Smart-Card Technology May Have a Smarter Rival

NYCE plans to use less-costly teller machine specification, networks

A new software specification promises to save banks months of time that would otherwise be spent reconfiguring their Web servers and databases to handle online payments.

NYCE Corp. is gearing up to launch the technology for secure online shopping, claiming that it will compete strongly against smart cards because it will use automated teller machine (ATM) networks, is cheaper for merchants and doesn't require member banks to install any software.

The Woodcliff, N.J.-based electronic-payments network company plans to offer its SafeDebit cards to its more than 2,300 member banks, credit unions and other financial institutions this fall.

The technology allows an online shopper to use a mini-CD that works on a standard CD-ROM drive to authenticate a purchase on a merchant's Web site.

Merchants can either code their own software or hire merchant payment software developers to do it for them in order to conduct the SafeDebit transactions.

"What we did was take the ATM infrastructure and plant it on the Internet, but at the same time, we highly encrypted the [personal identification number]," said Jehan Humayun, strategic analysis manager at NYCE, which provides ATM and other financial services to Northeast financial institutions that represent approximately 45 million cardholders.

SafeDebit technology works by using a system that requires two tokens: a CD, and a password or personal identification number \ (PIN).

When an online shopper is ready to pay for merchandise, he clicks on a SafeDebit icon that prompts him to place the CD in the computer's drive. An applet then asks for the user's PIN.

The merchant then retrieves the encrypted data on the card, and the entire transaction goes to the payment processor, which routes it through the debit card network to the issuing bank.

The bank then approves or denies the purchase, based on the cardholder's account balance, and sends that authorization back to the merchant through the same ATM network.

"We wanted zero to minimum infrastructure changes for banks," said Humayun. "We wanted them to use legacy platforms. All the changes needed to support this transaction are being supported by payment or ATM processors that are already familiar with the technology."

A test transaction routed over a T1 line through three continents took less than 10 seconds, Humayun added.

Setting New Standards

Earlier this month, Foster City, Calif.-based Visa International Inc. went public with its new technical specification to support payment authentication services for online credit card transactions worldwide.

Visa International's new 3-D Secure 1.0 allows Visa cardholders to make secure online purchases using digital certificate technology, but the service requires both banks and merchants to install software.

For Fleet Credit Card Services in Horsham, Pa., installing Visa's payment specification was an eight-month process that included adding Web servers both on-site and off-site for redundancy and backup capability. For merchants, the installation generally takes less than three weeks, according to Visa.

MasterCard International Inc. and American Express Co. have each released silicon-chip-embedded smart-card technology that can encrypt online transaction data but requires that the consumer and the merchant install a special card reader.

Ken Kerr, an analyst at Gartner Inc. in Stamford, Conn., said the most limiting factor with SafeDebit is that it's designed for Internet purchases only. To shop at brick-and-mortar stores, you need a debit card, "whereas a smart card can be used for Internet [shopping] and, eventually, for in-store purchases," Kerr said.

Copyright © 2001 IDG Communications, Inc.

Shop Tech Products at Amazon