e-purse_en

Rue de la Loi 200, B-1049 Bruxelles - Belgique - Bureau: C107 04/22.Téléphone : ligne directe (+32-2)295.32.19 , standard 299.11.11. Télécopieur : 295.07.50.Télex : COMEU B 21877. Adresse télégraphique : COMEUR Bruxelles.

Internet: [email protected]

THE EUROPEAN COMMISSIONDG Internal market

Financial servicesRetail issues and payment systems

24th April 2001MARKT/174/2000revised version

Payment by e-purse over the Internet

Second Sub-group meeting of the PSTDG and PSULG

held on 9 October 2000

WORKING DOCUMENT

Payment with e-purse over the Internet 2

OBJECTIVE OF THE MEETING

The objective was to take stock of the situation in the European Union with regard to thedevelopment of e-purses, to deal with the issues of interoperability and to consider if thereis a future for e-purse payments over the Internet.

A questionnaire was sent to each e-purse operator; their full answers and a summary areannexed to this document.

This working document deals with the following subjects :

• 1. e-purse over the Internet: how does it work ?

- description of a payment transaction by e-purse - Description of a load architecture - need for a standard reader

2. The pros and cons of payment with e-purse over the Internet

3. The Common Electronic Purse Specifications CEPS standard - the main characteristics of CEPS - CEPS is composed of 3 levels of specifications - security of e-purse payments in CEPS

4. Interoperability of e-purses - The Smartaxis solution - Presentation of the first CEPS pilot project - Interoperability of e-purses: discussion

5. Conclusions


1. E-PURSE OVER THE INTERNET: HOW DOES IT WORK ?

The example of the Proton e-purse operating architecture (see diagram below), presentedby Mr Bernard Van der Lande (Banksys), is fairly representative of how e-purses workover the Internet.

The merchant must first have subscribed to the Proton acceptance service with a paymentserver. The payment server holds the security module specific to the merchant (PSAM=Payment Security Access Module1).

Description of the payment transaction by e-purse:

1. Once a customer agrees to make an e-purse payment, he clicks on the screen toindicate that he chooses this means of payment. The merchant web requires the customerto introduce his e-purse card into his card reader.

2. The merchant sends the transaction details and the details of the e-purse used, which hehas received from the customer's computer, to the payment server.

1 The PSAM (Payment Security Access Module) is a micro smart card located in the merchant's terminalor a payment server. The PSAM receives the electronic money which comes from an e-purse when apayment transaction takes place.


3. The server analyses the data, authenticates the e-purse and calculates the datanecessary to debit the card.

4. The server sends these data to the card, the card reader requires the customer tovalidate the payment by pressing the OK button of the card reader. Then the e-purse isdebited of the electronic money amount. An e-purse debit statement (debit proof) and acertificate authenticating the debit are then forwarded to the merchant's PSAM.

5. On receipt of these data, the merchant's PSAM is credited with the electronic moneyby the payment server. The transaction enabling the merchant's account to be creditedcan then be generated and collected by the bank.

The card is debited before the PSAM is credited. The card has authenticated the PSAMand vice versa. This mutual authentication contributes to the high level of security of the e-purse.

Proton load architecture

The load procedure is similar to the converse payment procedure. The holder of the e-purse is connected to a load gateway, which is itself connected to a bank server(Banksys). The e-purse and the gateway mutually authenticate each other. The loadgateway transfers e-money onto the e-purse.

Need for a standard reader


Until now the readers used for payment by e-purse over the Internet have been developedaccording to different proprietary standards (the Proton C-ZAM/PC, Cybercom, etc.),i.e. they are not compatible. The purpose of the FINREAD (Financial transactionIntegrated Circuit card reader) project, financed by the Commission (ISIS InformationSociety Initiative in Standardisation programme), is to find a solution for the compatibilityby providing the specifications for a universal smart card reader for banking applications(home banking) and electronic commerce and in particular payment applications bydebit/credit card or e-purse.

2. THE PROS AND CONS OF PAYMENT WITH E-PURSE OVER THE INTERNET

ADVANTAGES

• Payment of small amounts: an e-purse allows to make payments of small amountsand micropayments (cents of euro) over the Internet. Increasingly, firms doing businessover the Internet will charge for access to their site content, whether this takes the formof information, games, digital goods or music. The debit or credit payment card is notsuited to this type of purchase, because their processing costs for small amounts aretoo high. As an e-purse is a prepaid instrument, e-purse payments are not processedby the issuing bank to deliver a cardholder statement as is the case for payment cards.

The load capacity of the analysed e-purses ranges from €90 to €200 (see answers tothe questionnaire). In most cases, the payment is limited by the maximum capacity of thee-purse. If e-purses were developed on a large scale they could cover many of thepurchases made over the Internet.

• Security: the presentations made at the meeting (see sections below) and theanswers to the questionnaire demonstrated that, unlike the payment card, payments bye-purse over the Internet offer a high level of security. This security is based on the useof the smart card and the process of mutual authentication: the merchant's terminalauthenticates the card, the card authenticates the terminal. The payment transaction ismade through an exchange between the chip of the e-purse card and the chip of themerchant terminal PSAM. The use of cryptography during the process offers the highlevel of security of e-purse transactions.

Although it is not the merchant who is authenticated but his terminal, more precisely hisPSAM, security is unquestionable. Without a PSAM the terminal cannot accept e-purses. In order to obtain a PSAM, the merchant must have signed an e-purseacceptance contract with an acquiring bank which will then deliver the PSAM.

This level of security is valid for existing proprietary e-purses, it will be the same for e-purses developped under the new standard CEPS (Common Electronic Pursespecifications). This standard (see paragraph 3 below) has, moreover, been designedwith the idea of using e-purse over the Internet.

An e-purse may therefore be preferred by people who are reluctant to give theirpayment card number for fear of the risks of fraud.


As regards the load for which the confidential code (PIN - Personal IdentificationNumber) is required, the level of security is also identical in both worlds, virtual andreal.

• Anonymity:Because the e-purse is a preloaded instrument, there is no trace of the paymenttransaction on a holder’s statement. Once e-purse has been debited and themerchant's PSAM has been credited, the transaction is settled between the issuer ofthe electronic money and the merchant's bank. In this settlement process, the onlyelement of authentication used is the card number. Only the e-purse card issuer cansay, after searching in his database to whom the e-purse belongs and this is done onlyin very exceptional and predefined cases, e.g. if there is suspicion that a card containsfalse electronic money or the police wants to investigate the cardholder's identity.

That identity cannot be traced unless the e-purse is located on an account-linked card,e.g. in the case of Bancontact debit cards in Belgium.It may be argued that there is no real anonymity, since unlike with cash, it is possible tofind who made a payment. However, if it is possible to obtain the name of the owner ofthe card, it is not possible to prove who made the payment because unlike in the caseof payment cards there is no ticket with a signature or PIN certificate.

An e-purse is really anonymous when it is not linked to an account, in that case there isno possibility of knowing who has used it and to whom it belongs.

Anonymity is an advantage for payments over the Internet.There are situations where somebody does not want others to know what he hasbought. It happens quite often that a transaction carried out by payment card ischallenged simply because the cardholder did not wish to admit that he carried out thetransaction. With the e-purse, this cannot happen. There cannot be bad faith claim.

• The use of an e-purse is easy. To pay on the Internet with an e-purse requires onlyto introduce the card into a reader and to press the OK button in order to validate thepayment. There is no need to enter a card number or to type a PIN. The PIN is onlyrequired for loading e-money on the purse.

• An e-purse allows people who have no other electronic payment meansto make payments over the Internet. It may also be a way to limit theexpenditure.

Minors do not have a payment card. If their parents give them a loaded e-purse, theymay limit and monitor their expenditure while allowing them a certain freedom to spendmoney.

The same applies to people who do not own a payment card, either because they arereluctant to use one or because they cannot afford one. With an e-purse there is no riskof an overdraft.


• The merchant is guaranteed for the payment:Unlike with payment cards, payments by e-purse over the Internet are guaranteed.Because of the anonymity of the payment and the technical impossibility of "recrediting"the e-purse with electronic money, there is no refund system or procedure similar topayment card "chargeback". Where there is a dispute concerning the goods purchased,the customer has to take this up with the merchant. This represents an advantage forthe merchant because the customer cannot repudiate the payment.

• "Purse to purse" over the Internet:In the real world, some public authorities are opposed to transfers of electronic moneyfrom one purse to another, also called “purse to purse”. This is because suchexchanges are not "traceable" and may facilitate money laundering or the circulation ofcounterfeit electronic money. Several Central Banks (bank of England, Banque deFrance, Irland) have agreed purse to purse transfers with the Mondex e-purse.In the virtual world, this is different, since the transaction between two e-purses wouldpass through the issuer. Existing load procedures could be used to load the e-purse ofthe payee. This type of “person to person” transfer could be a cheap, rapid and safealternative to low-value cross-border transfers. It goes without saying that thispresupposses that e-purses are interoperable cross-border.

DISADVANTAGES

• With e-purse, there is no process for identifying the cardholder (which permitsanonymity, see above). As a result, a lost or stolen e-purse can be used by a thirdparty in the virtual world for the remaining e-money (no use of the PIN code forpayment), just as it can in the real world for notes and coins present in the purse whenit was lost or stolen. E-purses cannot be blocked at a distance for payment. Afraudster will only be able to empty the e-purse of the amount of e-money it containsbut he will not be able to reload it (unless he has obtained the PIN).

• E-purse cannot be used on-line when, as in Belgium, payment on delivery is desired.

• Payment with e-purse over the Internet is not widespread: today, e-purse is notyet a serious proposition for paying over the Internet. E-purse operators haveconcentrated on domestic developments in the real world. The cross-border usenecessary for payment over the Internet will come about only through the use of acommon standard.

• Cross-border use: The e-purses which exist in Europe are not interoperable, exceptfor the Mondex e-purse for which all services available in one country are alsoavailable between two countries participating in the Mondex system.


As regards the other systems, even when e-purses are based on the same technology(e.g. Proton in Belgium and Chipknip in the Netherlands), there is no interoperability(no sharing of masterkeys).

3. THE CEPS (COMMON ELECTRONIC PURSE SPECIFICATIONS) STANDARD

This standard, developed by the payment systems industry, will eventually be adopted bymost e-purse operators.

CEPS has taken into account the shortcomings identified in the EMV (EuropayMasterCard Visa) standard, developed for debit/credit applications rather than for face-to-face payment, for instance there is no mutual authentication between the card and themerchant's system.

Moreover, CEPS has been designed with the idea of on-line use of the e-purse; this wasnot the case for EMV, hence the need to develop security protocols such as SET (SecureElectronic Transactions).

The main characteristics of CEPS

Mr Peter Van Nauw (Proton World) when making his contribution on the first CEPS pilotscheme, presented the following main functions:

(a) Loading

• In Europe, most of the e-purse cards are linked to a funding account which isdebited by the issuer when loading.

• Unlinked loads (typical in US) are also possible, in that case the load is madeby using a separate debit/credit card or cash.

• It is possible to load a CEPS e-purse while travelling abroad at foreign/othernetwork load terminals.

• E –purses can be loaded via Internet and through home banking procedures.

(b) Multi-currency function

• The issuer of the e-purse can define one or more currencies to be used. To onecurrency corresponds one purse-slot in the smart card.A typical e-purse would have one fixed domestic currency slot and a number ofexchangeable foreign currency slots.

• The currency of a slot can be changed in function of the country visited bycardholder.

• Foreign currency can be loaded (exchanged) at home on the cardholder’sdomestic network or abroad on a foreign network load terminal.

(c) Purchase


• It is possible to make incremental purchases (payphones, copy machines), thatis to say payments for which the amount is unknown at the beginning of thetransaction.

• The last payment can be cancelled e.g. when a vending machine does notdeliver goods.

(d) Security requirements

• CEPS provides a high security level :

– Transactions are fully accountable and traceable (no purse-to pursetransactions).

– The purchase transactions (off-line) are made using mutual authenticationbetween the card and the terminal as well as using public key cryptography(active RSA*).

– The global key management is based on a hierarchy of certificationauthorities. It is provided by the global schemes.

• The load transactions (on-line) use symmetric cryptography

CEPS is composed of 3 levels of specifications:

• level 1 is common to all schemes

– card - terminal interface

– basic security requirements and data elements

Level 1 specifications are the minimum specifications to respect for an e-purse to beCEPS compliant. Level 1 is not enough to be interoperable.

• level 2 is specific to a scheme, e.g. Visacash, Clip

– risk and key management

– settlement rules

This level of specification allows an e-purse to be interoperable within a scheme i.e.the e-purse can be accepted on terminals of the scheme.

• level 3 is a specific implementation e.g. the Proton World implementation.

Timing of the issuance of CEPS specifications:

• level 1 specs: published in March 1999

• level 2 specs:

– Visacash: available since May 1999

– Clip: draft available June 1999

* RSA (Rivest Shamir Adleman) Cryptographic algorithm invented in 1977 by Ron Rivest, Adi Shamirand Leonard Adleman


Security of e-purse payments in CEPS

The diagram below presented by Patrick Smet (Europay International) shows the securityexchanges carried out during a CEPS payment transaction.

When CEPS e-purse is used for a payment transaction, the terminal is always master, thecard is slave, i.e. all it does is execute the instructions sent by the merchant's paymentterminal (or payment server in the Proton case presented earlier). In other words, theterminal tells the card to debit a given amount of electronic money while making sure themerchant terminal is a valid one and then to send the proof the transaction took place.

Description of the diagram

1-Preparation of the payment transactionThe initial data exchanged between the card and the payment terminal via the web arecertificates which contain the public keys (CEP PK and PSAM PK).

The terminal sends the acquirer certificate and the PSAM certificate to the card whichvalidates the sequencing of the certificates and recovers the PSAM public key (PSAMPK). The terminal recovers the issuer and CEP card certificate. The PSAM validates thesequencing of the certificates and recovers the card public key (CEP PK). The paymenttransaction can take place, with each party having the public keys necessary toauthenticate the messages which the other party will send it.


2-The payment terminal sends the card the information necessary to debit the e-purse and proof of its authenticity.

The terminal will then send the transaction data (including the amount), which aresymbolised by an apple on the diagram, and a key which will serve solely for thistransaction. These two elements are signed by the PSAM private key and the digitalsignature is placed in a digital envelope (created by the PSAM with CEP PK) which canonly be opened by the card with its private key (CEP SK).

The card validates the digital signature contained in the envelope and recovers theelements of the transaction (apple + session key). The e-purse is then debited with thepayment amount in the electronic money. Along the way, the card has authenticated thepayment terminal.

3-The card sends the payment terminal the information necessary to credit thePSAM with electronic money and proof that the payment has been made.

The card generates the transaction certificate. This transaction certificate will serve asproof of transaction and payment guarantee. Only the e-purse issuer can check thiscertificate.The transaction certificate is then enciphered (= briefcase in the diagram) and aMessage Authentication Code is added (= medal in the diagram); both functions are donewith the session key. After receipt, the transaction certificate is authenticated anddeciphered by the PSAM, thus proving that the e-purse has really been debited. ThePSAM is then credited with the corresponding amount of electronic money.

4. INTEROPERABILITY OF E-PURSES

Solutions exist to the question of e-purses cross-border acceptance until CEPS becomesavailable; the Smartaxis solution, presented by Europay at the meeting, is one of them.

The smartaxis solution

Its features are the following:

– on the one hand, Smartaxis signs a merchant contract with one acquiring bank in eache-purse network in each country. Smartaxis is a standard merchant using eachdomestic protocol and working in the currency of the country;

– on the other hand, merchants on the web who are willing to accept the variousdomestic e-purses offered by Smartaxis conclude a contract with Smartaxis.Settlement between Smartaxis and Internet merchants is carried out by EuropayInternational who carries out the foreign exchange operations.

The merchant's site shows customers the logos of the e-purses accepted in payment onhis site.

This system is open to all domestic e-purses, and the latter can therefore be acceptedfor cross-border payments.

This type of solution is not universal and can only be considered as a mid-way stage tothe conversion of domestic e-purses to the CEPS standard.


Presentation of the first CEPS pilot

Peter Van Nauw of Proton presented the first CEPS pilot which will begin inJanuary 2001. It was announced at the ProtonWorld forum (September 12, 2000)

• The partners of the project are: Banksys (BE) - Interpay (ND)- 4B – Sermepa (ES) -Visa (Visa Cash) - Europay (CLIP) and Proton World.

• The objectives are to validate CEPS as a technology as well as marketing and businessaspects such as acceptance, branding, interchange fees, issuer/acquirer agreements,certification issues.It should also be able to confirm the credibility of CEPS.

The environment in which the trial is taking place is face to face i.e. traditional POSPoint of sale. Payments over the Internet will be handled in a next phase.

• Timing of the pilot :

– START: January 15, 2001

– Phase 1: several 100 cards (staff + friendly merchants)

– Phase 2: each participant selects a few 1000 card holders

For more information, see in annex 1 or web-site : http://www.protonworld.com

Interoperability of e-purses : discussion

From the discussion held during the meeting, it seems that an agreement exists among the e-purse experts present at that meeting that CEPS is the standard which would be adopted by themajority of e-purse operators for the new generation of their e-purse.

It is likely that e-purses migration to CEPS and payment cards migration to EMV will be donesimultaneously in order to optimise the investments required for a muti-application chip cardplatformv.

Considering that a 3 year period (card validity) is necessary to renew all cards, Banksysconsiders migration to be over in 2005 that is to say end of the pilot 2002 + 3 years.

v Other applications such as loyalty, PKI - e-commerce authentication will also be present on those multi-application smart cards.


5. CONCLUSIONS

The e-purse is a very suitable alternative instrument for micro-payments (cents of euro)and payments of small amounts over the Internet:

• If rolled-out on a large scale, the e-purse could be an economically viable instrumentallowing to make cheap payments.

• It enables people who do not have access to payment cards to pay on-line since theamount to be spent can be limited.

• The payment by e-purse is guaranteed and there is no risk of payment repudiation forthe merchant.

• Its high level of security and “anonymity” make the e-purse an alternative to paymentsby debit/credit card or credit transfers over the Internet.

• Experts present supported CEPS as the technical standard which would be adopted bythe majority of the industry in Europe, to allow interoperability.

• The e-purse will however not be an alternative to the payment card for makingpayments over the Internet, both domestically and across borders, as long as the CEPSstandard is not widely used; this cannot be envisaged before 2005.

The Commission notes with regret that there will be no cross-border interoperablee-purse, in euro on a large scale in 2002, at the time of the introduction of euronotes and coins.


Brussels, Paris and Ghent, 12 September 2000 ANNEX 1

FIRST INTERNATIONAL PILOT OF CEPS-BASED E-PURSESMART CARDS

Issuers in Belgium, the Netherlands and Spain co-operate with Europay and Visa to offer e-purse interoperability

Brussels, 12 September 2000 - Today, at the Proton World Forum, the major annual event forProton users and partners, Banksys SA, CEPSCO Española, Europay International, InterpayNederland NV, Proton World, and Visa International announced that they would be launchingthe world's first pilot of internationally-interoperable e-purse smart cards based on CEPS(Common Electronic Purse Specifications) on 15 January 2001.

The pilot will use CEPS-based versions of existing e-purse smart cards: Belgian Proton cards,Dutch Chipknip cards, Spanish Visa Cash cards and Monedero 4B cards, and will be in twophases.

Phase Zero will run from January-March 2001, and will use around 400 cards which will beissued to members of staff of Banksys, CEPSCO Española, Europay International, InterpayNederland NVand Visa International. In addition to the existing domestic e-purse brands, thecards will also be branded either Clip (Europay International's international e-purse brand) orVisa Cash (Visa's international e-purse brand). The cards will be used at terminals in the officesof the participants in Brussels, Utrecht and Madrid and in a few dozen selected merchants in theimmediate environs. The cards will be issued by existing issuers, and loaded with real value(euros). The transactions will be cleared through the existing clearing networks for domestictransactions, and through either the VisaNet network (for Visa Cash-branded cards) or theEPSNet network (for Clip-branded cards) for international transactions.

Phase One will run from April-June 2001, and will use around 1,000 cards, which will beissued to selected existing e-purse cardholders in Belgium, the Netherlands and Spain, and willinvolve a larger number of merchants. Again the cards will be loaded with real value and will becleared through a process duplicated from the previous Phase.

In both Phases, cardholders will be able to load their cards and to make purchases both in their"home" country and in the two "foreign" countries, thus demonstrating the interoperability thatCEPS offers to e-purse issuers. The interoperability will not only be between countries andschemes but also between the Proton technology used in Belgium and the Netherlands and theproprietary technologies used in Spain.

The international interoperability offered by CEPS is being increasingly requested by e-purseissuers and cardholders to make them as easy to use as euro notes and coins (which will entercirculation on 1 January 2002 in 11 countries), as well as when travelling abroad or over theInternet.

CEPS were created by a group of leading e-purse issuers, technology providers andinternational scheme managers, and were published in March 1999. The specifications areowned, developed and managed by CEPSCO, an organisation company established by the


creators of CEPS, which will define common certification requirements to ensureinteroperability.

Chris Lebeer, Managing Director of Banksys, said: "The major interest for Banksys is tovalidate the CEPS technology in a technological trial and to test very soon the new Proton R4platform for cards that the Belgian banks will issue in 2002. As well as the CEPS-based e-purse application, we will install EMV, file management and authentification services on the newplatform cards. The R4/CEPS activation roadmap will be discussed with the Belgian banks."

Gaylon Howe, Chairman of CEPSCO, said, “CEPS has paved the way for the creation of anopen, de facto, global electronic purse standard and we are thrilled to see that the efforts ofCEPSCO are helping to achieve worldwide interoperability. Today’s announcement issignificant because the specifications are being implemented by international electronic purseproviders validating that CEPS is truly a global standard.”

Mr. José Manuel Gabeiras and Mr. Alfonso de la Viuda, Managing Directors of CEPSCOEspañola, said "This project is the most significant move to date towards making the electronicpurse a universal means of payment. Visa EU and Europay International, the main card brand-owners in Europe, major European payment systems operators, and different chip technologiesthat meet the CEPS requirements are all joining together to build a pan-European electronicpurse whose commercial launch in Spain is scheduled for the last quarter of 2001, in time forthe arrival of the single European currency."

Hervé Kergoat, Head of Prepaid Products at Europay said " Europay International is delightedto actively contribute to this CEPS pilot, along with other key e-purse players. The pilotdemonstrates the growing reality of CEPS as a credible international standard, and comes as aperfect preparation for the roll-out in 2002 of Maestro/MasterCard + Clip cards in a number ofEuropean countries, in particular in the euro zone. These cards will significantly enhance thesecurity of our Maestro and MasterCard products, and provide true cross-border functionalityto euro e-purse operators. In addition, thanks to their public key technology, these cards willopen the door to new secure identification services, either for banking applications or for otherapplications in partnership with other industry sectors."

Armand Linkens, Managing Director and CEO of Proton World, said "Proton World wascreated to boost international efforts towards interoperability. I am proud that the company hasplayed a key part in the development of CEPS: we were the first to announce our intention toimplement CEPS in April 1999; in November 1999 we won the Sesames Award for theCEPS-based Proton e-purse and in July 2000 we joined CEPSCO. I am sure that the successof this pilot will attract other e-purse issuers to join us, so that CEPS can be developed as weintended into a worldwide standard."

Jon Prideaux, Executive Vice-President, Virtual Visa, said: "As one of the founders of theCEPS standard, Visa is proud to have seen it evolve to be the de facto industry standard,endorsed by over 95% of the world's e-purse programmes. With the rapid development of newtechnologies and the common currency in Europe, consumer interest in an e-purse withinternational functionality has never been more apparent.Today Visa Cash provides consumersunmatched global functionality. Visa Cash issuers will be able to build on a truly global brandwith a presence on 5 continents and 5 years' experience."

9-10-2000 payment with e-purse over the Internet meeting : participants list

Rue de la Loi 200, B-1049 Bruxelles - Belgique - Bureau: C107 04/22.Téléphone : ligne directe (+32-2)295.32.19 , standard 299.11.11. Télécopieur : 295.07.50.Télex : COMEU B 21877. Adresse télégraphique : COMEUR Bruxelles.


Nom Organisation Adresse Téléphone Fax e-mailALIPRANDI Enrico TSP-MILAN V. Traiano 7

20149 MILANOItaly

39 0233125715 39 023319999 [email protected]

ALLIX Jean DG MARKT C 107 1/16 63179 50750 [email protected] Nikolai National Bank of Belgium Avenue de Berlaimont

1000 Brussels32 22215207 32 22213104 [email protected]

BRION François GIE CB 31, rue de BerriImmeuble Monceau75008 Paris

33 153894188 33 153893606 [email protected]

CAMPENS Fabrice IEIC 79, rue GantoisF-59800 LILLE

33 320219250 33 320541845 [email protected]

DEVOLDER Saskia EUROPAY Chaussée de Tervuren198A1410 Waterloo

32 23525858 32 23525726 [email protected]

ESCUDERO Victor SERMEPA Lopez de Moyos, 15128002 MadridSpain

34 913465516 34 913465659 [email protected]

FERERO MENESES Rui SIBS Rua Soeimo Pereira GomesLote 1, 9°1649-031 LisboaPortugal

351 217813000 351 217935105 [email protected]

GAMSJÄGER Sieglinde Europay International Av. De TervurenB-Waterloo

32 23524179 [email protected]

GARAU Carmen DG SANCO B232 07/24 58937 [email protected] Philippe AFB 18, rue de Lafayette

Paris 7500933 148005170 33 147701215 [email protected]

GOMEZ GONZALEZ Carlos SISTEMA 4B Francisco Sancha 12MadridSPAIN

34 913626309 34 913626340 [email protected]


Nom Organisation Adresse Téléphone Fax e-mailGONDELMANN-BREDINCatherine

DG MARKT C 107 1/14 53219 50750 [email protected]

HANSSENS Benjamin ECB Kaiserstrasse 2960311 Frankfurt

49 6913446311 49 6913447409 [email protected]

MAGHIROS Ioannis Institute for ProspectiveTechnological Studies – DGJRC

WTCIsla de la CortujaG-41092 SEVILLASPAIN

34954488281 34954488308 [email protected]

JODOCY Reinhold CETREL-Luxembourg 10, Parc Syndall5365-MünsbachLuxembourg

35235566359 [email protected]

KOMATZ Robert EUROPAY Austria Hintere Zollamtsstrasse 17A-1030 VIENNA

43 1717016695 43 1717012600 [email protected]

MASI Paola Banca d’Italia Via Milano 60Roma

39 0647925129 39 0647925043 [email protected]

MOYA Alejandro DG INFSO C.4 N105 4/42 68098 [email protected] JENSEN Peter Visa Internationa EU Rue du Luxembourg 3


NICOLI Marco TSP-MILAN V. Traiano 720149 MILANOItaly

39 0233125715 39 023319999 [email protected]

PEETERS Leon ECBS Av. De Tervuren 12, bte 91040 Bruxelles

32 27333533 32 27364988 [email protected]

PELLEGRINELLI Jean-Luc GIE CB 31, rue de BerriImmeuble Monceau75008 ParisWashington PlazaF-75608 Paris Cedes 08

33 153893892 33 153894053 [email protected]

PRADINES Jean-Pierre Mondex France 6, rue de VentadourF-75001 Paris

33 144584276 33 144584258 [email protected]

RANNISTO Juha DG COMP/DI 94967 69807 [email protected]ÖTTINGER Moritz EC DG ENTR D.2 Sc 27 2/49 96394 58986 [email protected] Irmfried EC C.4 C 107 1/24 67002 50750 [email protected]


Nom Organisation Adresse Téléphone Fax e-mailSIMEONOV Kaloyan C.4 C 107 1/46 55321 [email protected] Patrick EUROPAY International Chaussée de Tervuren

198A1410 Waterloo

32 23525644 [email protected]

TINE Sebastiano EC C.4 C 107 1/18 56256 50750 [email protected] DER LANDE Bernard BANKSYS 1442, chaussée de Haecht

1130 Bruxelles32 27276372 32 27266767 [email protected]

VAN HUFFEL Michel DG SANCO B232 7/50 61945 67958 [email protected] NAUW Peter Proton World Rue du Planeur 10


VEREECKEN Marc EC C.1 57978 50991 [email protected] Wilfried Fédération Bancaire de

l’Union EuropéenneRue Montoyer 101000 Bruxelles

025083731 025027966 [email protected]

ZANZOTTERA Paolo DG SANCO RP 3 05/17

Rue de la Loi 200, B-1049 Bruxelles/Wetstraat 200, B-1049 Brussel - Belgium - Office: C107 04/22.Telephone: direct line (+32-2)295.32.19, switchboard 299.11.11. Fax: 295.07.50.Telex: COMEU B 21877. Telegraphic address: COMEUR Brussels.


EUROPEAN COMMISSIONInternal Market DG

Financial servicesFinancial transactions and payments systems

Brussels 6th October 2000

“Payment by e-purse over the internet”

The present note tries to summerise the answers to the questionnaire sent by the Commission tothe e-purse scheme operators in view of the 9th October sub-PS group meeting related topayment by e-purse over the Internet.

The questionnaire was answered for 13 e-purse schemes. Tables here enclosed present foreach question the detailed answer of each scheme.

1. IS IT POSSIBLE TO PAY OVER THE INTERNET WITH THE E-PURSE ISSUED BY YOUR

SCHEME:

(a) Domestically, (b) cross-border.

• 9 out of 13 e-purses allow or are on their way to allowing payment over the Interneton a domestic basis.

• 3 (Geldkarte, Mondex and Proton) on a cross-border basis.

2. WHAT STEPS ARE NECESSARY TO ACHIEVE E-PURSE INTEROPERABILITY ?

Common standards and commercial agreements are necessary to achieve interoperability on across-border basis.

Common standards

• Based on existing solutions, 2 interoperable schemes exist :

- Mondex, interoperable with other Mondex countries : Face to face Internet solution

- PACE (Purse Application for Cross-border use in Euro) project in which Geldkarte,MiniCash and Moneo e- purses are interoperable : Face to face solution only

2

- Smartaxis solution based on a POS server : Internet solution only (Proton and CashCH)

• Future solutions based on CEPS

CEPS is mentioned as the standard which will be used to develop the cross-borderinteroperability for face to face and Internet.

Multi-currency appears to be an important feature for interoperable e-purse.

Commercial agreements

Commercial rules of exchange as well as clearing and settlement are required.

The branding issue was not mentioned in the answers.

The issue of the existence of a business case for cross-border interoperability is raised byPortugal.

3. HOW DOES PAYMENT FUNCTION WITH YOUR E-PURSE AND HOW DO YOU LOAD IT ON THE

INTERNET:

(a) from the cardholder side (e.g. need to have a card reader)

Most of the connections to Internet referred in the questionnaire are made on a PC witha card reader (and a piece of software) for the e-purse payment transaction.

A simple card reader only for payment is used in the Quick e-purse scheme. Austriamentioned the issue of the reader price (>40 euro when secured).

No one referred to a future e-purse payment with mobile.

(b) from the merchant side (e.g. need to have special software)

The merchant requires in most cases a security hardware called SAM (Security AccessModule) and a software.

(c) What are the exchanges between the 2 parties (e.g. going through aserver for clearing and settlement)

Between the cardholder and the merchant, the transaction takes place as in the face toface environment. That is to say that the dialogue between the smart card and themerchant server is the same but made at a distance via the Internet.

To be noted :In the TIBC Spanish e-purse, a payment authorisation to the issuer is performed.

3

Clearing and settlement

Internet transactions are collected from the merchant server the same way as face toface transactions and similarly the same procedures are used for clearing and settlement.

To be noted :For Mondex Internet transactions there is no clearing and settlement through a server. Itis direct between the 2 parties.

(d) E-purse loading

Only 2 schemes (Multibanco and Minipay) answered the question about loading. The e-purse is loaded on the same card reader used for payment. It means that the cardreader should have a pinpad (included in the card reader for security reasons) becausePIN typing is required for loading.

4. FOR WHICH SERVICES PROVIDED OVER THE NET CAN E-PURSE BE USED FOR PAYMENT:MICRO PAYMENTS, SMALL AMOUNTS (HOW MUCH?) ?

• Micro payments = from 0.5 euro to about 150 euro.

• Services : games, music, e-book, software, information, Pay TV, advertisements in anewspaper.It is mentioned that e-purse can be used for incremental payment during on lineconsumption of service (e.g; use of a hot line, playing game..)

5. HOW MUCH MONEY IS IT POSSIBLE TO LOAD ON YOUR E-PURSE AND WHAT IS THE

PAYMENT LIMIT ?

Loading capacity : 91€, 125€, 150 €, 200 €.

Except for Moneo (30 euro payment limit), the payment is only limited by the e-pursebalance capacity (which can be equal or higher than the loading capacity).

6. WHAT ARE THE SECURITY FEATURES OF YOUR E-PURSE AND WHAT ARE THE MAJOR

PROBLEMS ENCOUNTERED ?

(a)for payment, (b) for loading

Except Mondex (RSA cryptography), all the considered e-purses are using symmetrickey algorithm (DES and 3 DES).

4

There is always mutual authentication between:- the card and the merchant server for payment,- the card and the issuer server for loading.

For Europay Austria (Quick) the major problem is, how to handle transaction, when atechnical problem occurred (e.g the internet connection breaks down), and thecardholder purse is already debited, but the merchant card is not yet credited.

Minipay (Italy) indicates in its answer to question 7, that in case of problem during theconnection, there is a recovery procedure in order to terminate the payment transaction.

7. IS IT POSSIBLE TO GET A REFUND IN CASE OF A PROBLEM AND HOW DOES THIS

FUNCTION ?

In most cases, there is no automatic refund procedure. There is sometimes thepossibility to cancel last purchase but this must be done during the connection.

(a) in the case of differed consumption e.g. delivery at home, the problem mustbe solved with the vendor.

(b) in the case of on-line consumption e.g. software or music loading. Incrementalpayment might be a solution.

To be noted: In the Avant scheme (Finland), an electronic receipt with a uniqueidentifier is produced. It can be printed or copied and sent electronically to themerchant to provide proof of the payment.

8. IS IT POSSIBLE TO USE YOUR E-PURSE TO TRANSFER MONEY BETWEEN 2 CONSUMERS

(PURSE TO PURSE) OVER THE INTERNET ?

This possibility is not offered in the physical world, except for Mondex. It is the samesituation on the Internet.

9. WHAT IS THE REGULATORY FRAMEWORK FOR PAYMENT OVER THE INTERNET IN YOUR

COUNTRY ?

General law of payment, when it exists, applies to e-purse payment. There do not seemto be specific laws regarding payment over the Internet.

10. WHAT SPECIFIC ADVANTAGES ARE THERE TO PAY WITH AN E-PURSE OVER THE

INTERNET RATHER THAN WITH ANOTHER MEANS OF PAYMENT ?

(a) for the cardholder

5

Security : using a smart card allows to secure the transaction from end to end. Nopersonal account information is disclosed to the system, hence such information cannotbe used to make fraudulent payments. The payment amount is limited, children can usethis means of payment.

Anonymity : the merchant or the issuer are not aware of the transaction made by e-purse contrary to payment card. As e-purse is a prepaid instrument there is no trace ofpayment on the account statement. This anonymity allows under 18 years old persons touse e-purse over the Internet.

Ease of use : the cardholder has just to enter his card into the reader, no PIN forpayment. It is possible to make micro payments not always the case with a paymentcard.

(b) for the merchant

Security : payment is guaranteed, no cancellation of the payment by cardholder, nochargeback system, no credit risk.

Economical: micro payments are possible, possible lowest merchant fee, the merchanthas the money in his pocket before he delivers the goods (case of deferredconsumption).

Other advantages: Incremental payment for on line consumption possible, speed ofthe transaction.

11. CAN THE USE OF E-PURSE ON THE INTERNET ENCOURAGE THE DEVELOPMENT OF E-COMMERCE ?

The majority agrees on the fact that e-purse will facilitate the development of e-commercebecause it allows to make micro-payments in a very secure, efficient and anonymous way.

Some merchants would be encouraged to develop services over the internet if e-purse usewere widespread.

Questionnaire payment by e-purse over the internet

1

1. Is it possible to pay overthe Internet with the e-purse issued by yourscheme:

Domestically(a)

cross-border(b)

If your answer to question (a) or (b) is no, do you intendto offer this possibility and when ?

Danmont DA No No We would like to offer this possibility by 1Q-2Q 2001

Porta moedas Multibanco PT Yes No Not relevant for PMB

Euro 6000 ES Yes No It is not decided

VisaCash TIBC ES Yes No We will include the cross-border possibility when we will launchthe new e-purse under CEPS standard

Minipay IT Yes No (b) Not now. Actually MINIpay is a mono currency (Italian Lira)scheme; obviously, it could be technically possible from now,with payments in Lira and if the foreign merchant has a Bankaccount with an Acquirer Italian Bank and has MINIpaycomponents (PayOnWeb) on his merchant server.

Avant FIN Yes No cross-border payments should be possible utilising the CEPSstandard sometime after year 2003, our present estimate is 2005

Mondex FR Yes YesMoneo-Modeus FR No NoMiniCash LUX No No Yes. A date is not fixed for the moment because Cetrel has just

launched the e-com payment facility for credit cards.Quick AU pilot starts this

monthNo Domestically Pilot 10/00 – 12/00, Roll Out 1/01

Cross border Yes. Smartaxis could be a solution.

Geldkarte DE Yes YesProton BE Yes YesCash CH No No We did investigated CASH payments over the Internet almost two

years ago. It seemed that the extension of the national purse intothe Internet would be costly (readers, merchant integration) andthe initial growth very slow (chicken-and-egg problem, see thevarious pilots in other countries). The conclusion was that apurely national purse is not suited to become a success in theInternet. This view may change as opportunities for internationalinteroperability evolve.


2

2. What steps are necessary to achieve e-purse interoperability ?

Danmont DA Common standards, common messaging, use of existing card infrastructure….

Porta moedas MultibancoPTPT

I assume the question addresses cross-border interoperability.It depends on technical, business and commercial issues and they are strongly correlated.Technical issues: The terminals installed by the merchants/acquirers shall support a common e-purse standard.Commercial issues: These cover both acquiring and issuing issues. It is not clear the “rules” that will be applied to this type ofpayment (interchange fees, time after which funds will be deposited in merchant account when accepting payments from “foreign”purses, liabilities, …).We fear that in Portugal there is no business case for cross-border interoperable e-purses.

Euro 6000 ES Common Standards - Commercial Agreements

VisaCash TIBC ES Bilateral agreements can allow some kind of interoperability, but we consider that the most important steps are to use aninternational and cross-branded standard (as CEPS), and to include in the e-purse the capability of managing different currencies (asCEPS does).

Minipay IT It could be necessary to define the functional rules of a common mask, an unique kind of protocol, an unique security policy (legalrules), and to define the way in order to assure a clearing/settlements of e-purse operations between different countries (and BankSystems). From a commercial point of view it could be also necessary to define commercial rules shareable in terms of fees forpayments transactions and fees for the managing of terminals and cards.

Avant FIN 1) euro-currency (and/or multi-currency systems), 2) common standard (CEPS) technically implemented, 3) commercial agreementsbetween schemes

Mondex FR Already interoperable with other Mondex countries

Moneo-Modeus FR To be defined

MiniCash LUX MiniCASH is already interoperable with GeldKarte and Moneo within the PACE-project.

Quick AU Migration from domestic schemes (f.e. Quick) to CEPS-based international schemes (f.e. CLIP)

Geldkarte DE Interoperability of e-purses is achieved in a two-step approach:The first step is based upon interlinking existing purse-schemes by supporting different domestic applications within the terminal,e.g. PACEThe second step is to establish multi-currency interoperability on the basis of the CEPS-specifications.

Proton BE On Internet, can be based on POS Server (see Smartaxis which acts as intermediary between different schemes).

Cash CH Option A: Integrate the national purse into an intermediation scheme as e.g. SmartAxis. The implementation is relativelystraightforward and gives the required level of interoperability in the Internet. But Option A is not suitable for face-to-faceinteroperability.Option B: Migrate to or extend the national purse with a fully interoperable purse as e.g. CEPS or MONDEX. This is much morecomplex and costly but offers the advantage of a consistent solution for Internet and face-to-face payments.The most important aspect is the co-ordination of a critical mass of partners (other country’s national purses), both in the selection


3

2. What steps are necessary to achieve e-purse interoperability ?

of standards as well as timing.

3. How does payment function with your e-purse and how do you load it on the Internet:(a) from the cardholder side (e.g. need to have a card reader)(b) from the merchant side (e.g. need to have a special software)(c) What are the exchanges between the 2 parties (e.g. going through a server for clearing and settlement)

Danmont DA (a) Not offered yet, but unless it’s a virtual card/account he would need a card reader(b) Not offered yet, but unless it’s a virtual card/account, he would need special software(c) We would introduce a special payment server for the exchange of internet transactions


PAYMENT(a) from the cardholder side (e.g. need to have a card reader) At a minimum an ICC reader is needed.(b) from the merchant side (e.g. need to have a special software) A SAM (Secure application Module) is needed (as for a PMBpayment terminal).(c) What are the exchanges between the 2 parties (e.g. going through a server for clearing and settlement). The merchant servercollects PMB payments and sends them to SIBS for clearing and settlement. LOADING(d) from the cardholder side (e.g. need to have a card reader). A separate secure Pinpad must be connected to the cardholder PC.This Pinpad incorporates an ICC reader and a secure Pin entry keyboard.(e) from the merchant side (e.g. need to have a special software). In loading operations the merchant is not involved.(f) What are the exchanges between the 2 parties (e.g. going through a server for clearing and settlement). Exchanges are performedthrough SIBS, including clearing and settlement functions with the Purse Issuer and the issuer of the card that provided the fundsfor loading.

Euro 6000 ES The message protocol between the card and the SAM module on the Internet is exactly the same as in real world(a) The cardholder needs a card reader and specific software(b) The merchant needs a SAM module and specific software(c) Merchant needs to collect performed transactions through a scheme-provided server for clearing and settlement.

VisaCash TIBC ES (a) The cardholder needs to have a card reader connected to his PC. Although not all the card readers have their own keypad, ourrecommendation is that smart card readers should include it to isolate the PIN entry from the PC environment. Statistically, in mostof the cases, the transactions are made from the PC of the cardholder office, not from his home.(b) There is a specific software for the merchant called virtual POS. This software is provided by the financial institutions (cardissuers) and it manages the payment and the information exchanges between cardholder side and financial network.(c) When cardholder selects to pay using the e-purse, virtual POS performs the following steps:- Communicates with the cardholder system and activates cardholder software in order to access to the cardholder card.


4


- Exchanges information with cardholder card and performs security operations.- Connects with the Issuer (or its delegate) and sends an authorisation request for payment.- Performs security operations for payment and sends back the authorisation responds to cardholder card.- Sends the payment confirmation to the merchant side.- Performs clearing and settlement operations via financial network.

Minipay IT (a) the cardholder needs a smart-card reader and a specific software (plugin/ActiveX) to assure the colloquy between card andbrowser (Netscape, Explorer);(b) the merchant server needs a security hardware & software (with SAM) in order to manage the payments and the log dischargeto the Central System. The Central System has a specific security hardware & software in order to manage the loading of the cards -loading is an "on-line" operation (local card P.I.N.) with the Central System which verifies card status.(c) during payments, e-money is transferred from the card to the merchant server. The payments are assured by the SAM whichmanages all the security process. Technically, payment transaction is an "off-line" operation between cardholder and merchant.Afterwards, the merchant provides to discharge the "payments logs" to the Central System with a daily connection. The BankSAM of the merchant (installed on the merchant server) assure that e-money will credit on his Bank account.

Avant FIN (a) one needs a PC-compatible card reader, plus (free) Avant software(b) The merchant needs Avant payment server software + Avant SAMs (Secure Application Modules, which are the same as inPOS devices) or as an option the merchant can contract to get a full Avant payment service from Automatia’s server.(c) In Avant internet payment, the electronic cash is transmitted over the internet directly from the cardholders chip card to amerchant’s SAM. The merchant’s SAMs are emptied e.g. once every night to Automatia’s clearing system and the merchant’sbank account is credited accordingly.

Mondex FR (a) need to have a card reader(b) the merchant or its service provider need to have a special software and a card reader(c) what exchanges between the 2 parties: direct, no clearing or settlement through a server

Moneo-Modeus FR (a) the cardholder will need a card reader.(b) The merchant or its service provider will need to have a special software; device to be defined.(c) to be defined

MiniCash LUX (a) A technical solution has not yet been chosen.

Quick AU (a) from the cardholder side (e.g. need to have a card reader): The cardholder has to get a simple card reader (without display andPin-Pad) and a piece of software for his PC. Loading is not possible yet.


5


(b) from the merchant side (e.g. need to have a special software): The merchant has to connect a PSAM-Server (PC with Softwareand built in payment-modules with physical merchant-cards) to his merchant server. The payment-modules are similar to thoseinstalled in vending machines.

(c) What are the exchanges between the 2 parties (e.g. going through a server for clearing and settlement): The ‘money’ istransferred from the cardholder-card to the merchant-card. At the end of the day the merchant transfers the money via telephone-line to Europay Austria and we credit the merchants account.

Geldkarte DE (a) - need to have a card-reader at the cardholder’s side- cardreader has to adhere to certain security requirements (separate key-pad, separate display, no possibility to interfere theGeldKarte-application from outside or to control the display from outside during the GeldKarte-transaction- merchant identity as stored by the PSAM is secured by a certificate to be verified in the reader and displayed to the cardholder- payment-process is the same as for face-to-face-transactions(b)- merchant is required to have a PSAM for usage over the internet with a secured identity to be checked by the cardholder- What are the exchanges between the 2 parties (e.g. going through a server for clearing and settlement)(c) - Clearing and settlement remains unchanged compared to face-to-face-transactions

Proton BE (a) need a card holder and specific sw (could be automatically loaded when purchasing)(b) need a POS solution (fat or distributed via a payment server) - Up till now , need special HW to be connected at the merchant orhis payment operator(c) Money from the card to the special HW and back to the banks

Cash CH (a) We prefer to use the face-to-face purse in the Internet. This requires a reader, the necessary PC software and the possibility toload the purse over the Internet.(b) We prefer an approach that requires only minimal hardware and software improvements at the merchant server (e.g. centralpayments server concept).(c) To be defined


6

4. For which services provided over the net can e-purse be used for payment: micro payments, small amounts (howmuch?) ?

Danmont DA We imagine Danmønt being the purse to pay for micropayments (value added services) as well as for contentproviders services. Small amounts for up to around 100 DKK is the primary focus.


Currently no service in production. PAY-TV under development.

Euro 6000 ES Micro-payments, small amounts (up to 100 €) mainly related with goods or services distributed directly throughInternet: Music, e-Books, Software, Games, information…

VisaCash TIBC ES Commercial agreements define the services that could be used for payment as far as there is no specific limit forpayment over Internet. Maximum payment depends on balance limit (normally Issuers define 150 euros as limit forloading).

Minipay IT MINIpay is a multifunctional platform with e-purse and loyalty schemes.E-purse on the net can be used for small and medium amount (till 100-150 U.S. dollars). It can also be used forapplications such "game" or in order to consume on-line services. However, it is possible to load (and pay) on thecard private e-purse (with tokens) or other applications (subscriptions).

Avant FIN In principle, any type of services. E.g. the piloting merchants sell classified ads to a newspaper (10 to 20 euro) andaddress and telephone number info (0,50 euro). There is no lower limit for the size of a payment.

Mondex FR micro payments and small amounts from 1 euro cent to 150 euro

Moneo-Modeus FR Use of electronic purse is particularly recommended in cases where payment has to be performed incrementallyduring consumption of service (e.g. use of a hot line)

MiniCash LUX For any amount loaded on the card.

Quick AU The e-purse is typically used for micro payments, but it’s the decision of the cardholder, which amount he wantsto pay.

Geldkarte DE There is no restriction besides the maximum loading amount (DM 400,-).Incremental purchases are possible

Proton BE Technically from all types amounts. Marketingly, dedicated to small amount in order to decrease processing costsof small amounts

Cash CH Our national purse is optimised for payments in the range of CHF 1.- to CHF 25.-, although technically, paymentsbetween CHF -.01 and CHF 300.- can be made. Incremental debit transactions may be as low as CHF -.01 per tick,but the final amount should be in the same range as for single debit payments.


7

5. How much money is it possible to load on your e-purse and what is the payment limit ?

Danmont DA The purse can maximum hold and be loaded with up to 1200 DKK


Maximum load amount: 200 Euro. Payment limit is the purse balance. Maximum Purse balance is 320 Euro.

Euro 6000 ES Up to 200 €No payment limit

VisaCash TIBC ES Mostly the upper limit for loading and payment are 150 euro.

Minipay IT The MINIpay card can be loaded on the net only if it is "nominative" (there is a strong link between card and Bankaccount of the cardholder). During the loading, which is activated by the cardholder with a connection to theCentral System web site and the digit of a PIN, the Central System verifies the card and the "plafond amount"granted by the Bank to the cardholder. The card has a maximum amount of Lit. 300.000 (nearly 150 U.S. dollars, sothis is the limit for loading and payment) but, obviously, it can be reloaded (and used for payments) more times tillthe plafond is empty.

Avant FIN The purse can be loaded up to FIM 2000 (euro 336), which limits the payments.

Mondex FR 150 euro, payment limit: 150 euro

Moneo-Modeus FR Max load: 91 euro, Payment limit:30 euro

MiniCash LUX Both limits are set to 125 €.

Quick AU Maximum Amount: ATS 1.999,- . There exists no limit for payments, the amount, that is loaded on the card, can bespent in a single TRX.

Geldkarte DE The maximum loading amount is DM 400,-There is no minimum or maximum amount on payments.

Proton BE 5000 BEF

Cash CH Currently, the maximum balance is CHF 300.- (this is a marketing decision, the technical limits are significantlyhigher). The maximum payment amount is the actual purse balance, without any further restrictions.


8

6. What are the security features of your e-purse and what are the major problems encountered ?(a) for payment,(b) for loading.

Danmont DA Nothing major experienced so far

Porta moedas Multibanco PT (a) Mutual authentication based on DES and 3DES. No security problems found.(b)See above

Euro 6000 ES We are following CEN 1546 using 3DESNo major problems encountered.

VisaCash TIBC ES E-purse security is based on symmetric key algorithm (DES). There is a dual authentication: the card Issuer (or itsdelegate) must authenticate the cardholder card and the cardholder card must authenticate the Card Issuer.Major problem is to assure the security of the transaction. This is achieved using a hardware security module(HSM) linked to the virtual POS. The HSM provides secure storage for keys and cryptographic algorithms neededfor e-purse loading and payment.

Minipay IT For every kind of transactions (load/pay) there's always a mutual authentication between card and securityhardware module (SAM) installed on terminals. Proprietary protocols between card, terminals and Central System.MINIpay on the net (PayOnWeb) receives all the same security features of MINIpay (on the real world).For payments and loading the SAM are installed in a remote way on merchant server (for payments) and CentralSystem server (for loading).

Avant FIN (a) The card chip vs. SAM dialogue (utilising DES)(b) The card chip vs. SAM dialogue (utilising DES)

Mondex FR Card to card value transfer with mutual authentication using RSA cryptography

Moneo-Modeus FR Security is based upon use of symmetric keys.

MiniCash LUX (a) Each transaction is authenticated after an get-challenge exchange between the cardholder-chip and acentralised virtual PSAM. The transactions is finally MACed with a appropriate key of the PSAM.(b) The PIN verification: In the current version a secure PIN-pad is required. An alternatively is either to create a


9

6. What are the security features of your e-purse and what are the major problems encountered ?(a) for payment,(b) for loading.

link between the card and a "personalised" terminal (cfr. GeldKarte V3.0) or a PIN-verification with clear-text PIN.Cetrel might use the second solution for the next card renewal.

Quick AU (a) for payment, We use the same security than in the real world (f.e. in vending machines) plus SSL. Allmessages are signed with signatures (DES), a static RSA-Certificate stored in the cardholders-card is checkedby the PSAM-Server before a payment-TRX starts. Europay Austria gets every single TRX from the PSAM-Serverto the card-management-system. The major problem is, how to handle TRX, where a technical problem occurred(f.e. the internet-connection breaks down), and the cardholders purse is already debited, but the merchant-cardis not yet creditet.

(b) for loading :Not developed yet. On the one hand we see a security-problem in typing in the PIN on the PC-Keyboard in clear-text, on the other hand all chip-card-readers we know with display and pin-pad are muchtoo expensive ( > 40 Euro)!

Geldkarte DE There are a lot of different security features within the GeldKarte-system, comprising technical features,cryptographic features and organisational features. The security of the whole system as well as each securityrelevant component has undergone different security evaluation in order to ensure system security. All securitymeasures are defined within the “Schnittstellenspezifikationen für die ec-Karte mit Chip”. Until now, no securityproblem has arisen.

Proton BE (a) special keys(b) special keys

Cash CH (a) Our purse is physically and logically well secured, fully accounted and audited. There are no known securityproblems.

(b) Our purse is physically and logically well secured, fully accounted and audited. There are no known securityproblems.


10

7. Is it possible to get a refund in case of problem and how does this function ?(a) in the case of differed consumption e.g. delivery at home,(b) in the case of on-line consumption e.g. software or music loading

Danmont DA As a cardholder you can have the remaining value of your purse credited your banking account. The handling istoday done manually.

Porta moedas Multibanco PT PT(a) Refunds will have to be handled through the service Provider/Merchant.(b) See above.

Euro 6000 ES You only can cancel last transaction. All other cases have to be solved outside the system.

TIBC ES There is no refund for e-purse payment transactions. If any problem arises during payment, cardholder will usetraditional charge-back circuits.

Minipay IT In case of problems (for example, interruption of connection) there's a recovery procedure in order to terminate thepayment transaction.Refund procedures aren't possible on the net (the card can be loaded only by Central System) but are possible byother way, managed for example by the web site.

Avant FIN For both cases the consumer protection laws apply. Avant internet payment software provides the cardholder withan electronic receipt that can also be printed. The receipt stating the status of the payment has a unique identifierfor the transaction and the same identifier is stored by the merchant’s Avant server software. The cardholder cansend a copy of the payment receipt (also electronically) to the merchant to provide proof of the payment.

Mondex FR Merchant's initiative


MiniCash (a) This point has not yet considered.(b) Idem

Quick AU (a) in the case of differed consumption e.g. delivery at home :No, not from Europay Austria! The cardholder has todeal with such a problem with the merchant.(b) in the case of on-line consumption e.g. software or music loading.No refund! The cardholder has to deal with such a problem with the merchant.

Geldkarte DE If the transaction is successfully finalised, there is no possibility within the system to refund. In this case thecardholder has to turn directly to the merchant.

Proton BE (a) no(b) no

Cash CH Currently refund of purse payments is not implemented, neither online nor via backoffice mechanisms. There is apurse balance refund in case of chip defect or card expiry.Parts of the system (recent purse chips) have a “cancel last purchase “ capability (unused so far), but it wouldrequire further developments to implement this feature to fully operational status. This might be a solution for (b),


11

7. Is it possible to get a refund in case of problem and how does this function ?(a) in the case of differed consumption e.g. delivery at home,(b) in the case of on-line consumption e.g. software or music loading

but not for (a).


12

8. Is it possible to use your e-purse to transfer money between 2 consumers (purse to purse) over the Internet ?

Danmont DA Not yetPorta moedas Multibanco

PTNo

Euro 6000 ES NoTIBC ES No, transfers between e-purse are not allowed.Minipay IT No. It's not possible.Avant FIN NoMondex FR Under developmentMoneo-Modeus FR Not yet.

To be definedMiniCash LUX No. Theoretically possible as on one side a single purchase and on the other a load against "other

means of payment".Quick AU NoGeldkarte DE Not possibleProton BE NoCash CH No


13

9. What is the regulatory framework for payment over the Internet in your country ?

Danmont DA The card business is in general covered by the Law of Payment Act. This is too extensive to go into detail withhere, but the Internet is covered as well. All in all the consumer has almost no risk.

Porta moedas MultibancoPT

Euro 6000 ESTIBC ES The regulatory system for payment over Internet (e-commerce) is under the International Brand (Visa, Europay and

Mastercard) regulation, or under special national agreement.Relating the e-purse over Internet, there is a national agreement between the Financial Institutions members ofSermepa. This agreement is reflected in the document “Visa Cash Operating Regulations”, because all the e-purseissued (until now) by our members are branded Visa Cash.

Minipay IT Nowadays there's not a specific normative for payments on the net.Purchases on the Internet are considered like "mail order selling", (consumer can cancel the order within 7-10 days,but there are not specific conditions for payments features).

Avant FIN Consumer protection laws apply as well as the law on general terms of payment intermediation.

Mondex FR Nothing specific to e-purse


MiniCash LUXQuick AU Europay Austria as the originator of the e-money Quick has a banking licence. All Austrian banks plus the

Austrian Nation Bank (OeNB) are represented in our board. ARGE SZS (Arbeitsgemeinschaft für die Sicherheit vonZahlungsverkehrssystemen mit Smart Card = Working Group on smart card based payment system security) is agroup of security experts sponsored by the Austrian National Bank (OeNB) in order to assess the technicalsecurity and remaining financial risk of the Austrian electronic purse system (brand name QUICK). ARGE'smandate by the OeNB has been worked out in 2 projects (1995-1997, 1998-2000.

Geldkarte DEProton BE Question should be more specific

Cash CH There is no particular regulatory framework in Switzerland.


14

10. What specific advantages are there to pay with an e-purse over the Internet rather than with another means ofpayment ?

(c) for the cardholder(d) for the merchant

Danmont DA (a) To be used by persons less than 18 years of age, anonymous, small risk(b) Fast transaction, no PIN, easy to implement, target group less than 18 years of age


(a) No personal account information is disclosed by the user. The payment is “anonymous” to the merchant andmay also be “anonymous” to the purse issuer. No need to enter PIN codes.(b) The advantages may only be significant for specific services where payments are low-value or incremental debitand alternative card payments are not available. Purse payments may have lowest Merchant fee from acquirersthen Credit or Debit cards.

Euro 6000 ES (a) for the cardholder e-Purse payment is anonymous, secure and accessible(b) for the merchant No risk of charge back for the merchant. Payment can not be repudiated

TIBC ES (a) – Security: using a smart card payment transaction can be performed in a secure way end-to-end. Until now,there are not EMV cards (just only for a limited pilot), the chip is used only for e-purse.– Ease of use: cardholder just has to insert his card in the card reader.– Portability: cardholder card stores all the information needed for payment., and the logs of the last tentransactions.(b) E-purse allows using electronic payment for small amount transactions and reducing total cost for managingpayments.

Minipay IT (a) With e-purse payments on the net, the cardholder isn't afraid of fraud and risks of use of his card by someoneelse (like the credit card number). The e-purse during payments (for example for on-line services) is also completelyanonymous if the card isn't "nominative" and it is loaded in the real world by Bank terminals (ex. ATM).(b) For e-purse transaction merchants pay to the Banks lower fees than for payments with others cards (for examplecredit cards).

Avant FIN (a) Possibility for micropayments, anonymity, security(b) Fast and secure, no credit risk, micropayments

Mondex FR (a) security: no over charge, no double charge, no card # theft(b) security: no cancellation by cardholderlow cost: no clearing


15

10. What specific advantages are there to pay with an e-purse over the Internet rather than with another means ofpayment ?

(c) for the cardholder(d) for the merchant

Moneo-Modeus FR (a) security (no risk of misuse of his card number);(b) security: no cancellation by cardholder; e-purse is a mean payment particularly indicated for incrementalpayments (see question 4).

MiniCash LUX High security, micro payment, max. amount is limited (e.g. for children),

Quick AU (a) for the cardholder: e-purse is anonymous (especially interresting for adult-pages ?). He has the card with himall the time (the money is not stored on a harddisk at home or in the office). He can use it wherever this way ofpayment is offered (internet-cafe’s, info-terminals, screen-phones, settop-boxes, WAP-handy’s, etc.) . Noadditional fees asked by the bank. No minimum amounts.(b) for the merchant: e-purse is anonymous. Fees are lower than credit-cards. Payment guaranteed by the purse-provider. The merchant has the money in his pocket, before he delivers the good’s.

Geldkarte DE (a) anonymous, very secure due to the authentication of the merchant and the usage of a secure chipcard reader(b) payment-guarantee, allows for small-amount payments and incremental purchases

Proton BE (a) could be trust or fear of the current payement methods(b) no repudiation

Cash CH Other means of payment: credit/debit card, merchant-specific prepayment account loaded via credit/debit card,general Internet prepayment account loaded via credit/debit card.(a) Purse advantages: Speed, ease of use, relative anonymity, single prepaid account (= card balance) for allInternet and face-to-face payments, security against loss of money (in case of merchant-specific or Internet prepaidaccount).(b) Purse advantages: Speed, irrevocable payment for goods and services immediately consumed (e.g. digitalgoods), low cost (e.g. commission).


16

(11) Can the use of e-purse on the Internet encourage the development of e-commerce ?Danmont DA Yes in some areas – and also if communicated correctly, it will encourage the users as risk is minimal.Porta moedas Multibanco

PTNot relevant. Much more important is to have the possibility of using Credit/Debit cards in e-commerce.

Euro 6000 ES Yes, for the micro-payments segmentsTIBC ES E-commerce can be powered using as many electronic means of payment as possible. In addition, e-

purse provides solution for micro payment and small amount payment (not covered by others meansof payments). Thus, e-purse on the Internet can help to encourage e-commerce development.

Minipay IT Yes, because the e-purse scheme represents nowadays for users the most secure paymentsinstrument on the net.

Avant FIN Yes, especially by facilitating micropayments and thus “microproducts” such as the delivery of smallpieces of information or entertainment on-line, with no need to tie the consumer into a larger bulk saleor a subscription relationship or to register the consumer in any way.

Mondex FR YesMoneo-Modeus FR Yes, for small amounts.MiniCash LUX Yes, for the reason given here above.Quick AU YES, of courseGeldkarte DE YesProton BE For some market, maybe yes - music, news, games - small amount / direct consumptionCash CH It might even be a prerequisite for some forms of e-commerce (e.g. low-value digital goods).

e-purse_en

Documents