Still remembering minutes or what seemed like hours of previous exasperation it would be pretty good for me and would also do the business in the online world although we would also need a virtual driving license or something to get back the two factor authentication!

This may seem like a rant but is it really that difficult to authenticate people?

Patsy.

Thursday, June 3, 2010

There is no ID Card or Identity Register, what Next? Driving Licence!

Well we knew it was going to happen if the Tories got into power and yes in the Queens Speech this month the ID card is top of the list of things to go. Now of course, can you believe it, people are actually saying it won’t save much money but human rights and all that will be preserved. There are even plans to reduce the number of CCTV cameras around the land but I’m personally far more interested in those yellow boxes and more particularly the camera tripods operating out of the back of a van. Not for one minute would I suggest breaking speed limits but sometimes, change that too often, they are just in the wrong place. Sited to catch you unawares with little danger to others, in fact the last one I saw was literally 50 yards before the end of speed limit sign on a hill well past the occupied land. It was only 36 miles an hour but that was enough to get the summons and I’m sure my other half now appreciates better the dangers of speeding. He elected for the speed awareness course and did actually come back saying it was worth while albeit it took the best part of a day to get there and back.

But now there is no ID card or Identity Register what next? Well for some time we have preached about the humble driving licence, in the UK at least and probably still in America now that they have the counterfeits under better control, it is a pretty basic but none the less effective ID card. In fact I don’t know about you but in general this is the document that I use the most when somebody asks for proof of identity and that is not just in the UK but also Europe more generally and North America. It’s a convenient size and provides all the information the challenger requires and if you were to put a chip on it (sorry probably in it) then what else would you need? The last time I raised this at a dinner party there were screams from the non drivers around the table, am I unique in knowing so many people that like to be driven by others? Anyway sanity ruled even after a delicious bottle(s) of Chianti and eventually it was agreed that there was no difficulty in applying for a driving license whether you drive or not. I’ve notched that one up for posterity! And when it happens, not if, just remember you read it here first and just for the record my optimism is flavoured by the fact that the DVLA is in my view one of, if not the most effective service centre in the UK government! Perhaps it has something to do with living in Wales?

The other bit of interest this month was the excitement surrounding the Oyster card, which bit I can hear you saying. Well the BBC decided to do a Freedom of Information attack on Transport for London (TfL) and shock horror they discovered that TfL have £30 million stashed under the carpet every year from unclaimed or lost card value. Apparently a total of 16.5 million cards sat idle during the financial year 2009/2010 with an average amount on each card of £1.80. There’s more, last year 31,000 Oyster Pay as you Go (PAYG) were issued and topped up but never used with a total value of £246,000. What would you do without the tourists?

Now the really interesting point here is that the wheel keeps going around, when the family and I first got involved with smart cards (yes it was and still is a family affair) the electronic purse was all the rage and this was back in the late 70s and early 80s. The business case was all about the Float, that pot of gold accrued from the total prepaid and unspent value that the operator could invest to his financial advantage. This is of course true for any prepaid scheme Oyster card, iTunes card etc. But the other thing we knew all those years ago is that not all the value would be taken back, people would lose the cards, tuck them under their pillow or do all those other things we can’t mention. In fact we predicted back in those golden days that 2 – 4% might be an expected and that this escheat as it was called could be a lucrative business. However there is one little snag, unless you have an expiry date on the card you can’t really claim it because the liability always exists. Guess what? There is no expiry date on an Oyster card, who on earth left that out?

Patsy

Monday, May 3, 2010

The UK ID Cards System: Still A Misty Affair

Well it’s time for another general election in the UK but not perhaps with the same enthusiasm as for a general erection which was overheard at the dinner table with some Japanese colleagues earlier this month. However at such a time ones thoughts are raised into what is happening to all those little projects so close to our heart. The UK national ID card is always top of the agenda and so quiet recently, the government still mentions the cards given to foreign migrants but for distribution to the nation as a whole, Mmm… I don’t think so.

Just scanning the various election manifestos is always fun, joking really, I don’t think I’ve got the patience but any way those that do such as the London School of Economics (LSE) academics Dr Edgar Whitley and Dr Gus Hosein are happy to tell me that only the Labour Party manifesto has a commitment to deliver ID cards. According to Mark Ballard a fellow journalist The Identity and Passport Service (IPS) is so shady about how they are building the ID cards system that nobody actually knows what’s coming or going, if anything that is.

More precisely we are sure that both the conservative party and the Liberal Democrats are on record that they will cancel the national ID card project and a lot that goes with it including the National Identity Register. The LibDems at least have also promised to scrap the next generation of biometric passports that were to include fingerprints. All the current chip passports include a photograph and those of you zooming through Gatwick will have seen the new gates that look at you compared with the picture in the chip. I would have to say that my initial experiences suggest that this works far better than the Iris scan which has been removed and also seems to be more reliable as the old Iris scan gates often seemed to be out of action.

But let’s not stop the fun here how about getting on the buses? Are we going to have anything more than a flash card? A piece of cardboard would be far cheaper here than the latest smart card gizmo. Will ITSO rule the waves and end up as the transport card of choice? Positively running out of breath here but then we have stories that maybe the next government in saving money will have to quash all these travel concessionary cards anyway. That of course would be the end of the buses in anything but the centre of the major cities, rural bus travel would rapidly come to an end because those of you that have tried will know it’s made up almost entirely of concessionary fare riders. Somebody once told me that half of them do it just to keep warm and the other half just to have somebody to chat to. On such grounds alone buses provide an essential social service.

You may remember that Michael Leach was appointed interim CEO of ITSO back in February for a couple of months. Can I really believe you would appoint a CEO for a couple of months? I must have got that wrong? Anyway rumour has it that his contract has now been extended for a couple of years so at least there is time to make a mark.

Now what would we like to see him do? I’ve no doubt if I threw this out for public opinion that the skies would be as misty as ever. However I’ll offer a view that may not go down very well but is sadly needed. ITSO is based on backward compatibility; it has been the problem from day one. Whatever you put in place for interoperable fare payments must interoperate with what already exists. If you take this as a starting point it would be OK as long as you had a future migration path into something better, this is what ITSO has never done concentrating instead on patching the system and floating around to try and optimise integration with the Oyster card scheme in London. In both camps we see a move toward the Mifare DESFire in replacement for the Mifare Classic which has been successfully hacked a few times recently. I’ve even heard there have been problems with the DESFire cards in that lots of the underground gates can’t read the cards correctly. Somebody even told me the other day that the Oyster cards don’t even have an expiry date?

So message to ITSO, stop what you are doing and create a realistic 5 year plan for the future and just to give you encouragement remember the banks managed to change from magnetic stripe cards to chip cards not perhaps without problems but as I’m sure everyone will agree to a far better technical solution. Oh and by the way the technologies are not interoperable they do quite different things!

Patsy

Thursday, April 1, 2010

Cash or Cards: The Battle Continues..

It’s Spring, the daffodils are out and at long last the sun is starting to shine. Mixed in with a little rain I know but then this is the English weather we are talking about. Anyway at this time of the year people start to smile and everything just seems to be that much nicer.

However that doesn’t stop gloom and despondency from wandering around the marketplace, this time it’s chip security as discussed in our lead story this month. Otherwise the chip manufacturers seem to be busy with little slack in their fab lines. What I find so fascinating is the different views you get from people on a subject when we are all faced with the same facts. On this chip security I have got everything from I don’t care (i.e. don’t believe it’s a problem) right the way through to this is a show stopper for smart cards. Curiously the Tarnovsky attack has not made the big headlines even though by just about anybody’s estimation it’s a pretty fair achievement.

Actually the Digital Money Forum (Hyperion’s annual event at the Charing Cross Hotel) caused most of the in house discussion this month. The full story is reported separately but it was the tales from James Allan that stirred the emotions. After one of those late night foolish wagers James bet his friends that he could live in London for a year without cash, just cards. Now you could be cynical and say what a good way of scrounging from your friends but I don’t think James is that sort and anyway it’s interesting to think about those things that cause you a problem. At the end of the day there is that question, can you get rid of cash?

Well it was actually meetings with friends that caused most of the problems, those little P2P payments that we never think about. How about ‘Putting a fiver in the glass’ to pay the kitty for a night out at the pub? Then there’s paying a couple of pounds for those raffle tickets. Then there is the contribution, Jane is sick so let’s buy her a card and some flowers, give me a fiver. I could go on, the truth is we never think about those little P2P payments but our whole social life is based on them. Any cash replacement system that can’t handle P2P and that really means person to person in the street, pub, office, etc, seems doomed to failure. At the other end of the scale and caught a little bit by surprise is that there are some higher value transactions where cash is still the order of the day. Putting down a deposit on a flat for instance is often met by a demand for cash on the grounds that cash is irrevocable, which is clearly not the case with credit and debit cards. So there’s another one for the pot, any cash replacement system has to be irrevocable. I feel I’ve just made the list of contenders pretty small.

Anyway the other interesting story is of course to turn the argument around and ask if you can live in London for a year without cards, just cash. Now I’m probably biased here but cash seems pretty powerful to me, I’ve never forgotten the bank manager who explained to me that he lived on cash because he always got a discount, there was nothing personal here but he then proceeded to get the biggest wadge of notes out of his pocket that I have ever seen. Perhaps this was all before the day of the mugger or bag snatcher which I have experienced firsthand. That’s when you end up with no cash or cards.

So what happens if you haven’t got a card? Well just about every form of remote payment goes out the window and more and more of the machine payments, rail tickets and parking are now moving to cards. No more waiting in the queue for somebody at the machine to find they’re a £1 coin short and it won’t accept the £10 note, in fact it’s a game of bluff to see who else in the queue blinks first and hands over a £1 coin. Perhaps this is what the bank manager meant, a neat way of getting a discount.

This is of course a particular problem of the poor also discussed at the Forum that they tend not to have cards and it’s really our new world of the internet and mobile phones where we are increasingly buying our goods and services. No more going down to the shop, testing it out, and then buying it on Amazon. Not me I hear you say.

Happy Easter!

Patsy.

Wednesday, February 3, 2010

Smart Phones: How Secured Are They?

Well the Global Mobile conference in Barcelona has come and gone again. I don’t know whether it’s just me but I do still miss the event when it was held in Cannes. There was something about the location and all those intimate parties on the boats. C’est la vie but perhaps even more so is the move from technology to the joys of understanding the consumer proposition. Applications are the name of the game and I must admit that even I am getting a bit excited with all these iPhone gizmos. There is something quite fascinating standing in the supermarket waving your mobile phone over the barcode of products to see how much that item might cost down the road. For those of you interested the application is called RedLaser and costs just $1.99.

To me the theme this year was very much about smart phones and how everybody is expecting this market in particular to really pick up in 2010. And yet there wasn’t very much about the security of these smart phones but we know from the PC world that when you have multi application devices connected to the internet that security problems will follow. You may have gathered from our lead article this month that the security of payment systems for example has moved from the smart card to the terminal or in this case the mobile phone.

It was brought home to me this month when I came to upgrade my mobile phone, it’s a bit like an electronic handbag as it contains all my personal data and dare I admit it not that well protected. So what would happen if you lose your phone? I think most of us would need to worry. I couldn’t resist asking David Everett about this problem and after getting somewhat bored about Cloud Computing and keeping everything in the sky the discussion came to a short end when I reminded him about how often he seems to have a flat battery.

Anyway where does that leave most of us? Where do you store the data on your phone, is it in the SIM card, the mobile phone memory or the SD memory card plugged in the side? It turns out and I don’t think I ever really knew that it’s in the mobile phone main memory, where the phone goes is where my data goes and I can’t just take it out when I come to change phones.

So I’ve come to the conclusion that the SIM doesn’t seem to be doing very much for most people apart from the basic phone operations. And yes you’re dying to ask me, how about NFC, surely that means all the applications will be going in the SIM card. Well sorry to disappoint you but as far as I can see NFC is still stuck on the commercial issues about how you might share the SIM card which is the only bit in the phone the Network Operator controls and they don’t seem to be rushing to make it available. I saw somewhere that Nokia has cancelled its planned 6216 NFC phone. Lots of talk about how the proposition needs to be improved but I wonder if it has anything to do with the SWP (Single Wire Protocol) which I gather means that the SIM card has to be shared – surely not?

Patsy Everett

You can check the link for more information: http://www.smartcard.co.uk/articles/TerminalDeclineinCambridge.php

Monday, January 4, 2010

Is it safe to Shop Online?

Well now that Xmas is over it’s interesting to talk to friends to see how much shopping they actually did over the internet. Hands up I did about half my shopping on the internet, gadgets for guys are best bought this way far less hassle and nowhere near so boring. I just can’t believe how excited these men get over toys (I can’t call them gadgets) that seem to have no other purpose in life than making strange noises or flashes. I got a Cajon drum from Father Xmas which I’m sure was negotiated over the internet but I’ve no idea what happened to my leather boots that I was rather hoping for? Perhaps they’re not so easy to buy on the internet.Anyway the general consensus seems to be that most people are doing a large part of their shopping on the internet, probably more than me. So the question is ‘are you worried about the security?’ do you have a moment to hear the results?

In every case they were using either a credit or debit card but often with the card information stored at the seller (e.g. Amazon) but nobody was using the security widgets discussed in the Newsletter this month. So the first question surrounded the choice of card.

Would you prefer to use a credit or debit card for your purchases on the internet? The answers were all about the free credit with a credit card or the financial planning offered by a debit card. Nobody seemed to think about the fact that your current account is effectively exposed by the use of a debit card as we discussed last month, I really must get my friends reading this blog!

Do you have any reservations about the merchant holding your card information? Again it was interesting, just about everybody was happy with Amazon. They really do have an enviable reputation probably better than any bank. Also they clearly are a (the?) major player in the internet.

I couldn’t resist it so I had to ask ‘do you use eBay and how do you pay?’ Pretty unanimous again and as for payment it was of course PayPal. So clearly people don’t mind PayPal holding their card or bank account information.

So back to the core subject ‘are you happy to pass your card details over the internet to an unknown merchant?’ Again it was interesting, just about everybody was a little concerned but they all do it.

Pursuing this further what became clear was that people (my friends at least) were confident that in the event of fraud that they would be covered by the bank who would sort everything out. Interesting to note here that a few people thought the credit card company would sort it out, they hadn’t fully appreciated that the cards are issued by some bank that is responsible for any problems with the card. An interesting brand discussion could be had here but we’ll leave that for another day.

Identity theft was a big issue, people were concerned about some villain using their identity in some fraudulent way but that wasn’t directly associated with using the debit or credit card, not until you point out of course that large merchants have been known to lose this information on rather a large scale which can be used for more than just fraudulent payments on the card, more on this in the Newsletter.

Well we’ve got there, how about the widget I said, you know the calculator type device that makes your payments more secure like when you are doing electronic banking? You know when you have said something particularly boring when people’s eyes glaze over and they immediately change the subject. I had several goes at this but the best I got was what a jolly good idea but perhaps I won’t need to use it!

Now we all know the problem is getting worse but who is going to blink first? There are two approaches, either we have to have a more secure way of accessing the internet with software or we have to insert a security widget into the payment chain that the consumer finds effectively transparent. There’s an opportunity here for someone. Just as a note one friend has a service from his bank that sends him an SMS when he makes a payment over £25, he loves it and I think I could become quite attached.

See you in Barcelona at the Mobile conference.

Good bye

Patsy


To find out more, please click on: http://www.smartcard.co.uk/articles/GemaltoCountsCostOfNewYearBug.php