Europeans Take the Plunge With Multiuse ‘Smart Cards’

Europeans, taking a pioneering step in this increasingly networked world, are on the verge of spending billions to put computing power in their wallets.

“Smart cards”--microprocessors embedded in plastic--are being programmed to pay bus and rail fares, buy groceries, let the pharmacist fill a prescription and record a life’s medical history.

Millions of Europeans will be using smart cards instead of cash by the end of 1996. Doctors’ offices, transit authorities, hospitals and motor vehicle agencies are likely to adopt the technology on a large scale.

Europe leads the world in developing this technology.

Already, nearly 1 million chip-based cash-replacement cards are in use from Spain to Denmark. Consumers load them with value at bank automated teller machines. Merchants subtract it.

But as developers get closer to putting a smart card in every pocket, they are discovering that loading chip cards with everything from cash value to vital statistics could open a Pandora’s box.

“Yes, the technology is beautiful, but applying it is not all that simple,” said Stefan Kissinger, a Berlin consultant developing multiuse smart cards for major German banks, retailers and public transit agencies. Thorny issues of privacy, security and authentication must be addressed.

The technology keeps advancing. For five years now, every credit card in France has carried a silicon chip. Replacing less secure magnetic stripes for authentication purposes, the chips have cut fraud losses by more than 70%.

Impressed by this success, the credit card giants Europay, MasterCard and Visa agreed in 1993 on a global standard for putting chips on all credit cards. Their goal: to phase out the magnetic stripe as soon after the millennium as possible.

Across Europe, telephone cards with simple memory chips have been in use for nearly a decade. But hackers in Germany, Sweden and the Netherlands have counterfeited such cards with relative ease.

Smart cards, by contrast, carry fingernail-sized microprocessors that can converse with other machines and use software coding to make transactions secure. The microchips now being used hold at least 80 times more information than magnetic stripes and can be divided into fields that perform different functions.

The first mass implementation began Nov. 1 as Europay-Austria started replacing all 2.4 million of its Eurocheque cards with hybrid cards that will have both magnetic stripes and chips.

By mid-1997, every Eurocheque card regardless of country will bear a chip, said Richard Phillimore, a senior manager at Belgium-based Europay, the continent’s largest credit card company.

“It’s a mammoth undertaking. You have to replace all the terminals. It’s going to cost billions of dollars,” he said. “But there is a positive business case.” For starters, phone calls to verify cards will end.

In Lisbon and Oporto, the Portuguese have been using stored-value cards since March 1995 at the newsstand, market, bus and metro stations and for paying those cab drivers who never seem to have correct change.

The Danes have been using stored-value cards since 1992 in shops, parking meters, self-service laundries and pay phones. Their technology has been licensed by Visa, which is teaming with banks to issue 1 million stored-value cards in denominations up to $100 at next year’s Summer Olympics in Atlanta.

They’ll be good for a constellation of services from fast-food restaurants to buses. Visa estimates that the global market for stored-value cards--purchases of under $10--is $620 billion a year.

Smart cards have already been deployed on a number of U.S. college campuses for uses ranging from identification to meal payment. And they have been tested from Germany to Japan in road toll collections that don’t slow traffic.

Versatility will improve as chip designers concentrate more computing power in smaller, cheaper microprocessors. And companies including Europay plan to adapt their cards for use on the global Internet.

In the English town of Swindon, 6,000 people have been paying local merchants since July 1995 with a most sophisticated breed of chip card: Mondex.

The system, created by National Westminster and Midland banks, is the one most apt to be adopted on a large scale, with pilot projects planned across Canada and for San Francisco this year in cooperation with Wells Fargo Bank.

With Mondex, users can transfer electronic cash not just to merchants but among themselves with electronic wallets that resemble calculators. Eventually, money could be just a phone call away. Mondex users recently became able to download value directly onto their cards via public phones.

None of Europe’s chip-card systems are compatible, however. Europeans will want cards they can use across borders.

Ulrich Lange, a telecommunications professor at Berlin’s Free University, said a major hurdle to smart cards’ success will be getting the various players--banks, mail-order companies, department stores and phone companies--to cooperate on sharing a single card.

“Everyone’s going to want to have their name on it,” he said.

Other problems loom.

The card systems will have to be protected from hackers. Mondex, which has refused to disclose its security precautions, plans to change software every two years to stay ahead of computer whizzes trying to crack its code.

It also has been targeted by Privacy International, a citizens rights group that filed a consumer complaint charging false advertising because Mondex bills itself as “just like cash” but has features allowing banks to track where it has been used.

Recently, U.S. researchers have reported that electronic means of dealing with cash are not 100% secure. The persistent electronic thief can find a way to crack security codes--although none are believed have done so. Those security methods that erect barriers by scrambling messages can be unscrambled by using computers to speed through the multitude of possibilities.

So it seems that not even that defense, called public key encryption, is invulnerable.

Encryption got its first wide use during World War II when messages were coded to protect them from being read by the enemy. But codes were frequently cracked until the 1970s invention of public-key cryptography.

Public-key cryptography is supposed to permit the computer to ensure that the person or machine with whom it is communicating is not a poseur.

It relies on mathematical algorithms that serve as the “keys” to unlock information for exchange. It was assumed that it would take massive computing power--supercomputers grinding numbers for years--to break open the keys currently being used in the most trusted public-key cryptography systems. But now researchers have found otherwise.

Then there is authentication.

In Germany, 72 million people were issued chip-based medical insurance identification cards in the last year, which helped speed bill-processing and record-keeping.

But many of the cards lack an authentication feature. That means health-care providers can’t verify that the person presenting the card is truly its owner.

“These are very serious questions, and often these questions are not discussed,” said Bruno Struif, director of chip card development at the National Research Center for Information Technology in Darmstadt.

Struif supervises research on a digital driver’s license, a medical prescription card and a chip card containing a person’s medical history--invaluable in hospital emergency rooms.

He believes smart cards will be ubiquitous in Germany by the year 2005 but is struggling with such issues as how many uses a single card should have and who is responsible if it is lost or damaged.

What happens when your multi-function smart card goes through the wash?

Not a major problem if the card contains $20 worth of bits. But what if it is an all-in-one bank card, driver’s license, pharmacy card, library card and bus pass?

In that case, all the information on a chip card would need to be recorded somewhere, just as people back up files on their personal computers.