Alan L Tyree

Smart Cards

1

A "smart card" is a small device that can hold substantial amounts of information:

Both parts of the equation are necessary. A device such as the normal CD is small and can hold substantial amounts of information but it is not manipulable. An ordinary cassette tape can hold substantial amounts of information but it is not secure from unauthorised manipulation.2

Current smart cards take the form of a familiar plastic card with an embedded micro-processor. Other forms of smart cards are technically possible but not economically feasible at the present time. Indeed, the current interest in smart cards arises precisely because the micro-chip version has become cheap enough to permit mass distribution.

Smart cards can be used to hold any kind of information but their principal attraction is to serve as personal authorisation and recording devices in some transaction. Thus, smart cards could hold a person's medical records. The patient would present the card when visiting a medical facility. It would be "read" by the facilities terminal and then updated following the treatment of the holder.

It does not take much imagination to see the potential of smart cards to replace normal credit/debit cards. When used to store and process financial information the smart card is often referred to as an "electronic purse".

The "electronic purse"

The use of a smart card as an "electronic purse" is similar to the pre-paid card that is familiar to users of public transport systems or the student who uses pre-paid cards for photocopy operation in libraries. In this form the card is purchased from an "issuer" and is then used in authorised "terminals" until its value has expired. Upon its value being exhausted the card is normally either retained by the "issuer" or is disposed of by the holder.

The smart card can overcome some of the limitations of the more familiar prepaid card. Most importantly, the smart card can hold enough information so that the value of each transaction need not be the same. There is no technical obstacle to using the same smart card to acquire the morning newspaper in the morning and a four wheel drive vehicle in the afternoon.

Of course a credit card could theoretically be used for both transactions but the transaction cost of credit cards is too high to be acceptable for small purchases. The cost of the smart card transaction is substantially less. The card is inserted in the terminal, the amount of the transaction entered and value is transferred from the card to the terminal instantaneously. At the end of the day the merchant transfers the value from the terminal to the financial institution (perhaps using a smart card!).

The analogy with credit cards also highlights two factors that are relevant to the success of a smart card system. First, the card must be acceptable by a wide section of the merchant community. Secondly, it is probably desirable, although not necessary, if there is more than one smart card issuer.

These two different factors have been confused by the terminology of articles on smart cards. Authors speak of "open" and "closed" systems, but the terminology is far from standard. In some cases "open" appears to refer to a large merchant base, in other cases to the network of issuers.

Types of transfers permitted

Any electronic purse system must allow transfers from the card holder to the merchant and from the merchant to the card issuer. These transfers must be through special terminals that may be either "on line" or "off line" but the distinction is of no importance to the operation of the system.

It is also apparent that the smart card may be "rechargeable". If the system permits, the holder of the smart card could insert it in an appropriate terminal and order the transfer of funds from an account to the card. While this would usually be a transfer from the card holder's account there is no technical reason why it could not be from a third party account provided the appropriate authorisations had been given.

There is no technical obstacle to allowing card-to-card transfers.3 Such a system would allow parents to transfer relatively small sums from their card to a child's card for a weekly allowance. Another use would be to facilitate family budgeting where a separate card could be kept for, say, normal household expenses. There is some concern (see below) that card-to-card transfers could also be used for more sinister purposes.

Major issues

Smart cards, like any other new form of payment instrument, raise certain legal and regulatory issues. As with the introduction of electronic funds transfer (EFT) most of these can be seen in advance. As with the introduction of EFT we will probably not deal adequately with some of the issues until forced to do so. What follows is a brief discussion of the more important issues concerning the introduction of a smart card payment system.

Payment system confidence

First and foremost is that any system of smart card payments must maintain a very high standard of confidence in the payment system. The value stored on a smart card represents a liability of the issuer in favour of the card holder. There must be confidence that the liability can be met.

It was this concern that has led the Working Group on European Union Payment Systems to recommend that only "credit institutions", that is, those institutions that are supervised by central banks or other authorities, should be permitted to issue smart cards.4

The second aspect of payment system confidence is the integrity of the smart card itself. The possibility of an unauthorised person to alter the contents of the card introduces the spectre of counterfeiting into the system, but it is a spectre that is substantially more frightening than normal counterfeiting. It might be very difficult or impossible to detect the smart card counterfeiting particularly if card-to-card transactions are permitted.

Current security measures depend primarily on various encryption devices. In this context it is somewhat disconcerting to read that the "unbreakable" code intended to be used to transfer value via the Internet was broken by a young hacker.5

Some protection against counterfeiting may be obtained by operational means. It would be possible to introduce limits to the amounts that may be loaded on cards, or to limit the maximum size of individual payments. More controversial would be to monitor the activities of individual cards, a problem in privacy that is discussed below.

Replacement of currency

A licence to print money is a valuable item. In Australia the Reserve Bank issues notes and the Treasury issues coins. The value arises in the following way: a note or a coin represents a liability of the issuer, but it is a liability on which no interest is paid. On the other hand, the issuer obtains normal market interests on assets.

This difference, the interest free liability and the interest bearing security, is known as seigniorage and is a valuable source of earnings for governments. To the extent that smart cards replace currency, the benefits of seigniorage would be lost to the government and would accrue instead to the card issuer.

It is not too hard to imagine that the solution to this problem, if it is a problem, will take the form of a tax on the value of transactions.

Privacy

One of my favourite quotations is from Douglas J in the US Supreme Court:6

In a sense a person is defined by the checks he writes. By examining them, the agents get to know his doctors, lawyers, creditors, political allies, social connections, religious affiliations, educational interests, the papers and magazines he reads and so on ad infinitum.

There is no doubt that a complete "trail" of expenditures is one of the most powerful surveillance methods known.7 It is, no doubt, for this reason that various privacy interests are beginning to express concerns about the use of smart cards.

In my view this concern is justified but does not raise any new principles. The same concerns were expressed, again justifiably so, when EFT was introduced, and the above quotation shows that the same concerns are present with a more established payment system.

Money laundering

If cards do assume characteristics of currency then there is a need to deal with the problem of illicit transfers. If there is no limit on the amount that may be loaded on a smart card and if card-to-card transfers are permitted, then the card becomes much more attractive than currency as a means of moving "black" money.

Unfortunately, the solutions to the money laundering problem, limits on amounts,8 limits on the acceptable range of transfers, monitoring the movements on individual cards, all limit the attractiveness of the smart card as a general purpose "electronic purse".

Consumer protection

The consumer problems posed by smart cards are unlikely to be different in principle to those posed by EFT generally. What happens with lost cards? What happens when a transaction goes wrong in some way? How are costs and charges to be distributed among the players in a smart card system? And so on.

The EFT Code of Conduct provides a reasonably fair means of dealing with these problems where the transaction falls within the terms of the code. This is particularly true where the transaction is one which can then be referred to the Australian Banking Industry Ombudsman.

Do smart card transactions fall within the terms of the Code? The answer is: some will, and some will not. A transaction does not fall within the terms of the code unless initiated with a card and PIN. Some smart card transactions may require a PIN to complete,9 but many will not.

It would be nice to think that a "Smart Card Code of Conduct" could be agreed upon before the inevitable and predictable problems occur, but Australian history is not encouraging on this point. EFT card issuers refused to accept that there was any need for such a Code until such time as they were threatened with legislation. I expect that we will see a replay of that drama with smart cards.

As a simple example of the problem, consider the responsibilities for a lost card. On one view, it is the same as lost currency and the card holder should bear the loss of the stored value. On the other hand, it is easy to program a "lock" into the card so that it cannot be used without a key. Should issuer be required to issue cards that may be locked? Should the liabilities be different where there is a possibility of locking the card? These are problems which are entirely foreseeable and which could, and in my view should, be settled before they arise.

Alan L Tyree
Landerer Professor of Information Technology and Law
University of Sydney

1 In writing this paper I have drawn extensively upon a valuable report prepared by the Secretariat of the Australian Payments System Council, July 1995. Opinions expressed are my own and are not those of the report or of the Council.

2 As was demonstrated by the Nixon tapes.

3 The Mondex system permits card-to-card transfers using an "electronic wallet", a small terminal device which would accept the two cards and the instructions for making the transfer.

4 Report to the Council of the European Monetary Institute on Prepaid Cards by the Working Group on EU Payment Systems, May 1994.

5 The Netscape encryption system was broken; see the report in the Sydney Morning Herald, 22 August 1995.

6 California Bankers Association v Schultz 416 US 21 (1975) at 85.

7 For an entertaining, and frightening, example of what might be done, see Van Tassel, "Daily Surveillance Sheet from a Nationwide Databank" (1987) 24 Computers and People 31.

8 In an effort to combat money laundering the United States has recently ceased the issue of notes with a face value of more than $100: see Wenninger and Laster, "The Electronic Purse" in (1995) Current Issues in Economics and Finance 1.

9 One suggestion is that the card be programmed so that transactions for more than some threshold amount would require a PIN to complete.