Smart Cards Revisited

By Julie Monahan

Using smart cards to authenticate online transactions may give a lift to technology that has languished in the United States.

Smart cards are a force to be reckoned with in Europe and Asia, but they traditionally get about as much respect as comedian Rodney Dangerfield in the United States. Banks and credit card associations tried numerous experiments in the '90s to encourage consumers and retailers to use the special cards, which can carry a wealth of information in embedded memory chips.

Nothing seemed to work, not even a promotion tied to the 1996 Summer Olympics.

But the picture is brightening as the Internet presents new possibilities. American Express Co. made a big splash last year with the launch of its "Blue Card," a combination smart card/credit card that allows Amex customers to pay for their online purchases via card readers hooked up to their personal computers. The two major card associations, Visa International and MasterCard International, are also trying to spur growth in this area through pricing incentives.

Microsoft Corp., meanwhile, is integrating smart card technology into its electronic wallet and bill-pay projects. The Redmond, Wash.-based software giant has built support for smart cards into all of its Windows operating systems, giving software developers and smart card manufacturers a powerful platform on which to build smart card applications. Sun Microsystems has also introduced Java-based software for smart card applications.

Smart card proponents believe the Web will catapult the technology into mainstream use, and though this remains a minority viewpoint, the renewed momentum should encourage U.S. banks to reconsider their approach to this technology. Some players are beginning to realize that instead of trying to replicate the business model that worked elsewhere for smart cards, the better approach is to harness the functionality of the smart card for online commerce.

This is a sharp departure from practice in Europe and Asia. In those markets, banks use the embedded chips to store digital cash. How does it work? A bank will withdraw a requested amount of cash from a customer's checking account and place that value on the chip. The customer then uses the card to make purchases from retailers, whose reader devices extract the required transaction value and leave the customer with the balance.

The "stored value" approach to smart cards hasn't worked in the U.S., primarily because of the ubiquity of magnetic stripe cards. Consumers and merchants are generally quite happy with credit and debit cards that are accepted virtually everywhere. Merchants, particularly, balk at the high cost of converting their card-reading infrastructure to chip technology. Banks have therefore restricted their stored-value card pilot programs to a few controlled environments such as college campuses and military bases, where they've found little opportunity to expand smart card use into other financial relationships.

Amex's success with the Blue Card demonstrates that chip cards may work better in the online environment, where consumers worry more about security. The great advantage of smart cards over magnetic stripe cards is the ability of the chips to carry sophisticated digital certification codes. For this reason, many experts believe, the biggest opportunity for smart cards may not lie in the stored-value application, but rather in using the cards to authenticate online identities.

Authentication may prove even more helpful for businesses than consumers. As more companies migrate to the Internet, demand will increase for reliable security for high-value business-to-business transactions. Banks that offer smart cards for this task arguably can strengthen their customer relationships by providing enhanced security and easier access to password-protected sites and activities.

Wachovia Corp., for example, is considering offering authentication smart cards to corporate customers to facilitate safer "B2B" e-commerce transactions. "Smart cards are the only tool to provide that type of guarantee," says Joy Marshall, senior vice president and group executive of e-business frontiers at Wachovia's headquarters in Winston-Salem, N.C. "Smart cards will also provide greater security for cash management on the Internet and, longer term, for securing transactions over wireless devices."

Bankers have been disappointed so many times in their interactions with smart cards that they can be forgiven for being a bit skeptical. But the time for reconsidering this technology has clearly arrived. New Orleans-based Hibernia Corp., for example, is sponsoring a pilot program among its own employees to study the utility of smart cards for online banking and e-commerce. Other banks are pondering whether to offer smart cards to retail customers, or business customers, or both.

"No one knows which new online applications ultimately will win, so banks need to be active in trying different options for different customers," says Catherine Allen, chief executive officer of the Banking Industry Technology Secretariat, a Washington, D.C.-based industry group that works on technology issues.

Blue's Debut

To be sure, smart cards still face an uphill battle in the U.S. market. The world's leading manufacturer of smart cards, Gemplus, a French company with U.S. operations in Bethesda, Md., recently estimated that the U.S. accounts for only 3% of the $2.5 billion global market for chip cards. Some of the continuing reticence in this country can be attributed to the perceived failures of stored-value ventures at the Atlanta Olympics and in New York City.

Citicorp spent $45 million and Chase Manhattan Corp. $35 million on the well-publicized New York experiment in 1997, for example, but found little enthusiasm among consumers or retailers. "Those banks got a bum rap," Allen asserts. "They did a pilot program not because they were sure that smart cards would immediately achieve fantastic success, but to learn how merchants and customers would interact with this technology. Unfortunately, they were penalized in the court of public opinion just for trying."

The uncertainties still linger. In January, First Union Corp. withdrew from a U.S. Treasury project that provided stored-value cards at two Army bases. Elsewhere, a recent Microsoft presentation of its Windows for Smart Cards product attracted executives from 150 companies around the world, but only two banks – Wells Fargo & Co. and Huntington Bancshares Inc. Smart cards seemed like a losing proposition in the U.S., in fact, until Amex introduced its Blue Card last year.

The hybrid Blue Card contains both a chip and a magnetic stripe, so it can be used as either a smart card or a traditional revolving credit card. The chip application incorporates a digital certificate that allows Amex customers to authenticate their online transactions with retailers hooked up to Amex's Web servers. The only piece of equipment customers need is an inexpensive card reader device linked to their PCs. Amex provided the readers for free in the first month of the card's introduction.

"The Blue Card has really rocked the industry," says Theodore Iacobuzio, senior analyst at TowerGroup Inc., Needham, Mass. "It brought the chip to the forefront, put American Express in a leadership position and linked smart cards to the Internet."

Iacobuzio, who specializes in credit card research, says the Blue Card's great achievement was circumventing the merchant interface required for most other smart card applications. Merchants have historically avoided smart cards because of the cost of replacing or upgrading their card-reading infrastructure. A recent study by TowerGroup, for example, predicts merchants will bear most of the cost of rolling out smart cards over the next decade. The Blue Card program, however, does not require major investments by online merchants, who communicate with customers through an Amex server.

New York-based Amex hasn't officially revealed how many Blue Cards are now in circulation, but industry sources peg the number at over two million. Amex has acknowledged that orders came in so fast that it had a hard time keeping up with demand. Charles Cagliostro, chairman of the Smart Card Industry Association, a Lawrenceville, N.J.-based trade group, recently predicted in a SCIA newsletter that "the day is not far off when every PC will be shipped with a smart card reader."

But some of this optimism may be premature. Amex itself says the revolving credit function of the Blue Card is more important than the chip functionality. The card's features – notably, a 0% introductory rate on purchases, rising to only 9.9% after six months –probably would have made it attractive even without the embedded chip. Offering the $25 card reader for free also helped. And the launch was enhanced by a $45 million advertising campaign that successfully positioned the card as a "cool" or "hip" product. "Blue has less to do with smart cards and more to do with the perception of being high-tech," says Duncan Brown, director of research at Ovum, Inc., a consulting firm in Burlington, Mass.

Still, some experts regard the apparently successful Blue Card launch as an impetus to reconsider smart cards. If consumers and/or businesses gravitate to smart cards in their search for secure Internet transactions, these experts say, the technology will gain a significant new lease on life. Indeed, Gemplus projects that the U.S. share of the worldwide smart card market will rise eightfold to 25% by 2003, largely on the strength of the Internet security application.

"The real value of a chip card is to secure PC-based transactions," says William M. Randle, an executive vice president at Columbus, Ohio-based Huntington. "That is where we can create end-to-end security for e-commerce and where the smart card has its greatest and most significant opportunity." Randle, who predicts smart cards will gain widespread usage in this country by 2005, says Internet security fears will only grow in relation to the number of users. "There's a cloud of concern hanging over personal access to the Internet. But using smart cards can be more foolproof than walking into one of our branches."

Bill Gates is clearly a believer in the security benefits of smart cards. During a technology conference in May, the Microsoft chairman said the use of passwords constitutes the weakest link in e-commerce security and predicted that smart cards would become the preferred method for corporate users to authenticate themselves to the network. Several pilot programs involving Microsoft's Windows for Smart Cards are currently underway.

Top-Down Maneuver

Security functions alone may not do the trick for smart cards, however, since existing technologies can provide similar safeguards for traditional credit cards. Password management software helps protect passwords, for example, while encryption software secures sensitive data. Also, $50 liability limits protect credit card users online just as in the physical world. "No consumer has ever asked for a chip card," says TowerGroup's Iacobuzio, who contends the push for smart cards is "a top-down maneuver" driven by the financial services industry.

Financial institutions like smart cards because they are considered less susceptible to fraud. Features can also be updated without having to re-issue plastic. For those reasons, both Visa and MasterCard have put their muscle behind smart cards. The associations are offering pricing incentives to banks that convert their card portfolios from magnetic stripe to embedded chip technology.

To attract more widespread consumer interest, however, smart cards will have to deliver additional benefits. Mike Dusche, product manager for Microsoft's Windows for Smart Cards, likens the smart card to an "offline portal" for its ability to bring many services under one umbrella. Like online portals, smart cards could potentially serve as the primary tool customers use to access a range of services, including getting prescriptions filled, paying bills, accessing accounts, storing loyalty points or checking e-mail or phone messages from remote PCs or pagers. Amex, in fact, has announced plans to add loyalty programs and travel and entertainment services to its Blue Card.

"You need many applications for the smart card to be useful to the consumer," says Matt Cone, chief marketing officer at Corillian Corp., an online banking vendor based in Beaverton, Ore. In Cone's view, the value of smart cards lies less in the PC application and more in remote usage, such as at pay phones or a doctor's office. "There's value if you can walk up to any pay phone and not have to type in lots of numbers, or go to a doctor and not have to fill out lengthy forms," Cone says.

Such applications could provide issuers with a valuable new source of revenue. And even after storing digital signatures or biometric data, the powerful chip-embedded card has plenty of processing and storage capacity to spare. Issuers could conceivably "rent" that space to third-party companies.

But inviting other businesses to share space on a bank smart card is more complex than inserting a statement stuffer about third-party insurance coverage. The card's ability to facilitate transactions more closely links the issuer to the quality of service delivered. Banks must pick their partners carefully and clarify which kinds of services their customers really want. Storing medical data next to financial accounts, for example, raises the dreaded privacy issue. What customer would feel comfortable giving a loan officer access to a smart card containing medical history?

Smart card partners must also resolve liability issues if a card malfunctions on one application but not another. Consumer sensitivities about the kinds of information stored on their cards will likely rule out the prospect of a single, universal smart card, according to Gilles Lisimaque, chief technology officer at Gemplus. Instead, Lisimaque envisions smart card deployment being distilled down to two or three major categories such as financial, corporate and medical, each with varying secondary applications such as loyalty programs. "People are too nervous to have everything on the same card," he says.

Business Case

Skeptics say American consumers have good reasons for resisting smart cards. Cheap and efficient telecommunications in this country have produced a near-universal acceptance of credit cards by merchants, who can quickly get their transactions reconciled. Since consumers can use their old-fashioned credit and debit cards virtually everywhere, what incentive do they have to embrace new smart cards, except possibly for online purchases? And even in the online world, how many people will be willing to spend $25 or so for a card reader device?

For that reason, many experts believe the real opportunity for smart cards lies in business-to-business transactions, particularly B2B e-commerce. Companies, after all, can easily justify the cost of smart card readers if they gain enhanced security in return. The key to winning the B2B market, then, is identification authentication rather than stored value. And that provides an opportunity for banks, which can offer a branded product that inspires trust. "It's conceivable that banks will be the trusted third parties for both financial and nonfinancial transactions on the Web," says Ovum's Brown.

Some bankers are excited about this opportunity. "We have a new environment and a need for new solutions. It takes a lot to understand this technology and get the power out of it," says Bette Wasserman, smart card project manager in the Los Angeles offices of Bank of America Corp. Wasserman, however, declines to reveal Bank of America's specific plans in this area.

Wachovia, in a multi-pronged approach to smart cards, is investigating both stored value and digital identities, the latter being of particular importance to the bank's aggressive B2B e-commerce strategy. Wachovia currently is working with Clarus Corp., a Suwanee, Ga.-based vendor, to deliver e-commerce procurement applications to its business customers. Marshall says smart cards provide corporate customers with a reliable method of approving large Internet transactions with important trading partners.

These possibilities are pushing more banks to take another look at smart cards. But instead of embarking on expensive public experiments, they're doing it quietly, in-house. Hibernia, for example, recently joined with Corillian to test a Windows for Smart Cards-based product. Hibernia will equip its own customer service representatives with smart cards and portable readers later this year. The reps will be able to access their personal online banking accounts from either the office or at home. If the experiment is deemed successful, the bank may offer the product to its customers.

Thad Hymel, Hibernia's vice president of Web-based solutions, contends that smart cards can help traditional financial institutions maintain control of the payments system as more transactions migrate online. The cards also meet customer demands for convenience and secure access, he says, and thereby help reduce customer defections to other types of financial services providers.

That still leaves the future of smart cards heavily in the realm of the conjectural – but not so much that U.S. players can safely ignore the technology. Financial services providers are talking once again about the potential of the chip-embedded cards, and there is growing sentiment that players who can successfully adapt its functionality to the demands of the U.S. online market stand to capture some substantial rewards. Says Wachovia's Marshall: "This is a big year for smart cards."

Ms. Monahan is a freelance writer based in Seattle.

Copyright © 2003 by Banking Strategies, published by BAI.

back to top