APPENDIX 4
SMART
CARDS, E-CASH AND THE CASHLESS SOCIETY
The
following news story appeared in Wired News on 26
March 1997 about C-SET or "chip secured
electronic transactions. This article is of
interest in view of the foregoing comments contained
in Appendix 1 & 2 regarding the plans to convert
to a cashless society. Note the application of
this technology for tax collection and as a secure
means of card holder "identification." |
France
Adopts E-Commerce Security Protocol
by
Jerome Thorel
5:06
a.m. Mar. 26, 1997 PST
France
is adopting a protocol for secure electronic payments that
will make the nation's banks the "trusted
third parties" that hold encrypted information about
online buyers - and the repository of personal information to
be made available to police pursuing criminal investigations.
The French protocol, known as chip-secured electronic
transaction, or C-SET, will also tie into Europe's
"smart" credit-card system that allows for more
reliable identification of card users than the signature
method employed in the United States.
The European Commission has also agreed to test the system
as a possible future standard, and Europe's major economic
powers, including Germany and the United Kingdom, also intend
to test it.
French security officials agreed earlier this month to
accept C-SET because it is compatible with future
trusted-third-party systems, dedicated to assuring national
governments that all encrypted communications will be
key-escrowed.
In France and other European countries, credit cards are
"smartcards." Embedded with microchips, smartcards
are a more secure way to authenticate - and identify - the
buyer than a handwritten signature. The French Groupement
des Cartes Bancaires "CB", a consortium of more
than 200 French banks, was not fully satisfied by the US
security standard, which relies solely on software and
certificates stored on a user's hard drive.
C-SET adds a hardware component outside the user's
computer: a US$100 numeric pad that an online buyer must use
to key in a personal identification number as part of every
purchase. Online accounts used in C-SET would be tied to the
smart credit-cards issued by banks.
Online transactions will take place on a server owned by
the card-issuing bank. The same bank plays the role of the
trusted third party that will hold the encryption key that can
be used to unlock the user's transaction records.
Under the French proposal, the banks will have to keep
records of all transactional data for law-enforcement
purposes.
Claude Meggle, director of security for the French banking
consortium, said the PIN-pad-based identification system could
also be used as a way to identify users who send encrypted
messages in private communications. The trusted third parties
will have to keep a record of connections - as all banks are
doing today to officially fight fraud - and give a user's
private key to police authorities if called upon to do so.
Meggle also noted that C-SET will give the authorities a
means to levy taxes on online transactions.
"The French Finance Ministry has not yet decided to
apply taxes and duties for online transactions, but C-SET is
an adequate system for that," Meggle said.
Next
Page
Hit back button on your browser to return to previous page