Upromise MasterCard

Citibank launched the ‘Citi Upromise Platinum Select MasterCard’ yesterday. In April, Citibank joined with several other top U.S. companies in the launch of the Upromise college savings program. Under the initial Citibank/Upromise deal, Citi set up a program to contribute 1% of purchases made on certain enrolled Citi credit cards for a $24.95 annual fee. Yesterday, Citi launched the new ‘Upromise MasterCard’ without an annual fee. Cardholders receive 1% of eligible purchases made on the card as college contributions into their Upromise account. Under the Upromise program, families can multiply Upromise college contributions by building their own savings network of parents, grandparents, aunts, uncles and friends, all directing their contributions to a child’s account. The Upromise service also offers the option of investing the contributions in a “529” college savings plan. (CF Library 4/25/01)

Details

CARD READER DEAL

Freestar Technologies, Inc. and Asia Pacific Micro
Inc., based in Oakland, California, announced the transfer to Freestar
of a cash deposit of US$900,000. The funds will be used to pay part of the
costs to produce 66,000 card readers, a key step in the implementation of the
Company’s PaySafeNow System. The card reader hardware units will be
distributed and resold to Freestar’s clients pursuant to existing contracts in
place.

The $900,000 sum was received in lieu of a larger debt owed to Freestar
Technologies’ CEO Paul Egan, who commented, “The magnitude and timing of this
payment will allow Freestar to substantially reduce our cash outlay in
purchasing the card readers.”

Using the Company’s proprietary PaySafeNow technology bundle, consumers
will have the ability to use debit and ATM cards with PIN codes to execute
cash transactions for online shopping in the same way as traditional credit
cards.

The solution bundles Freestar’s ETSS software with a secure card reader
that connects the consumer’s PC to the financial institution holding the
consumer’s banked funds. The reader is compatible with both magnetic-stripe
and smart-card technologies, and utilizes a secure numeric keypad to enter
PINs and passwords. This system creates two-factor authentication, which is
required for ATM/debit transactions.

The payment will enable Freestar Technologies to expedite the first phase
of its contract with Banco Nacional de Credito to distribute 30,000 PaySafeNow
units into the marketplace. The Pay Safe Now System with ETSS is endorsed and
certified by Banco Nacional de Credito, a division of the National Financial
Group (GFN), a principal financial institution in the Caribbean and Latin
American region.

About Freestar Technologies, Inc.

Freestar Technologies, Inc.’s Enhanced Transactional Secure Software
(“ETSS”), a proprietary software package that enables consumers to consummate
secure e-commerce transactions over the Internet using credit, debit, ATM
(with PIN) or smart cards. The ETSS system integrates a consumer-side
card-swipe terminal with a back-end host-processing center. It encrypts
sensitive financial data at the consumer’s personal computer, using powerful
DES encryption and algorithms. It sends an authorization number to the
e-commerce merchant, rather than the consumer’s credit card information, to
provide a maximum level of security. The Company plans to link several large,
established smart card systems together on an ETSS-based standard to achieve
economies of scale and further market penetration for this secure e-commerce
payment system. For more information visit the Web site of the Company’s
ePayLatina Division at
http://www.epaylatina.com.

Details

Advanta 3Q/01

Advanta reported Tuesday that third quarter net income for its business cards was $10.6 million, a 21% increase over the second quarter. Advanta ended the third quarter with managed business card receivables of $2.0 billion as compared to $1.9 billion at June 30, and $1.5 billion one year ago. Advanta says its margin improved during the quarter as a result of the favorable interest rate environment, which more than compensated for a slight decline in fee income and an anticipated increase in charge-offs. The over 30 day delinquency rate for 3Q was 5.92% compared to 4.32% for 3Q/00. Charge-offs soared from 4.83% to 7.90% over the same period. Overall, Advanta reported a net loss for the quarter of $41.7 million due its venture capital portfolio. The company is also embroiled in litigation with J.P. Morgan Chase over the sale of more than $1 billion in mortgage assets. Chase claims Advanta overstated the value. For complete details on Advanta’s 3Q/01 and previous performance please visit CardData ([www.carddata.com][1]).

[1]: http://www.carddata.com

Details

PAYWARE E-CMS

Trintech Group, a global provider of secure electronic payment infrastructure
solutions, announced that Magyar Takarek Bank, the parent organization of the
Hungarian Savings Co-operative Banks and a subsidiary of Germany’s DG Bank, is
deploying Trintech technology to power Hungary’s largest card issuing and
merchant acquiring system. MTB is utilizing PayWare eCMS, Trintech’s next
generation card issuing and merchant acquiring technology, to power a network
of 122 savings co-operative banks in the country.

MTB plans to roll out the card payment service to meet the demands of
Hungary’s
rapidly growing cards market. Credit card issuance in Hungary grew at a rate
of 87% in 2000, with 4.5 million cards in issue at the end of that year1.
PayWare eCMS provides MTB with a comprehensive card management solution
providing speed, flexibility and security for all steps of the card payment
process, from the issuing of a card through to settlement.

“Hungary is one of Europe’s fastest growing cards markets and we require next
generation systems to handle the increase in volume,” says Mr. Franz Otto,
managing director of MTB. “We chose to partner with Trintech because of their
proven ability to deploy secure and scalable card payment solutions that can
handle multiple merchants, card types and payment channels. We believe PayWare
eCMS will accelerate the adoption of card payments in this dynamic market.”

PayWare eCMS is comprised of two major modules, Issuer and Acquirer. PayWare
eCMS Issuer enables card issuers to set up and easily manage feature-rich card
programs for their targeted cardholders. PayWare eCMS Acquirer is a merchant
account handling and settlement solution allowing the bank to fully manage
their merchant acquiring services including account set-up, determination of
merchant account parameters and settlement of funds.

“It is imperative that card processors in emerging markets choose a technology
solution that can meet their current requirements while providing support for
their future payment needs,” says Trevor Healy, EVP of the ePayments Division
at Trintech. “MTB has demonstrated clear leadership in Hungary and the
country
is one of the most progressive and fast-moving in the world. PayWare eCMS has
the proven ability to provide MTB with all its card issuing and acquiring
requirements today with a clear migration path to new payment types and
channels, such as eCommerce and mCommerce.”

Built on powerful Unix-based relational database with a browser based
graphical
user interface, PayWare eCMS provides MTB with the ability to quickly and
easily create and modify credit, debit, private label and loyalty card
programs, enabling them to remain competitive in the dynamic Hungarian cards
market. In addition, the ability to create merchant accounts with flexible
business parameters allows MTB to offer a very competitive merchant acquiring
service to Hungary’s merchant population.

About PayWare eCMS

Multi-card and brand support – Issue a single card or several brands at the
same time. Each card can be set up with its own unique set of processing
parameters.

Multi-Issuer – Organize your card issuing as a single business unit or across
several business units. Each issuing unit can be set up with its own set of
unique business rules.

Multi-Currency Support – Each card in the system can be settled in the local
currency or in the local and reference currency. Payment to merchants can be
made either in the local or international currency.
Scalable Solution – Using a relational database with standardized structures
together with the ability to expand your base systems infrastructure as you
need to it, allows you to grow your card system as your processing and
business
needs grow.

Open Architecture – PayWare eCMS will run on any combination of standard
hardware, operating system and database management system.

Flexible Modular Architecture – PayWare eCMS is made up of multiple modules so
that you can design your card management system based on the functionality
that
you require for your business requirements.

End to end payment processing – Integrating with our payment gateway products
and virtual card issuing solution, Trintech provides an integrated suite of
solutions providing the infrastructure to your card processing requirements.
Future proof solution – PayWare eCMS provides support for chip enabled payment
processing and secure internet and mobile payments.

About Trintech

Founded in 1987, Trintech is a leading provider of secure electronic payment
infrastructure solutions for card-based transactions for physical world
commerce, eCommerce and mobile commerce. The company offers a complete
range of
payment software products for credit, debit, commercial and procurement card
applications, as well as being a world leader in the deployment of payment
solutions for Internet commerce that are fully SSL and SET? compliant.
Trintech’s range of scalable open systems architecture solutions for UNIX® and
Windows NT? platforms covers consumer, merchant and financial institution
requirements for physical payments and the emerging world of electronic
commerce. Trintech can be contacted in the U.S. at 2755 Campus Drive, San
Mateo, CA 94403 (Tel: 650-227-7000) and in Ireland at Trintech Building, South
County Business Park, Leopardstown, Dublin 18 (Tel: 353-1-207-4000). Trintech
can be reached on the Web at
http://www.trintech.com.

Details

Metris Shuffle

Metris Companies announced the opening of its new Duluth, Minn., operations center and its plans to close its location in Champaign, Ill. The company also announced it had completed the consolidation of its two Scottsdale, Ariz., facilities. “The opening of our new Duluth operations center, combined with the closing of Champaign and the consolidation in Arizona, creates many efficiencies for the business,” said Ronald N. Zebeck, Metris Chairman and CEO. “These strategic moves leave us well positioned to execute our business plans for 2002 and beyond.”

The new Duluth facility, which serves as a collections center, opened for training on September 17 and already employs approximately 90 collections representatives and management personnel. The company expects the number of positions at the facility to increase to approximately 200 in the coming year.

The Champaign location, which opened in 1998, housed a portion of the company’s information technology operations. The location’s 68 employees are being offered either relocation or severance packages, along with outplacement support, with a targeted closure date of March 1, 2002. These operations are being consolidated into the company’s facilities in Minnetonka, Minn., and Scottsdale, Ariz. Minnetonka is the location of the company’s headquarters. Scottsdale houses the company’s state-of-the-art data center, established in 2000.

In Scottsdale, approximately 150 employees were relocated over the past year from the company’s original location, opened in 1998, to Metris’ new western region headquarters, which opened in 2000. In addition to housing part of the company’s information technology operations, Metris’ Scottsdale facility employs approximately 500 collections, customer service, marketing, and credit risk representatives. The facility also serves as the headquarters of Direct Merchants Credit Card Bank, a wholly owned Metris subsidiary. Metris Companies Inc. is an information-based direct marketer of consumer credit products and enhancement services. The company was recognized in 2000 and 2001 as one of “America’s 100 Fastest-Growing Companies” by FORTUNE magazine. Based in Minnetonka, Minn., Metris also has operations in Scottsdale, Ariz.; Jacksonville, Fla.; Orlando, Fla.; Champaign, Ill.; White Marsh, Md.; Duluth, Minn.; and Tulsa, Okla. Metris employs approximately 4,500 people. Visit Metris on the Internet at [www.metriscompanies.com][1]

[1]: http://www.metriscompanies.com/

Details

VISIBLE US CARD

The Visible Results Gift Card, an innovative stored value card, has become
available to US firms through Visible Results USA, Inc., a subsidiary of New
Zealand-based Visible Results Group of Companies.

The Visible Results Gift Card is built around cutting-edge thermo-chromic
technology developed for Visible Results’ revolutionary GraphiCard loyalty
card
application. Unlike other gift cards, the Visible Results Gift Card
features an
actual display of its monetary value directly on the front. Each time a
recipient makes a purchase, the amount of the transaction is automatically
deducted from the total at the checkout counter. Cards may be re-used until
their value has been depleted. They may then be re-initialized through
payment
at the point of sale or returned to the retailer for cost-efficient
‘re-cycling’ and re-issue to new customers.

‘Clearly, Visible Results’ gift card offers an unmatched set of benefits to
retailers and consumers alike,’ said Gerald Lewis, the veteran retail and
consumer marketing consultant who earlier this year joined Visible Results
USA
as Chairman. ‘Unlike a traditional gift certificate, because the balance on
the
card is updated with every use, merchants need not give change to customers.
This ensures that the merchant who sold the card realizes its entire dollar
value, rather than just the value of the patron’s initial purchase. It also
increases the potential for repeat business and takes customer convenience
to a
higher level by enabling the retailer to communicate a different promotional
message to the customer each time the card is used.’

Lewis added that flexibility constitutes another key advantage of the
program:
The card has no pre-set limits or dollar value increments, unless retailers
desire them.
The Visible Results Gift Card is appropriate for all types of retail
companies,
as well as restaurants, hotels, airlines, and other operations aiming to
foster
customer loyalty while maximizing their profit-generating opportunities.

About Visible Results

Visible Results USA, Inc. is a subsidiary of the Auckland, New Zealand-based
Visible Results Group of Companies. Since its inception in 1997, the parent
company has emerged as one of the world’s leading customer relationship
firms,
serving a growing client base across convenience, fast food, fuels and the
general retail industry. The company established Visible Results USA and a
base
in the US through the February 2001 acquisition of GraphiCard Systems
International (GSI), Overland Park, KS. The purchase included the worldwide
intellectual property patents to the unique technology that underlies all
Visible Results GraphiCard ‘ programs. Visible Results USA established a
marketing office in New York City in May 2001, following the addition of Mr.
Lewis to its team.

Details

MerchantOnline.com Bankruptcy

MerchantOnline.com, Inc., a digital payment products and services provider for credit cards and debit cards, announced today that it has filed for voluntary petitions for reorganization under Chapter 11 of the U.S. Bankruptcy Code in the United States Bankruptcy Court in West Palm Beach, Florida.

Jim Degracia, CEO of MerchantOnline, stated that the company still has strong technology and a viable business model for its products and services. The volatile economic and public market conditions hampered the company’s efforts to raise equity capital to support its operations.

“We expect to be in a much stronger financial position going forward, with no debt and a much smaller cash requirement,” said Mr. Degracia. “With the growth in revenue projected from our contracts and pending contracts, combined with the continued reduction of costs, we will be on a faster path to profitability.

The demand for our Newcash technology provides a basis for future growth in a market that demands the next generation of secure transaction capabilities. The company is currently finalizing arrangements with sources of Debtor in Possession financing.

About MerchantOnline:

Founded in December 1997, MerchantOnline provides a secure transaction network that enables businesses and consumers to use one payment system for both their real world and virtual world needs, utilizing credit cards, ATM/debit cards and other payment programs. Except for historical matters, the matters in this press release are forward-looking statements and are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995. The forward-looking statements reflect assumptions and involve risks and uncertainties, which might affect the Company’s business and prospects and cause actual results to differ materially from these forward-looking statements. Investors are cautioned that all forward-looking statements involve risk and uncertainties, including those risk and uncertainties detailed in the Company’s filings with the Securities and Exchange Commission.

Details

E-GATE EFFICIENCIES

SchlumbergerSema announced that its e-gate
smart card technology – a business critical innovation which enables cards
to be plugged directly into the USB port of any computer- delivers a
performance/cost ratio ten times better than that of a standard ISO. This is
a major advantage for organizations extending their smart card
infrastructure to many thousands of PC users.

The e-gate format reduces costs by incorporating the USB interface
electronics on an ISO compatible smart card. This removes the need for a
card reader and simplifies the installation on a PC, thereby cutting the
capital cost of the smart infrastructure while communicating at the USB
speed.

At the heart of every e-gate card is a specially designed chip what
incorporates the standard smart card ISO and USB interface. This chip is
packaged in two formats: a standard ISO version, giving a versatile smart
card that provides a single key to a host of smart services; and a ‘plug-in’
small format card within a token that plugs directly into a USB port, ideal
for dedicated Internet security applications.

“The business case for smart-card based digital identity solutions is
already won – until now, the hold up has been the cost and complexity of
putting the one-to-one terminal infrastructure into place”, said Tom Arthur,
Senior Vice President, Worldwide sales and Business Development, ActivCard.
“e-gate reinforces network security in a variety of business environments
while adding flexibility to the smart payment and security infrastructure”.

To meet the growing demand for corporate and Internet security solutions,
production of the SchlumbergerSema e-gate Cyberflex(TM) Java(TM) and native
OS Cryptoflex(TM) smart cards has now reached commercial volume.

Cyberflex e-gate and Cryptoflex e-gate can be seen live October 23-25, 2001
at the SchlumbergerSema exhibition at stand A30 in Hall Albinoni at Carte in
Paris, France.

About SchlumbergerSema

SchlumbergerSema is a leading information technology services company
providing consulting, systems integration, managed services, business
continuity systems, products and IP network security solutions serving the
telecommunications, utility, finance, transport, oil and gas, and public
sector markets. With more than 30,000 employees in 130 countries,
SchlumbergerSema is one of two business segments of Schlumberger Limited, a
global technology services company.
For more information about SchlumbergerSema, visit
http://www.slb.com/.

Details

Xmas Online

NextCard released an “eCommerce Intentions” survey yesterday that found nearly one third of online shoppers will begin their online holiday shopping before November. According to the survey, nearly half of all online shoppers will shop at Amazon.com. Nearly one in five shoppers will spend between $101 and $250 for their online holiday purchases. Nineteen percent will spend between $250 or more for online gifts this year. Almost one quarter will limit their online spending to $100 or less. Almost half cite the ability to shop whenever they want as the primary reason for shopping online. Avoiding crowds at stores was a distant second and saving time was third. Saving money was a very low priority with only 8% citing this as their primary reason. NextCard commissioned Harris Interactive to handle the survey.

Details

FINGERPRINT CARDS USA

Fingerprint Cards AB has received a million kronor order for smartcard
components

The Company is developing a technology for scanning and matching fingertip
patterns for determination of individuals’ identity, which replaces PIN codes
and passwords in security applications. The technical solutions developed are
to be licensed to companies in the fields of mobile telephony, data security,
building access control and card-based solutions for e-commerce and other
electronic transactions

During the autumn, operations have expanded on the North American market,
where
a special consultant has been engaged. The latter has a wide network of
contacts and an insight into continuing government procurement of
biometrically
secure smartcards for its employees. His role will be to intensify contacts
with the five suppliers appointed by the Federal government.

The terrorist attacks on the USA on September 11 have stimulated considerably
greater interest in security technology in general and attention there has now
focused on the feasibility of biometrics for identity checks on both airport
employees and passengers. There has also been great interest in fingertip
pattern verification technology thanks to the fact that it provides a high
level of security while observing the need for personal integrity. Citing an
independent consumer poll held in September, the company Harris Interactive
reports that more than 80% of the public views the use of fingertip
verification technology as of major or extreme value to security at North
American airports.

The third quarter saw a start on the marketing of the Company’s swipe sensor
concept, which allows the provision of a complete fingertip pattern
verification system, comprising sensor, processor and algorithm, at a cost of
under ten dollars in volume deliveries. An initial marketing effort has been
directed at the eighty largest brands in the fields of mobile telephony and IT
applications such as laptops, handheld computers and keyboards. The cost of
the
technology is crucial to this kind of mass-volume product, once other
technical
considerations have been met. Fingerprint Cards is alone in having developed a
capacitive swipe sensor, which, in combination with the most compact algorithm
on the market, makes it possible to offer a complete biometric system at
such a
low cost.

The Company has supplied a number of systems intended for small-arms security
equipment used to lock a gun into its holster. Fingertip pattern verification
is used to open the lock on the holster, allowing the legitimate owner access
to the weapon. A small-scale pilot study is being undertaken and may be
expanded later this autumn.

At the m-commerce show in London the Company demonstrated its embedded
technology, which is especially suitable for mobile solutions. The embedded
system with its swipe sensors offers a range of benefits and apart from its
low
cost and current consumption, the Company’s unique algorithm for matching
fingertip patterns can be implemented in the existing processor of a mobile
telephone or handheld computer. This reduces the need for components for the
biometric function to a single sensor for scanning fingertip patterns, which
offers an unbeatable advantage in terms of costs.

During the third quarter the Company initiated an in-house ergonomics project
that aims to study various methods of applying the sensor in different
products
and finding a design that guides the finger naturally to the correct position.
This facilitates excellent scanning of the fingertip pattern, thereby
safeguarding system performance.

A considerable quantity of fingertip pattern data was collated during the
summer in a database for further development of the verification algorithm.
Here, great importance was attached to ensuring the widest possible diversity
of individuals with regard to age, gender, profession and ethnic origin.

The swipe sensor algorithm performs well in database runs and has now been
implemented in a program language (VHDL) that allows the function to take the
form of an IP module. The latter can be integrated into a processor ASIC, thus
reducing the number of components for the biometric system to a single sensor.

Consolidated turnover during the second quarter amounted to MSEK 0.1 (0.5) and
for the period January-June, to MSEK 0.4 (1.5). The consolidated loss for the
third quarter amounted to MSEK -5.9 (-4.2) and for the period January-June,
the
loss was MSEK -27.8 (-12.9). The deterioration in earnings in comparison with
the previous year is a result of the Company’s more offensive commitment to
technological development and marketing.

Operations are essentially financed by both a new issue of MSEK 55.5, floated
in the spring of 1998, and a preferential and a directed new issue,
respectively, of MSEK 149 net, floated in April 2000. The consolidated
equity/assets ratio as at September 30 was 96,9% (97.0%). Consolidated
available liquid assets including current investments as at September 30,
2001,
totalled MSEK 128.3 (162.9). Other current receivables amounted to MSEK 2.7
(2.1). The consolidated working capital amounted as at September 30 to MSEK
126.8 (159.6). The two equally large Company option programs with redemption
rates of SEK 192 and SEK 67, respectively, for a total of 600,000 shares can
result in a maximum dilution of 9.4%.

During the third quarter, MSEK 0.1 (0.1) was invested in equipment. During the
first six months, the investment in equipment totalled MSEK 0.2 (0.2).
Previous
development costs of MSEK 9.2 set up us an asset and patent rights for MSEK
5.9
were depreciated according to plan by 15% annually, equivalent to the expected
economic life. Equipment is depreciated by 20% annually and PCs by 30%
annually.

As at September 30, the number of employees totalled seventeen (fourteen) and
during the third quarter a further two engineering graduates were engaged on a
project basis with effect from October 1.

This interim report has been prepared in accordance with Recommendation RR 20
on interim reporting, issued by the Swedish Financial Accounting Standards
Council. The report has been prepared in accordance with the same
principles of
accounting and calculation as applied to the 2000 Annual Report.

Significant events after the end of the accounting period At the Paris-based
trade show, Cartes 2001, which opens today, the Company and its partner
Biometrics Associates Inc., will be demonstrating smart cards incorporating
its
entire biometrics system, which are now as thin as standard credit cards.
Licensed by Fingerprint Cards, Biometric Associates Inc. has noted a definite
rise in the interest in biometrically secured cards, primarily in the USA, and
has now placed an order with the Company for several thousand more components
for card production.

Details

Future ATM Banking

By 2003, IDC projects the automated teller machine will surpass the branch as the highest volume U.S. banking channel, with over 13 billion annual transactions. However, as transactions, and the number of ATMs, grow, IDC believes banks will face increasingly difficult challenges, including rising ATM support costs, identifying new revenue streams, and potential new accessibility regulations under the Americans with Disabilities Act. Together, these factors make this a compelling time for banks to consider Web-enabled ATMs.

“Web-based strategies have begun to impact the entire retail banking delivery system,” said Ian Rubin, IDC’s director of online financial services research. “The availability of Web-enabled ATMs signifies an opportunity to cross-pollinate online banking and ATM services, which can have significant implications on banking products, customer relationship management, and customer acquisition strategies.”

IDC believes this is also an opportune time for banks to review Web-based ATMs in the context of a larger multichannel delivery strategy. “All significant channel investments going forward will be scrutinized for leverage across other channels, including Internet, ATM, call center, and branch,” Rubin said. “Banks that are contemplating a multichannel delivery strategy may well find a Web-enabled ATM fleet to be the logical first phase.”

IDC’s study Web-Enabled ATMs: Implications for Online Banking and Multichannel Delivery (IDC #25694) examines strategies behind the consideration of Web-enabled ATMs. It discusses the primary business drivers and cost considerations for deploying Web ATMs, reviews current ATM bank pilots, and selected vendors providing solutions.

About IDC

IDC is the foremost global market intelligence and advisory firm helping clients gain insight into technology and ebusiness trends to develop sound business strategies. Using a combination of rigorous primary research, in-depth analysis, and client interaction, IDC forecasts worldwide markets and trends to deliver dependable service and client advice. More than 700 analysts in 43 countries provide global research with local content. IDC’s customers comprise the world’s leading IT suppliers, IT organizations, ebusiness companies and the financial community. Additional information can be found at [www.idc.com][1].

IDC is a division of IDG, the world’s leading IT media, research and exposition company.

[1]: http://www.idc.com/

Details

SMART CARD PROTECTION PROFILE

A common model to
evaluate the security of smart cards, based on the Common Criteria for
Information Technology Security Evaluation, has been recognized by the
financial services industry. The Common Criteria is an international standard
for conducting security evaluations.

The model, called the Smart Card Protection Profile, has been developed by the
Smart Card Security User Group (SCSUG) and defines the security
requirements of
the financial services industry. The Protection Profile has been successfully
evaluated and recognized by the sponsors of the Common Criteria. This means
that the Protection Profile is complete, consistent, and technically sound
as a
statement of requirements for smart cards.

Members of the SCSUG, which include American Express, Europay International,
JCB, MasterCard International (which includes Mondex International a
wholly-owned subsidiary of MasterCard), NIST (National Institute of Standards
and Technology) and Visa International, worked with major governmental bodies
to develop the Protection Profile.

Sponsors of the Common Criteria include government agencies in Australia,
Canada, Finland, France, Germany, Greece, Israel, Italy, Netherlands, New
Zealand, Norway, Spain, the United Kingdom, and the United States.

The Common Criteria, also known as ISO 15408, defines a process for conducting
security evaluations. The Protection Profile specifies the security
requirements that smart cards should meet to address the needs of the
financial
services industry, and identifies the framework for verifying compliance to
those requirements. The Protection Profile will influence future smart card
product development efforts. Smart cards will be evaluated in accredited
laboratories that determine whether or not the design specifications and
implementation meet the security requirements.

‘The evaluation and certification of this Protection Profile is significant
and
important to the Common Criteria project sponsors,’ said Dr. Stuart Katzke,
chairman of the international committee that manages the development of the
Common Criteria and the associated mutual recognition arrangement between
participating countries. ‘It earmarks the first time that an entire industry
sector, the financial services industry, has worked together to use the Common
Criteria to articulate and define their common security needs.’

The Protection Profile, which has received extensive international review, was
independently evaluated under four Common Criteria evaluation schemes in
Canada, France, Germany and the United States.

‘The Protection Profile was found by the evaluating schemes to be a very
comprehensive specification, thanks in no small way to the efforts of the
SCSUG
members,’ said Dr. Katzke. He also stated that he hopes other industry
sectors will follow the lead and share the success of the financial services
industry in using the Common Criteria to specify their security needs.

Industry-wide security standards result in economies of scale and
interoperability. Card issuers do not have to deal with two or more different
security standards and developers can manufacture products to one standard,
reducing their costs.

‘This is a significant development in the use of smart cards by the financial
services industry,’ said Dr. Kenneth Ayer, chair of the SCSUG. ‘For the first
time we have industry-wide agreement on security standards for smart cards,
which will lower costs for banks, make market introductions faster, and
simplify the evaluation process for financial institutions and the vendors who
supply them. This could not have been achieved without the Common Criteria.’

The Smart Card Security Users Group Smart Card Protection Profile is available
at
http://www.scsug.org/ or
http://csrc.nist.gov/cc/sc/sclist.h
tm.

Details