E-commerce has generally been
defined as the ability to search, order, purchase and pay for goods over the
Internet. But security remains a key stumbling block in its full
acceptance. So-called Contactless Smart cards provide a solution.
“Contactless smart cards meet
e-Commerce security needs by providing a safe method of transacting,” says
Murton System Technologies MD Brent Maurer. “The smart card industry has
taken a step forward with the development of the Contactless smart card.”
The simple definition of a
Contactless smart card is a computer and radio transponder with an encryption
engine on a piece of plastic. It has a microprocessor and memory, and
although it does not have a keyboard and screen, it does have digital
electronics to send and receive data.
The card fits into a wallet and
looks just like a credit card, and can be colorfully branded, and being a
computer, it can do a lot more than an ordinary credit card.
In contrast to ordinary credit
and chip cards, Contactless smart cards have the ability to meet e-commerce
security needs. Until now on-line sites simply request the credit card details,
encrypt the data and send it off to the acquiring bank for credit authorization.
However this results in a
plethora of potential security problems. For example, how does the system know
that the person giving in the credit card information is entitled to do so?
How does the user know that the merchant’s site isn’t an imposter pretending
to be a merchant to gain access to credit card numbers or that the encryption
mechanism has not been compromised? Who pays if there is a problem and can
the buyer deny buying goods? The list is endless.
As a potential solution to the
credit card dilemma Master Card and Visa developed a protocol called SET (Secure
Electronic Transactions) whose sole purpose is to answer these questions
satisfactorily and to define a standard on which to build SET solutions.
But there are still major shortfalls from the buyer’s perspective.
“The SET protocol defines a
requirement and protocol for everyone to be certified by a trusted third party,
which solves the ‘can I trust this buyer’, or ‘can I trust this merchant,
or even ‘can I trust this bank,’ question,” comments Maurer. The
proposed solution is for the buyer to download an ‘electronic wallet’ and
‘digital certificate’ from a bank or software vendor. This certified
wallet is then used to supply credit card details for purchases.
However, there are still
numerous loopholes. “For one, the concept of a ‘digital certificate’ is so
unfriendly, only advanced users will download it, resulting a large number of
intermediate Internet users being excluded from buying over the Internet and
also, it does not address the question 'can I trust the trusted party?'. Of even
greater importance is the dreaded thought for many that regardless how secure
they system is, they know their credit card information is whizzing
around on a computer drive somewhere out there,” notes Maurer.
“Enter the smart card solution. Contactless smart cards provide a perfect
solution,” says Maurer. “An Internet user simply goes to an on-line
store and swipes the Contactless card in a reader attached to a desktop PC. In
the same way as you physically shop, choose the items and pay for them
immediately. The MS Tech system ensures firstly that the user is biometrically
identified eliminating unauthorized use, and secondly, the credit card
information never leaves his computer making card information impossible since
it is not there to begin with”
Paying for goods over the
Internet in this manner is safer than paying by credit card. In the
physical world when using a credit card the merchant checks to see if the card
is valid by comparing signatures and makes sure the user has enough money in the
bank. With a Contactless smart card the risks of fraud are dramatically
On-line shoppers will be
required to enter either a pin number or be biometrically scanned. The card/pin
or biometric scan combination verifies that the person using the system, and the
card further provides for secure encryption to and from itself.
“Security, identification and
certification are all present on the Contactless smart cards,” notes Maurer,
“and provide the most secure means of purchasing over the Internet to date.”
The Contactless smart card
readers developed by Murton System Technologies using Philips Mifare technology
is a global standard for Contactless smart cards to the world market. The
cards hold up to 15 different applications and transactions take place in less
than 0,15 seconds. Contactless smart cards differ from standard smart
cards because they cannot be tampered with and can be read from a distance,
eliminating the need to take them out of one's wallet.