My Research Programme (2002 - Now)

Innovative Auto-ID and LBS - Chapter Three Historical Background

This chapter takes the reader through a historical tour of identification techniques from ancient times to the present. The histories shed light on how the purpose of citizen identification (ID) has changed as it has been impacted by complementary and supplementary innovations. The chapter provides a thorough exploration of government-to-citizen (G2C) ID systems, so as to better understand the possible uses or potential misuses of current and future mandatory ID schemes. It also presents some of the evolutionary changes that have taken place in the nature and scope of citizen ID, and their subsequent potential implications on society. Historically governments have requested the registering of their population for census collection and more recently the need to know what social benefits accrue to each household. Nowadays, however, citizen ID numbers are even used to open bank accounts and to subscribe to mobile services, among many other things. In addition, auto-ID techniques are not only pervasive but are increasingly becoming invasive.

 

Read More

Innovative Auto-ID and LBS - Chapter Two Innovation Studies

This chapter will explore literature in the field of innovation in order to establish a conceptual framework for the auto-ID trajectory research. The primary aim of this review is to provide a critical response to the literature on technological innovation. The review will also serve to: (i) identify and understand widely accepted definitions, concepts and terms, born from past innovation research as a guide for further research; (ii) review theories, theoretical frameworks and methods adopted by other researchers doing similar innovation studies (especially in the area of information technology) in order to choose an appropriate approach for this study; (iii) understand what aspects of complex high technologies (high-tech) have already been explored by researchers and what aspects have been neglected and to discover any similarities or differences in existing findings.

Read More

Innovative Auto-ID and LBS - Chapter One Introduction

This study is concerned with the automatic identification (auto-ID) industry which first came to prominence in the early 1970s. Auto-ID belongs to that larger sector known as information technology (IT). As opposed to manual identification, auto-ID is the act of identifying a living or nonliving thing without direct human intervention. Of course, the process of auto-ID data capture and collection requires some degree of human intervention, but the very act of authenticating or verifying an entity can now be done automatically. An entity can possess a unique code indicating personal identification or a group code indicating conformity to a common set of characteristics. Some of the most prominent examples of auto-ID techniques that will be explored in this book include bar code, magnetic-stripe, integrated circuit (IC), biometric and radio-frequency identification (RFID). The devices in which these techniques are packaged include a variety of form factors such as labels and tags, card technologies, human feature recognition, and implants. 

Read More

Innovative Auto-ID and LBS - Preface

This book serves as a critical piece of documentary evidence for automatic identification and location-based services from its inception till today. Automatic identification (auto-ID) is the act of identifying a living or nonliving thing without direct human intervention. Location-based services (LBS) is the ability for an information system to denote the position of a user, based on a device they are carrying or their position in a given context. Automatic identification technologies and location-based services are both complementary and supplementary technologies. Being able to identify and locate someone on the same device is powerful for different types of requests. But even more powerful is the ability to imply someone’s identity by their very location. The latter has critical implications for the way law enforcement is conducted, emergency services are deployed, and loved ones are notified of your given circumstances. Indeed this book is about the social implications of technology, and how new emerging innovations are completely changing the rules of engagement.

Read More

Innovative Auto-ID and LBS - Chapter Sixteen Conclusion

This chapter is dedicated to identifying the main outcomes of the study and reflections on the future directions of the technologies that were under investigation. In concluding we have found that first, an evolutionary process of development is present in the auto-ID technology system (TS). Incremental steps either by way of technological recombinations or mutations have lead to revolutionary changes in the auto-ID industry- both at the device level and at the application level. The evolutionary process in the auto-ID TS does not imply a ‘survival of the fittest’ approach, rather a model of coexistence where each particular auto-ID technique has a path which ultimately influences the success of the whole industry. The patterns of migration, integration and convergence can be considered either mutations or recombinations of existing auto-ID techniques for the creation of new auto-ID innovations.

Read More

Innovative Auto-ID and LBS - Chapter Fifteen Uberveillance

Uberveillance, also überveillance, is an above and beyond, an exaggerated, an almost omnipresent 24/7 electronic surveillance. It is a surveillance that is not only “always on” but “always with you” (it is ubiquitous) because the technology that facilitates it, in its ultimate implementation, is embedded within the human body. The problem with this kind of bodily invasive surveillance is that omnipresence in the ‘physical’ world will not always equate with omniscience, hence the real concern for misinformation, misinterpretation, and information manipulation.

Read More

Innovative Auto-ID and LBS - Chapter Fourteen The Rise of the Electrophorus

When Jacques Ellul (1964, p. 432) predicted the use of “electronic banks” in his book, The Technological Society, he was not referring to the computerization of financial institutions or the use of Automatic Teller Machines (ATMs). Rather it was in the context of the possibility of the dawn of a new entity- the coupling of man and machine. Ellul was predicting that one day knowledge would be accumulated in electronic banks and “transmitted directly to the human nervous system by means of coded electronic messages… [w]hat is needed will pass directly from the machine to the brain without going through consciousness…” As unbelievable as this man-machine complex may have sounded at the time, forty years on visionaries are still predicting that such scenarios will be possible by the turn of the twenty-second century. A large proportion of these visionaries are cyberneticists. Cybernetics is the study of nervous system controls in the brain as a basis for developing communications and controls in socio-technical systems.

Read More

Innovative Auto-ID and LBS - Chapter Thirteen The Socio-Ethical Implications of Automatic Identification and Location Services

The relative ease of performing electronic transactions by using auto-ID has raised a number of social, cultural, religious and ethical issues. Among others, civil libertarians, religious advocates and conspiracy theorists have long cast doubts on ID technology and the ultimate use of the information gathered by it. Claims that auto-ID technology impinges on human rights, the right to privacy, and that eventually it will lead to totalitarian control of the populace have been put forward since at least the 1970s. This chapter aims to explore these themes with a particular emphasis on emerging human transponder implant technology. At present, several US companies are marketing e-business services that allow for the tracking and monitoring of individuals using RFID implants in the subcutaneous layer of the skin or Global Positioning System (GPS) wristwatches worn by enrollees. 

Read More

Innovative Auto-ID and LBS - Chapter Twelve The Auto-ID Trajectory

This chapter considers the automatic identification (auto-ID) trajectory within the context of converging disciplines to predict the realm of likely possibilities in the short-term future of the technology. The chapter relies heavily on presenting a cross-section of research conducted primarily up until 2003 when the first commercial chip implant occurred, as a window to forecasting what kinds of technologies may become widely diffused by 2020. After showing the evolutionary development from first generation to third generation wearable computing, medical breakthroughs using implantable devices are documented. The findings of the chapter suggest that before too long, implantable devices will become commonplace for control, convenience and care-related applications. The paradigm shift is exemplified in the use of auto-ID, from its original purpose in identifying humans and objects to its ultimate trajectory with multifunctional capabilities buried within the body.

Read More

Innovative Auto-ID and LBS - Chapter Eleven Geographic Information Systems & Location-Based Services

This chapter is about geographic information systems (GIS) and its relevance to the location-based services industry. One might initially ask how relevant GIS is to a book that is predominantly about automatic identification and its future trajectory. The answer becomes apparent quickly as the reader is introduced to the importance of geocoding information, i.e., geographically linking data such as personal details using a unique ID number. In the past data matching programs have received a great deal of attention from privacy advocates, especially those used for the administration of government procedures. Till now, automatic identification has facilitated electronic services (e-services), allowing an individual to be matched to a fixed address, usually their place of residence. But it is one thing to tag and another to track. Today, we are moving towards a model of tracking and monitoring people as they go about their daily business, in real time. We are no longer satisfied with knowing where an individual lives but we want to know their every move- so that we can estimate traffic congestion on a busy road, design 3G mobile networks that have enough capacity during busy hours, and to ensure someone’s safety when adequate supervision is not available.

Read More

Innovative Auto-ID and LBS - Chapter Ten The Auto-ID Technology System

This chapter analyses the findings from the case studies on bar codes, magnetic-stripe cards, smart cards, biometrics and RFID tags and transponders. Its main aim is to describe the auto-ID innovation process, especially the prevalence of patterns of migration, integration and convergence in auto-ID techniques and devices. Migration will be shown to have occurred in the transition between magnetic-stripe cards and smart cards, and the transition between bar codes and RFID transponders. Integration will be demonstrated through the example of auto-ID hybridization, especially on multi-technology cards, and the use of biometric minutiae on 2D bar codes. The third pattern to be described is that of convergence, as in the case of radio-frequency capable smart cards. The auto-ID selection environment will also be discussed from the perspective of the service provider who is increasingly facing pressure to choose the right auto-ID technique for a given application context.

Read More

Innovative Auto-ID and LBS - Chapter Nine: RFID Tags and Transponders: The New Kid on the Block

Radio frequency identification (RFID) in the form of tags or transponders is a means of auto-ID that can be used for tracking and monitoring objects, both living and non-living. One of the first applications of RFID was in the 1940s within the US Defense Force. Transponders were used to differentiate between friendly and enemy aircraft. Since that time, transponders continued mainly to be used by the aerospace industry (or in other niche applications) until the late 1980s when the Dutch government voiced their requirement for a livestock tracking system. The commercial direction of RFID changed at this time and the uses for RFID grew manifold as manufacturers realized the enormous potential of the technology.

Read More

Innovative Auto-ID and LBS - Chapter Eight: Biometrics: In Search of a Foolproof Solution

Chapter XIII Biometrics: In Search of a Foolproof Solution

 

BIOMETRIC SYSTEMS

Historical Overview

Manual Biometrics

Biometrics is not only considered a more secure way to identify an individual but also a more convenient technique whereby the individual does not necessarily have to carry an additional device, such as an ID card. As defined by the Association for Biometrics (AFB) a biometric is “...a measurable, unique physical characteristic or personal trait to recognize the identity, or verify the claimed identity, of an enrollee.” The technique is not a recent discovery. There is evidence to suggest that fingerprinting was used by the ancient Assyrians and Chinese at least since 7000 to 6000 BC (O’Gorman, 1999, p. 44). Over a thousand years ago, potters in East Asia, placed their fingerprints on their wares as an early form of brand identity and in Egypt’s Nile Valley, merchants were identified by their physical characteristics (Raina, Woodward & Orlans, 2002, p. 25). The practice of using fingerprints in place of signatures for legal contracts is hundreds of years old (Shen & Khanna, 1997 p. 1364). It is believed that the first scientific studies investigating fingerprints were conducted some time in the late sixteenth century (Lee & Gaensslen, 1994).

In the nineteenth century Alphonse Bertillon in France developed anthropometrics as well as noting peculiar marks on a person such as scars or tattoos. It was as early as 1901 that Scotland Yard introduced the Galton-Henry system of fingerprint classification (Halici, L.C. Jain, Erol, 1999, p. 4; Fuller et al. 1995, p. 14). Since that time fingerprints have traditionally been used in law enforcement. As early as 1960, the FBI Home Office in the UK and the Paris Police Department began auto-ID fingerprint studies (Halici, L.C. Jain, Erol, 1999, p. 5). Until then limitations in computing power and storage had prevented automated biometric checking systems from reaching their potential. Yet it was not until the late 1980s when personal computers and optical scanners became more affordable that automated biometric checking had an opportunity to establish itself as an alternative to smart card or magnetic-stripe auto-ID technology.

 

Background

According to Parks (1990, p. 99), the personal traits that can be used for identification include: facial features, full face and profile, fingerprints, palmprints, footprints, hand geometry, ear (pinna) shape, retinal blood vessels, striation of the iris, surface blood vessels (e.g., in the wrist), electrocardiac waveforms. Withers (2002), Jain, A. et al. (1999), Lockie (2000), Ferrari et al. (1998, p. 23) and Hawkes (1992, p. 6/4) provide good overviews of various biometric types. Keeping in mind that the above list is not exhaustive, it is impressive to consider that a human being or animal can be uniquely identified in so many different ways. Unique identification, as Zoreda and Oton (1994, p. 165) point out, is only a matter of measuring a permanent biological trait whose variability exceeds the population size where it will be applied. As a rule however, human physiological or behavioral characteristics must satisfy the following requirements as outlined by Jain et al. (1997, pp. 1365f):

§  Universality: every person should possess that characteristic

§  Uniqueness: no two persons should have the same pattern in terms of that characteristic

§  Permanence: the characteristics should not change over time (i.e. invariance)

§  Collectability: the characteristic should be quantifiably measurable.

The four most commonly used physiological biometrics include, face, fingerprint, hand geometry and iris while the two most common behavioral biometrics are signature and voice recognition. Other examples of biometric types include DNA (deoxyribonucleic acid), ear shape, odor, retina, skin reflectance, thermogram, gait, keystroke, and lip motion (Bolle et al., 2007, p. 7; Greening, Kumar, Leedham, 1995, pp. 272-278). Even the Electroencephalogram (EEG) can be used as a biometric as proven by Paranjape et al. (2001, pp. 1363-1366). Most of these techniques satisfy the following practical requirements (Jain et al., 1997, p. 1366):

§  Performance: refers to whether or not the identifier is accurate, there are technical resources able to capture and process that identifier, and whether there are environmental factors which impact negatively on the decision policy outcome

§  Acceptability: addresses whether or not people are willing to use the system

§  Circumvention: refers to how easily a system may be duped.

 

The Biometric System

Independent of which biometric identifier is under consideration for a given application, they are all viewed as automated pattern recognition systems. Typically a biometric system includes a biometric reader, feature extractor and feature matcher. Biometric readers act as sensors, feature extractors take the input signals and compute those special attributes that are unique, and feature matchers compare biometric features attempting to find a match. Typically a biometric authentication system consists of an enrollment subsystem, an authentication subsystem, and database.

 

Components and Subsystems

In order for a biometric system to work, an individual must be enrolled, at which point the person’s basic measurements of one or more biometrics are taken by the feature extractor and stored in the database (Figure 1). Relevant associated details may be stored alongside the biometric such as the enrollee’s name and unique ID. If the method of authentication uses verification then typically a type of card is also linked to a person’s biometric feature. A subject provides an identifier like an ATM card and places their biometric on a reader. The reader senses the biometric measurements, extracts the features, and compares the input features with what is stored on the database. The system either accepts or rejects the subject from the given application. In the case of straightforward identification during authentication, a biometric sample from the subject is taken and the entire database is searched for matches (Bolle et al., 2007, p. 7). In practice, two separate steps occur: first an authentication mechanism will verify the identity of the subject, and second an authorization mechanism ties the appropriate actions to someone’s identity (Smith, 2002).

There are four steps that typically take place when using a biometric system. First data is acquired from the subject. The digital image captured of the biometric is transferred to the signal processing function (also known as image processing). Usually the data acquisition apparatus is collocated with the signal processor, but if it is not, the image is encrypted prior to transmission taking place. Second the transmission channel which acts as the link between the primary components will transfer the data. It can transfer internal to the device, or over a distributed system, usually over a private network. On occasion data may be acquired remotely at branch locations and data stored centrally. Third the signal processor takes the raw biometric image and begins the process for matching. The process of segmentation occurs resulting in a feature extraction and a quality score. The matching algorithm attempts to find a record that is identical resulting in a match score. Finally, a decision is made based on the resultant scores, and an acceptance or rejection is determined (Raina, Woodward & Orlans, 2002, p. 29-30).

 

Authentication versus Verification

There are three modes of authentication: (i) possessions (e.g. using a smart card), (ii) knowledge (e.g. recollecting a password), and (iii) biometrics (e.g. using a physiological characteristic of an individual to distinguish them from others). Smith (2002) describes these modes as (i) something you have, (ii) something you know, and (iii) something you are. During automated authentication in biometrics, two methods are common: (i) verification, and (ii) identification. Verification is based on a unique ID which singles out a person and that person’s biometrics, while identification is based only on biometric measurements which are compared to a whole database of enrolled individuals (Bolle et al. 2004, p. 5). Depending on the manner in which biometrics are used, the process of authentication differs. Today, multi-factor authentication is prevalent in most biometric systems (e.g. the use of PINs, ATM cards and a biometric for withdrawing cash from a biometric-enabled ATM machine).

 

Biometric Identifiers

Since there are several popular biometric identifiers, some space must be dedicated to each. While some techniques are further developed than others, there is not one single identifier that fits all applications. “Rather, some biometric techniques may be more suitable for certain environments, depending on among other factors, the desired security level and the number of users... [and] the required amount of memory needed to store the biometric data” (Zoreda & Oton, 1994, p. 167f). Dr J. Campbell, a National Security Agency (NSA) researcher and chairman of the Biometrics Consortium agrees that no one biometric technology has emerged as the perfect technique suitable for all applications (McManus, 1996).

The brief technical description offered below for each major biometric identifier only takes into consideration the basic manner in which the biometric transaction and verification works, i.e., what criteria are used to recognize the individual which eventuates in the acceptance or rejection of an enrollee (Bigun et al., 1997). For each technique verification is dependent upon the person’s biological or behavioral characteristic being previously stored as a reference value. This value takes the form of a template, a data set representing the biometric measurement of an enrollee, which is used to compare against stored samples. In summary, fingerprint systems work with the Galton-defined features and ridge information; hand geometry works with measurements of the distances associated between fingers and joints; iris systems work with the orientation of patterns of the eye; and voice recognition uses voice patterns (IEEE, 1997, p. 1343).

 

Fingerprint Recognition

Fingerprints are classified upon a number of fingerprint characteristics or unique pattern types, which include arches, loops and whorls (Cohen 1994, p. 228). If one inspects the epidermis layer of the fingertips closely, one can see that it is made up of ridge and valley structures forming a unique geometric pattern. The ridge endings are given a special name called minutiae. Identifying an individual using the relative position of minutiae and the number of ridges between minutiae is the traditional algorithm used to compare pattern matches (Jain, L. C. et al., 1999; Meenen & Adhami, 2001, pp. 33-38). The alternative to the traditional approach is using correlation matching (O’Gorman, 1999, pp. 53-54) or the pores of the hand. Pores have the characteristic of having a higher density on the finger than the minutiae which may increase even more the accuracy of identifying an individual.

The four main components of an automatic fingerprint authentication system are acquisition, representation (template), feature extraction, and matching (Jain et al., 1997, p. 1369). To enroll a user types in a PIN and then places their finger on a glass to be scanned by a charge-coupled device (CCD). The image is then digitized, analyzed and compressed into a storable size. In 1994, Miller (p. 26) stated that the mathematical characterization of the fingerprint did not exceed one kilobyte of storage space; and that the enrolment process took about thirty seconds and verification took about one second. Today these figures have been significantly reduced. For instance, the template size for a fingerprint in 2002 was 256 Bytes. For major fingerprint and hand geometry biometric developments refer to Higgins (2002, pp. 45-68).

 

Hand Recognition

Hand recognition differs from fingerprint recognition as a three dimensional shape is being captured, including the “[f]inger length, width, thickness, curvatures and relative location of these features…” (Zunkel, 1999, p. 89). The scanner capturing the images is not concerned with fingerprints or other surface details but rather comparing geometries by gathering data about the shape of the hand, both from the top and side perspectives. The hand, i.e. palm facing downward, is position on the faceplate and a capacitive switch senses the hand is present and initiates a scan. The measurements gathered are then compared to the stored data for matching (McCrindle 1990, p. 101). A set of matrices helps to identify plausible correlations between different parts of the hand. Some equipment vendors use five pegs to help position and stabilize the hand on the faceplate. These pegs act as control points. Typically more than one digital image of the hand is taken- from the view of the faceplate, and also a side view.

The hand geometric pattern requires less storage space than the fingerprint (between 9 Bytes and 20 Bytes depending on the manufacturer) and it takes less time to verify someone’s identity. Quality enrolment is very important in hand recognition systems due to potential errors. Some systems require the enrollee to have their hand scanned three times, so that readings of the resultant vectors are averaged out and users are not rejected accidentally (Ashbourn, 1994, p. 5/5).

 

Face Recognition

While fingerprinting and hand recognition require a part of the body to make contact with a scanning device, face recognition does not. It is for this very reason that facial recognition systems have been used widely for surveillance and monitoring applications (Figure 2). For example, they are able to scan faces in public places and compare them to watch list databases. Facial recognition usually refers to “…static, controlled full-frontal portrait recognition” (Hong & Jain, 1998, p. 1297). In fact, recognizing someone by their appearance is quite natural and something humans have done since time began (Sutherland, Rengham & Denyer, 1992, p. 29; Weng & Swets, 1999, p. 66; Howell, 1999, p. 225; and Sirohey, Wilson & Chellappa, 1995, pp. 705-740).

Identifying people by the way they look is not as simple as it might sound (Pentland, 2000, pp. 109-111). People change over time, either through the natural aging process or by changes in fashion (including hair cuts, facial hair, make-up, clothing and accessories) or other external conditions (Miller, 1994, p. 28). If humans have trouble recognizing each other in certain circumstances, one can only begin to imagine how much more the problem is magnified through a computer which possesses very little intelligence especially across a sizable population.

What may seem like an ordinarily simple algorithm is not; to a computer a picture of a human face is an image like any other that is later transformed into a map-like object. Paramount in facial biometrics is that the subject must be wholly within the image frame being investigated. This is especially tricky when looking at applications like crowd control where there are dense pockets of people and with variation in seating or stance. The camera’s location, field of view, and background setting need to be tested in extreme situations, to enable faces to be viewed and non-face images to be removed. In facial recognition systems, the segmentation phase is complex, removing background noise. This feature vector is compared against the discriminating power, the variance tolerance, and the data reduction efficiency. Shen and Khanna describe these variables (1997, p. 1422): “[t]he discriminating power is the degree of dissimilarity of the feature vectors representing a pair of different faces. The variance tolerance is the degree of similarity of the feature vectors representing different images of the same individual’s face. The data-reduction efficiency is the compactness of the representation.”     

Engineers use one of three approaches to automate face recognition. These are eigen-face, elastic matching, and neural nets (IEEE, 1997, p. 1344). Once the face image has been captured, dependent on the environment, some pre-processing may take place. The image is first turned into grayscale and then normalized before being stored or tested. Then the major components are identified and matching against a template begins (Bigun et al., 1997, pp. 127f). A typical facial pattern can be stored in a template of between 86 Bytes and 100 Bytes. Facial recognition systems work best within controlled environments, and performance depends on this and other environmental factors.

 

Iris Recognition

The spatial patterns of the iris are highly distinctive. According to Williams (1997, p. 24) the possibility that two irises would be identical by random chance is approximately 1 in 1052. Each iris is unique (like the retina). Some have reckoned automated iris recognition as only second to fingerprints, while others claim that it is the most accurate biometric identifier available today (Daugman, 2006). According to Wildes (1997, p. 1349) these claims can be substantiated from clinical observations and developmental biology. While some manufacturers claim to be able to capture a digital iris image at even 10 meters, commercial systems have a focal distance typical not more than an arm-length away (e.g. ATMs based on iris recognition).

The iris is “a thin diaphragm stretching across the anterior portion of the eye and supported by the lens” (IEEE, 1997, p. 1344). While it was ophthalmologists who were awarded the patent of describing methods and patterns for iris recognition in 1987, it was an academic from Cambridge University who developed the fundamental algorithms to encode an iris pattern (Daugman, 2008). While still involved in academia, Daugman has commercialized most of his research.

The first step in the process of iris identification is to capture the image (Figure 3). This can be done using a normal digital camera with a resolution of 512 dpi (dots per inch). The user must be a predetermined distance from the camera (Jain, A. et al., 1999, p. 9). Second, the image must be cropped to contain only the localized iris, discarding any excess. Third, the iris pattern must be matched, either with the image stored on the candidate’s card or the candidate’s image stored in a database. Between the second and third step processing occurs to develop an iris feature vector. This feature vector is so rich that it contains more than 400 degrees of freedom, or measurable variables. Most algorithms only need to use half of these variables and searching an entire database can take only milliseconds with an incredible degree of accuracy (Williams, 1997, p. 23). Matching algorithms are applied to produce scale, shift, rotation and distance measurements to determine exact matches (Camus et al., 1998, pp. 254-255 and Daugman, 1999, pp. 103-121).

Since iris recognition systems are non-invasive/ non-contact, some extra protections have been invented to combat the instance that a still image is used to fool the system. For this reason, scientists have developed a method to monitor the constant oscillation of the diameter of the pupil, thus declaring a live specimen is being captured (Wildes, 1997, p. 1349). A transaction time of between 4 and 10 seconds is required for iris recognition, although most of that time is spent aligning the subject for the digital image capture.

 

Voice Recognition

The majority of research and development dollars for biometrics has gone into voice recognition systems, also known as voice verification systems. Due to its attractive characteristics, telecommunications manufacturers and operators in the 1990s like Nortel and AT&T, along with a number of universities allocated large amounts of funds to research in this domain. Since there are literally billions of telephones in operation globally, voice recognition can be used as a means to increase operator revenues and decrease costs (Miller, 1994, p. 30). Among one of the most well-known voice recognition implementations was Sprint’s Voice FONCARD which ran on the Texas Instruments voice verification engine (Boves and Os, 1998, pp. 203-208).

There are two main types of identification in voice recognition, unconstrained and constrained modes of speech. Unconstrained verification is when someone talks as normal, using a diverse lexicon familiar to them, and answering questions naturally without being prompted. This form of verification while still relatively successful is dependent on the application. Depending on the individual’s accent and proficiency in a given language, sometimes this kind of verification is plagued by errors. It can almost be likened to recording an interview on a digital recorder, and running the recorded speech through an automated recognition system- the results are often quite poor. Constrained verification achieves considerably lower errors rates. This is because constrained verification relies on predetermined single words or phrases, often prompted by the system. Australia’s Centrelink call centre is now for the greater part based on voice recognition. A question is posed to the caller and then an answer is captured by the system, and then replayed to callers for confirmation.

Out of all the variety of biometric technologies, consumers consider voice recognition as the most friendly. Markowitz (2001) wrote that “[d]espite the dot.com crash, 2001 [was] … a very good year for [speaker verification] vendors, with the number of pilots and actual deployments increasing”. The two major types of voice recognition systems are text-dependent and text-independent. The way voice recognition works is based on the extraction of a speech interval sample typically spanning 10 to 30 ms of the speech waveform. The sequence of feature vectors is then compared and pattern matched back into existing speaker models (Campbell, 1999, p. 166). While voice recognition is not the most secure technology, i.e. it is open to playback attacks, if used in concert with a PIN or smart card, false acceptance rates are strengthened significantly. For concise technical details on how voice recognition systems work see Orlans (2002, pp. 83-85).

 

System Accuracy

While biometric techniques are considered to be among the most secure and accurate automatic identification methods available today, they are by no means perfect systems. False accept rates (FAR) and false reject rates (FRR) for each type of biometric are measures that can be used to determine the applicability of a particular technique to a given application (Ruggles, 1996b). Some biometric techniques may also act to exclude persons with disabilities by their very nature, for instance in the case of fingerprint and hand recognition for those who do not possess fingers or hands. In the case of face recognition systems, one shortcoming is that humans can disguise themselves and gain the ability to assume a different identity (Jain, A. et al., 1999, p. 34). Other systems may be duped by false images or objects pertaining to be hands or iris images of the actual enrollee (Miller, 1994, p. 25). Carter and Nixon (1990, p. 8/4) call this act forgery. Putte (2001) discusses the challenge for a fingerprint scanner to recognize the difference between the epidermis of the finger and dummy material (like silicone rubber) (BBC, 2002).

In the case of the ultimate unique code, DNA, identical twins are excluded because they share an identical pattern (Jain, A. et al., 1999, p. 11). Even voice recognition systems are error-prone. Some problems that Campbell (1997, p. 1438) identifies include: “misspoken or misread prompted phrases, extreme emotional states, time varying microphone placement, poor or inconsistent room acoustics, channel mismatch, sickness, aging.” Another issue with voice recognition systems is languages. Some countries like Canada have populations that speak several languages, i.e., English and French. Finally the environment in which biometric recognition systems can work must be controlled to a certain degree to ensure low rates of FAR and FRR. To overcome some of these shortcomings in highly critical applications, multimodal biometric systems have been suggested. Multimodal systems use more than one biometric to increase fault tolerance, reduce uncertainty and reduce noise (Hong & Jain, 1999, pp. 327-344). Automated biometric checking systems have acted to dramatically change the face of automatic identification. It is believed that in the future, esoteric biometric systems, including things like brain wave patterns, will prevail. It is possible that the driver’s license of the future may not only be able to identify a driver using traditional physiological biometric, but also detect if someone should be driving or otherwise under the influence of alcohol or drugs using esoteric biometrics (Woodward, Orlans & Gatune, pp. 135-136).

 

THE BIOMETRIC INNOVATION SYSTEM

An Emerging Technology

At the turn of the 21st century, the biometrics industry was considered “young” and “emerging” (Kroeker, 2000, p. 57; Tilton, 2000, p. 130; A. Jain, 2004). Today, propelled forward by changes to traditional travel documents due to a turbulent global environment, biometrics are rapidly being deployed worldwide. As Burnell (1998, p. 2) accurately stated, “[f]our years ago, if you talked about a biometric, it was new to just about everybody… That’s just not the case anymore. Resellers are seeing the benefits of biometrics for certain applications”. In 2001, the biometrics industry was made up of about 150 separate hardware and software vendors (Liu & Silverman, 2001, p. 30). The number has oscillated in the last few years, as some biometrics hardware vendors have converged and new software-related vendors have emerged. Estimates in 1990 (Parks, p. 98) indicated that there were over one hundred firms, institutions and government agencies that had substantial activity in the area of Automatic Personal Identification (API). Biometrics companies are usually small in size when compared to the rest of the computer industry. For this reason they are dependent on resellers and systems integrators to get their product to market (Burnell, 1998, p. 2).

Given the nature of the technology it can be a difficult task finding the right integrators in the right place at the right time to implement a particular type of solution. While integrators and support technology providers play an important role in biometric implementation, the actual service provider is equally responsible for the longer-term operational success of the application (M2SYS, 2008). Realizing this, the Department of Social Services in Connecticut made extensive use of cross divisional workgroup teams to ensure a buy-in of the new process by DSS staff first. The work group teams focused primarily on process integration (Connecticut Dept., 1998, p. 1).

A fair degree of customizability and niche expertise is required in biometric applications- it is not a case of one size fits all. For example, an integrator specializing in fingerprint recognition systems usually does not have the same level of competency to do a voice recognition implementation. Thus, each new customer contract is not only an opportunity to gain more revenue but also exposure to a different set of problems that will equip all the stakeholders with valuable tacit insights for the longer-term.

Over the last ten years, integrated solutions for biometrics have seen the formation of a number of alliances that have led to a greater acceptability of the auto-ID technique. For instance, in 1999, biometrics provider Sensar had seven high profile partners including: Citibank, OKI, Siemens Nixdorf, Fujitsu, NCR, LG Electronics and WANG Global (Sensar, 1999). In most cases the hardware suppliers are teaming with software companies, while some other companies have enjoyed such synergy within an alliance that they have sought to form completely new companies together. Investors have generally been wary of sponsoring technologies like biometrics that have not proved completely roadworthy in certain situations; and in these instances “banks [especially] tend to err on the side of caution” (Jacobs, 1998, p. 1). Even government departments are said to stay away from bleeding edge technology that are not on the evaluated list of products (EPL). They need to undergo thorough testing before they are adopted (Withers, 2002, p. 78).

In recent times however, the major computing, networking, security and Original Equipment Manufacturers (OEM) have begun to play a more visible role in the support and development of biometric technology as they have seen its potential bolster, particularly through government adoption for mass market applications. An example of an OEM agreement in smart card is between Australian company Intellect and NCR. Some of Intellect’s smart card system components are NCR-badged (Bell, 1997, p. 37). The NCR brand name is more well-known than that of Intellect and NCR like to promote a uniform brand image to their customers so it looks like they can provide an end-to-end smart card solution. As end-to-end solution providers start to surface and the infrastructure to support biometrics is put in place the technology will inevitably stabilize.

 

From Proprietary to Open Standards

The Increasing Need for Interoperability

One problem that so many small players in biometrics causes is in the fragmented and non-standard manner in which vendors develop their products, in isolation from one another. For instance, Vendor A may have developed a robust biometric technology that solves a particular part of an overall solution, and Vendor B may have a supplementary piece of technology, but the two products from each vendor cannot be integrated for a particular solution without some expensive and arduous programming. As has often been stated, “[t]his makes it difficult to link biometric technologies from different vendors, freely substitute biometric technologies, or use a single technology across multiple applications” (Lawton, 1998, p. 18). This has deterred customers from choosing biometric solutions and in the opinion of many players has held back the industry.

Like most new technologies, biometrics companies have been slow to embrace a set of standards. “The existence of a single industry standard will settle the confusion caused by competing specifications and hasten the adoption of biometric technology for a wide range of commercial applications” (Tilton, 2000, p. 132). Standards play a strategic role in deregulating the industry and making it a more competitive field, granting customers a greater variety of choice. Lazar (1997, p. 3) believes that biometric technology is not different to any other new technology. Initially, there are few standards and most systems are proprietary contributing to a lack of standard infrastructure for storing and transferring data captured. The important features organizations seeking to adopt biometric technology should look for are outlined by Liu and Silverman (2001, p. 32). These include: “the biometric’s stability, including maturity of the technology, degree of standardization, level of vendor and government support, market share, and other support factors. Mature and standardized technologies usually have stronger stability.”

 

The Development of Standards for Law Enforcement

Traditionally biometric technology was used for government and law enforcement applications where a high degree of custom integration was required. Manual standards for instance existed since the 1920s when the FBI (Federal Bureau of Investigation) in the U.S. started processing fingerprint cards. These standards ensured completeness, quality and permanency. In the 1980s another standard was devised to herald in the new live-scan fingerprint devices; the Minimum Image Quality Requirements (MIQR) was born. Eventually the FBI allowed virtual fingerprint cards to be submitted electronically and a new set of standards had to be introduced including “comprehensive guidelines on the required message formats and image quality standards” (Higgins, 1995, p. 2). Finally the FBI transitioned to the Integrated Automated Identification System (IAFIS). Higgins observed that many of the existing standards had corollaries in the electronic world- they did not just disappear, but were carried over. For example, ANSI/NIST-CSL 1-1993 describes the record types associated with digital fingerprint transmission. Today what is needed is off-the-shelf type biometrics for rapid deployment and this is currently what is being evolved.

 

BioAPI

With so many small companies, and so many different types of biometric techniques and components one can only imagine the number of proprietary interfaces, algorithms and data structures that were introduced by the biometrics community. As the small industry began to grow, vendors started to offer software development kits (SDKs) with proprietary APIs. While this was a step in the right direction the standards were still proprietary. According to Burnell (p. 1) 1998 was a defining stage in biometrics history as suppliers began to reach out to the wider computing community. Several specifications were published by ANSI, the International Computer Security Association (ICSA) certified biometrics products for the first time, and AIM USA began undertaking biometrics efforts along with the formation of the International Biometrics Industry Association (IBIA). The standards issue gathered momentum as large players like the Microsoft Corporation saw the technology’s potential and the BioAPI Consortium was born.

The creation of a standard application programming interface (API) was championed by the Consortium. “BioAPI is an open-systems standard developed by a consortium of more than 60 vendors and government agencies. Written in C, it consists of a set of function calls to perform basic actions common to all biometric technologies, such as enroll user, verify asserted identity (authentication), and discover identity” (Liu & Silverman, 2001, p. 30). The importance of the BioAPI standard is highlighted in Dunstone (2001, pp. 351-354). BioAPI is based on an architecture model which contains two to four layers, depending on the design. The highest level contains the fundamental biometric functions. The lowest level is where the control of interfaces with devices occurs (Tilton, 2000, p. 131). An example of a draft level standard is the Biometric Exchange File Format which defines how to store and exchange data from a variety of biometric devices (Liu & Silverman, 2001, p. 30). Subsequent to the fine work of the BioAPI Consortium has been that of the Information Technology Laboratory (ITL).

After the tragic events of the September 11th attacks, biometric standards activities were accelerated in response to newly formed U.S. security legislation. ITL spearheaded this development in collaboration with Federal Agencies, end-users, biometric vendors and the IT industry at large. In 2003, the standards activities were extensive and gaining a great deal of attention. Some of these standards activities included the INCITS M1-Biometrics Technical Committee, Common Biometric Exchange File Format, ANSI INCITS 358-2002 Information Technology- BioAPI Specification (Version 1.1), Human Recognition Services Module (HRS) of the Open Group’s Common Data Security Architecture, ASNI X9.84-2000 Biometrics Management and Security for the Financial Services Industry, ANSI/NIST-ITL 1-2000 Fingerprint Standard Revision, AAMVA Fingerprint Minutiae Format/National Standards for the Driver License/Identification Card DL/ID-2000, Part 11 of the ISO/IEC 7816 standards, and NIST Biometric Interoperability Performance and Assurance Working Group (NIST, 2002; INCTIS, 2002).

 

Formal ISO Standards

It is without a doubt that the BioAPI Consortium activities placed pressure on the International Standards Organization (ISO) to develop “formalized” biometric standards to assist with the proliferation of biometric applications worldwide (Stapleton, 2003). Without a common language, the implementation of automated recognition systems would have been severely inhibited. In 2002, Subcommittee 2 of the ISO Technical Committee 68 (TC68/SC2) was tasked with developing standards directly related to the security management and general banking operations audience in the financial industry. At that time ISO also established a Joint Technical Committee (JTC) with the International Electrotechnical Commission (IEC) to address information technology standards relevant to biometric technology. Since that time, a great deal of change has occurred and a number of new standards have emerged (ISO, 2008). Some of these include:

§  JTC 1/SC 37 (focused on information technology and biometrics)

o   ISO/IEC TR 24741:2007 Information technology -- Biometrics tutorial

o   ISO/IEC 24713-2:2008 Information technology -- Biometric profiles for interoperability and data interchange -- Part 2: Physical access control for employees at airports

o   ISO/IEC TR 24714-1:2008 Information technology -- Biometrics -- Jurisdictional and societal considerations for commercial applications -- Part 1: General guidance

o   ISO/IEC TR 24722:2007 Information technology -- Biometrics-- Multimodal and other multibiometric fusion

§  JTC 1/SC 17 (focus on identification)

o   ISO/IEC 11694-6:2006 Identification cards -- Optical memory cards -- Linear recording method -- Part 6: Use of biometrics on an optical memory card

o   ISO/IEC 18013-1:2005 Information technology -- Personal identification -- ISO-compliant driving licence -- Part 1: Physical characteristics and basic data set

§  TC 68/SC 2 (focus on security and management in financial services)

o   ISO 19092:2008 Financial services -- Biometrics -- Security framework

Of particular interest is the more recent activity in 2007/08 in the formation and further enhancement of standards to meet a need in the industry at large, not to mention changes to legislation especially in the United States.

 

Consortiums and Associations

Apart from the BioAPI Consortium, a number of other working groups have formed to support biometric technology. These consortiums differ somewhat from the smart card consortiums. They have been established for the purpose of instilling stakeholder confidence in the technology and to bring together key representatives who have a common interest. Among the list of consortiums and associations active at the turn of the century, was the European Biometrics Forum (EBF), International Biometric Association (IBIA), the Commercial Biometrics Developer’s Consortium (CBDC), the Biometric Testing Services (BIOTEST), the Association for Biometrics (AfB), the Financial Services Technology Consortium, the International Association for Identification (IAI), and the National Centre for Identification Technology. It is standard practice for government tenders to be channeled through consortia. The tender responses are usually championed by integrators such as TRW, Unisys, Siemens, IBM and include traditional biometrics manufacturers like Motorola, NEC, Sagem and Cogent, and card manufacturers like Gemalto (Didier, 2004).

The EBF (2008) is one of the more active forums in Europe and has the aim of “addressing barriers to adoption and fragmentation in the marketplace. The forum also acts as the driving force for coordination, support and strengthening of the national bodies.” IBIA which is based in the United States, mainly “focuses on educating lawmakers and regulators about how biometrics can deter identity theft and increase personal security” (Kroeker, 2000, p. 57). The IBIA has established a strong code of ethics for members to follow. BIOTEST is a European project aimed at developing standard metrics for measuring/comparing the performance of biometric devices. The AfB want to be considered an international authority on biometrics. Whereas “…other industry organizations are mainly designed for biometric industry companies, the AfB’s membership will continue to be a broad church comprising biometric suppliers, end users, government agencies, academics and consultants” (Lockie, 2001).

 

The Biometric Consortium

Perhaps the most influential of them all however is the Biometric Consortium (Alyea & Campbell, 1996). The Biometric Consortium can be likened to the Smart Card Forum in aim and purpose, except that it is working on behalf of the U.S. Government and represented by officials from six executive government departments and each of the military services. Lawton (1998, p. 18) makes an interesting observation about biometric technologies, stating that “[s]ecurity technologies start with the government, and work their way down to industrial and then finally to personal applications” (Lawton, 1998, p. 18). The Biometric Consortium was established in 1992 (its charter formally approved in 1995) and meets to promote biometrics, create standards and relevant protocols, provide a forum for information exchange between stakeholders, to encourage government and commercial interaction, to run workshops linking academia and private industry and address ethical issues surrounding the technology among other things (Alyea & Campbell, 1996, p. 2). By establishing one central body for the research, development, testing and evaluation of biometrics, the National Security Agency (NSA) formed the Consortium as part of its Information Systems Security mission and invested personnel resources and funds to provide support to the Consortium. The NSA considered biometrics to have excellent potential for DOD (Department of Defense) applications and other Federal agencies and wanted the independent technical capability to make decisions for government needs.

The U.S. government became especially interested in biometrics in the 1970s. They commissioned the Scandia Labs to compare various biometric identifiers. The report concluded that this technique was more accurate than the others. So influential were the findings of the government-commissioned report, that “[t]he impact of the study was to shift focus on fingerprint technology. Because of this early emphasis on fingerprint technology, the years since 1970 have produced a large body of research and development in fingerprint identification algorithms and integrated systems” (Ruggles, 1996a, p. 8). Thus it is not surprising that the U.S. government, more than twenty years later, invested time and money into the establishment of the Biometrics Consortium. The Consortium however, is also concerned with the exchange of information between the government, private industry and academia. For now, it serves as the U.S. government’s testing ground for the future of biometrics in public administration.

 

Government and Industry Links with Academia

Biometrics research centers have sprouted up all over the globe (BC, 2009). This is one technology where there is a lot of scope for government and industry linkages with academia for the development of potential biometric applications. In 2001, for instance, DOD became a member of the Centre for Identification Technology Research (CITeR) at West Virginia University (WVU). WVU has one of the world’s leading forensics degree programs (CITeR, 2008). CITeR was developed in collaboration with Marshall University, Michigan State University and San Jose State University to serve as one of the first academic biometric centers. The latter was awarded a 400,000 U.S. dollar contract in 1995 to “study and develop standards for biometric identifiers for use with commercial truck drivers’ licenses” (Woodward, 1997, p. 1482). Research on biometrics at San Jose University began in 1994.

In 1997 the Biometric Consortium established the National Biometric Test Centre at the university. San Jose is also the only university to participate as a member in the Biometric Consortium. In Asia, the Hong Kong Polytechnic University has some impressive ties with industry and other academic institutions including the National Tsing Hua University in Taiwan, University of Sinica and University of South Florida. The Lab in Hong Kong specializes in transferring multiple biometric technologies to industry and is currently exploring integrated biometric solutions. It is continually building up its knowledge base as it sees local opportunities for biometrics arising. Other universities involved in biometric research include: MIT Lincoln Labs, Purdue University, Nagoya University (Japan) and Rutgers University. Some of the European universities researching biometrics include: the University of Bologna (Biometric Systems Laboratory in Italy), the University of Neuchatel (Pattern Recognition Group- IMT in Switzerland), and the University of Cambridge (Speech Vision and Robotics Group).

 

Legislation and New Technologies

Laws almost always lag behind new innovations. In the case of biometrics, this is not any different (Walden, 2000, pp. 2/1-2/11). Kralingen, Prins and Grijpink (1997, p. 2) believe that “[w]hen a new technology is introduced, its applicability and the adequacy of existing laws needs to be examined.” Yet opinions are divided whether present laws are sufficient to handle privacy issues or new protections for privacy need to be introduced specifically for biometrics (van der Ploeg, 2003). Woodward (2002b, pp. 220-231) discusses the right to privacy with respect to biometrics using three paradigms referencing the work of Robert Ellis Smith, editor of the Privacy Journal: physical privacy, decisional privacy and informational privacy. Physical privacy has to do with freedom from contact with others including those who are tasked with monitoring. Decisional privacy is the freedom of the individual to make choices, such as whether they may opt-in or opt-out of a service, without coercion or pressure by the government. And informational privacy is the right of the individual to limit information about him or herself. For information privacy as related to the law, the works of Solove should be studied extensively (Solove, 2004, 2008a, 2008b; Solove, Rotenberg & Schwartz, 2005, 2006).

 

Biometric Laws, Regulations or Codes of Conduct?

Despite their increasing deployment due to the falling cost of biometrics and government policy, for courts the technology is still new- there is no law governing biometrics in the United States. Woodward (1997, p. 1487) argues that “[w]e do not need a new “Law of Biometrics” paradigm; the old bottles will hold the new wine of biometrics quite well.” The best service providers can do is to develop their own Code of Fair Information Practice (CFIP) to gain the confidence of the consumer, even if these are not enforceable by law (Woodward, 1997, p. 1484). It follows from this that there is a growing need for policy makers to understand biometric technology and how unique human features stored digitally can be misused.

In Australia, the Biometrics Institute (2006) introduced a Privacy Code which was approved by the Privacy Commissioner in 2006 as related to Section 18BB(2) of the Privacy Act 1988 (Cth). According to the Biometrics Institute, the Privacy Code sought to build on Australia’s national privacy principles (NPPs) in “a manner that provides the community with the assurance needed to encourage informed and voluntary participation in biometrics programs. Biometrics Institute members understand that only by adopting and promoting ethical practices, openness and transparency can these technologies gain widespread acceptance.” As is the case with all “codes” the level of enforceability is questionable. Yes, members promise to adopt ethical practices, but generally the stakeholders developing the technology are not the ones who are tasked with ensuring the end-user’s private information remains private in the long term. Still, at least the Australian Government has attempted to address the matter rather than ignoring it altogether (DCITA, 2004).

 

Government Biometric Applications and Legislation

Kralingen, Prins and Grijpink (1997, p. 1) prefer the proactive approach rather than “simply waiting until problems arise and then think[ing] up an ad hoc legal solution” later. By the time a new innovation is introduced and adopted by the mass market, some analysis of the legal implications of those applications can be conducted. At the present, the reverse can be said to be taking place, as governments especially, throughout the world implement citizen mass market biometric applications for voting and social security welfare without a great deal of public discourse. In 1998 Mexico and Brazil followed several other countries when its national parliaments officially decided to use biometric technology to secure the voting process (Bunney, 1998, pp. 2-3). This is not to say that governments are ignoring legislative impacts of the technologies they are using to facilitate citizen services. Rather, it seems that government choices in technology are driving legislation in some states to enable the deployment to be fast-tracked. Wayman (2000, p. 76) supports this argument: “[e]ncouraged or mandated by federal legislation, governmental agencies at all levels have turned to technology in an attempt to meet… requirements.”

One of the most contentious issues in biometrics today is whether enrolment in particular applications is obligatory as opposed to voluntary. Wayman’s (2000, pp. 76-80) study on federal biometric technology legislation covers drivers licensing, immigration, employment eligibility, welfare and airport security and uncovers some interesting findings. The former has statutory implications (Kralingen, Prins and Grijpink, 1997, p. 2) because a biometric can be considered a type of personal data, owned by the individual. Perhaps the fundamental question is whether or not a government requirement to record a particular biometric is in breach of a citizen’s legitimate right to privacy. However, what court cases in the U.S. have consistently ruled on, is that certain biometrics do not violate federal laws like the Fourth Amendment.

O’Connor (1998, p. 9) determined that the “…real test for constitutionality of biometrics… appears to be based on the degree of physical intrusiveness of the biometric procedure. Those that do not break the skin are probably not searches, while those that do are”. Incidentally, O’Connor’s legal consideration is not in contradiction with a critical theological interpretation of the “mark” of the beast (Revelation 13:17). In the original Koine Greek (New Testament), the “mark” is described as a charagma, which literally means an incision into the skin, not just a mere surface mark such as a tattoo (M.G. Michael, 1998, p. 278, ft. 3). Yet, even scars and tattoos are being collected by the Federal Bureau of Investigation (FBI) so that several pieces of biometric information can be used to positively identify a suspect (Arena & Cratty, 2008).

In purely rational terms it is also a difficult case to argue against a technology that could save governments (and subsequently taxpayers) millions of dollars in areas like Social Security by reducing fraud. For example, in the U.S. changes to Regulation E in 1994 granted citizens, limited liability to EBT (Electronic Benefits Transfer) at the federal, state and local government level. “The Government Office of Accounting (GAO) projected fraud losses as a result of the Regulation E amendment, in the vicinity of 164 million and 986 million dollars” (Fuller et al., 1995, p. 8). In another example in the U.K. the National Audit Office (NAO) reported that one in ten welfare claims are fraudulent. In 1995 NAO estimated that 561,000 people made fraudulent Social Security claims at a cost to the government of 1.4 billion U.K. pounds (SJB ed., 1996a, p. 1). The fear is however, that biometrics gathered for one purpose could be submitted as admissible proof, in a court of law, for a completely different purpose. Among the most versatile biometrics used to show criminal activity are fingerprints and DNA (Brinton & Lieberman, 1994).

 

The Terrorism Threat

O’Connor (1998) has suggested that guidelines be set-up for biometric records such as in the case where an arrest does not lead to a conviction. Consider the national DNA database established by the FBI (Herald Tribune, 1998, p. 7) and its subsequent implications. The database is similar to that launched in the U.K. in 1995 that has matched 28,000 people to crime scenes and made 6,000 links between crime scenes. The debate over access to biometrics has taken on another perspective since the recent terrorist attacks on the U.S. World Trade Centre in 2001 and the Bali bombing in 2002. As a result of the September 11th attacks, the U.S. moved quickly to create several Public Laws. Relevant to biometrics are Public L No 107-56 (US Government, 2001), 107-71 and 107-173 (USA Government, 2002). Public L No 107-65 describes the appropriate tools required to intercept and obstruct terrorism, Public L No 107-71 focuses on introducing emerging technologies like biometrics for airport security for personnel, and Public L No 107-173 is about enhanced border security and visa entry reforms (NIST, 2002; Snyderwine & Murray, 1999).

O’Connor (1998, p. 9) prophetically stated years before the events of September 11th, that “[t]he government [would] still be able to show compelling state interests in combating terrorism, defending national security, or reducing benefits fraud sufficient to preserve the program’s constitutionality.” In these extreme circumstances (i.e. terrorism attacks) the case for mandatory biometric identification seems a great deal stronger. When comparing the mandatory recording of a biometric feature against the innocent loss of lives in a terrorist attack, biometrics as a human rights violation diminishes in importance. However, “[w]hile some people have revised their opinions about the invasiveness of various biometric techniques in light of the September 11th tragedy, the privacy debate continues throughout the US. If this hurdle is to be overcome, accurate information and education will still be required” (Watson, 2001). Having said that, government applications that use biometrics should be considered carefully (O’Neil, 2005).

A current case (S. AND MARPER v. THE UNITED KINGDOM) which was fought out in the European Court of Human Rights unanimously ruled that the storage of fingerprints and DNA in Britain of all criminal suspects, even individuals who turned out to be innocent, was a violation of the human right to privacy (European Court of Human Rights, 2008). More than any other in modern times, this court case has shown the conflict between technological progress and jurisdictional and societal issues pertaining to biometrics (Freeman, 2003; Lyall, 2008). While the outcome of this court case has far-reaching implications in Britain and more broadly in the European Union, it remains to be seen what kind of power the ruling has in non-member states internationally. Will the government of the United States, for instance, ever consider ceasing to collect fingerprint records of all aliens traveling to its shores? We will not be able to go back to an era of purely paper-based documentation without microchips in passports and the like. Layers of infrastructure built-up are almost impossible to tear down.

Kralingen, Prins and Grijpink (1997, p. 3) stipulate that the government has a role to play in ensuring that an adequate framework is in place for a given context, that special attention be placed on user acceptance, and the quality of critical social processes is to be guaranteed. The legislative process to get a bill through parliament can take a long time. In the case of the Connecticut DSS (Department of Social Security) it took three years for welfare recipients (those on general assistance (GA) and Aid to Families with Dependent Children (ADFC)) to be digitally fingerprinted. Jeanne Garvey who worked on the legislation said the process was unexpectedly difficult. She is quoted as saying “I didn’t know the process or the key people, but I know one thing- if you want to get something done you go to the top” (Storms, 1998, p. 2). The article by Storms on Garvey shows the complexity of human relationships in these types of projects. One is left to ponder on whether Garvey’s endeavor to reduce DSS fraud turns out to be a self-seeking journey to topple her opponents. Garvey says: “[i]f you want something badly enough, you have to be in people’s faces a little bit harder”. Perhaps however, it is not about wanting something badly enough, it is about doing the right thing by citizens, since as a senator you are acting on behalf of your constituents. Garvey continues: “I had to baby-sit this thing like a hawk… the thing I learned through this whole experience was never, never, never give up… these are once-in-a-lifetime type things” (Storms, 1998, pp. 3-4).

 

Biometrics and Privacy: Friend or Foe?

There are two schools of thought when it comes to biometrics: either these devices are privacy safeguards or they are privacy’s foe (Woodcock, 2005). Woodward (1997, pp. 1485-1489) explains the notion of “privacy foe” and “privacy friend” in his landmark paper on biometrics and elaborates further in a book chapter (2002a, pp. 197-215). Woodward summarizes the case of biometrics being privacy’s foe by discussing the loss of anonymity and autonomy, the “Big Brother” scenario, function creep and the degradation of the individual’s right to privacy. Of “privacy’s friend” Woodward discusses biometrics with respect to safeguarding identity and integrity, limiting access to private information, serving as a privacy enhancing technology, as well as providing benefits of convenience.

Dunstone (2001) describes the opposing thoughts in another way, those users who believe that there is no downside to privacy by using biometric technology and those who would only use biometrics in extremely limited circumstances (if at all). He writes: “[b]oth sides have salient points to back up their views. However there is significant middle ground which deals with the responsible and pragmatic use of biometrics”. The positions have been summarized by Clarke (1994):

“1) biometrics do help to protect an individual’s right to privacy because identification is ensured and access to information is limited;

2) biometrics is “a threat to civil liberties, because it represents the basis for a ubiquitous identification scheme, and such a scheme provides enormous power over the populace” (Clarke, 1994).

For Clarke and others like him, any high-integrity identifier such as biometrics represents a threat to civil liberties, potentially providing the State with enormous power over the populace.

 

Citizen Fears

Those who belong to privacy’s foe hold numerous fears about biometrics and related technologies (Computing, 1999; Moskowitz, 1999, p. 85). McMurchie (1999, p. 11) writes of the risks associated with biometrics. First, some users do not like the idea that they must give up a biometric identifier which is unique. Second, some people believe that an underground market will form around biometric data. Third, people believe that before too long, biometric data may be used for law-enforcement purposes. Fourth, some biometric data may be linked to centralized databases containing medical history (Woodward, 1997, p. 1484). Fifth, data gathered for one purpose may be used for another depending on who has power over it. This is the very real possibility of function creep. Davies is adamant, “[w]e would go for outright prohibition on the transfer of biometric data for anybody, for any purpose. If I give my biometric data for a specific purpose then it is locked-in, for all time, for that purpose. I cannot give my consent for its transfer and no one can force, or request for access to that information” (Roethenbaugh, 1998, p. 2). The U.S. social security number (SSN) introduced in 1936 is an excellent example of function creep (Hibbert, 1996, p. 686). It ended up being used by the banking sector, among numerous other uses. “The risks to privacy therefore do not lie in data by themselves, but in the way in which they are concatenated- or, more, generally, ‘processed’ or ‘handled’- for some specific purpose” (Sieghart, 1982, p. 103).

Sixth, biometrics technology discriminates some persons with disabilities. Jim Wayman, head of the National Biometrics Test Centre at San Jose State University, says that biometric systems are not perfect. He notes that 2% to 3% of the population cannot use them at any given time: “[e]ither they don’t have the (body) part or the part doesn’t look and work like everyone else’s, or something is just off” (Weise, 1998, p. 2). It is to this end that widespread consumer acceptance of the technology has been hampered. Service providers are aware of people’s privacy concerns and are conducting trials before implementing fully operational biometric systems to gauge the amount of end-user resistance. For example, when Nationwide considered using iris identification, a spokesman said: “[i]t’s a very unknown area, and we want to see what the reaction is like and whether or not it is commercially viable” (Craig, 1997, p. 3). What trials have discovered is that in general, “[t]he less intrusive the biometric, the more readily it is accepted” (Liu & Silverman, 2001, p. 32).

 

Government Tracking Citizens without Individual’s Consent

Agre (2001) argues that “[f]ace recognition systems in public places… are a matter for serious concern. The issue came to broad public attention when it emerged that fans attending the 2001 Super Bowl had unknowingly been matched against a database of alleged criminals…” In his case study on this event, Woodward (2001, p. 7) writes of the potential for “super surveillance” and refers to the ability of a tracker (in this case authorities) to follow a person and monitor their individual actions in real time or over a period of time. Agre’s concerns about facial recognition are similarly voiced by Rosenweig (2000).

In Hong Kong, Mathewson (1998) reported how hair testing helped detect drugs in school students. In this case, if a sample of hair was retained for DNA records it would be unethical. Increasingly, civil-libertarians are rejecting the implementation of any biometric technology: “Imagine an America in which every citizen is required to carry a biometrically-encoded identification card as a precondition for conducting business. Imagine having your retina scanned every time you need to prove your identification. Imagine carrying a card containing your entire medical, academic, social, and financial history. Now, imagine that bureaucrats, police officers, and social workers have access under certain circumstances to the information on your card. Finally, imagine an America in which it is illegal to seek any employment without approval from the United States government” (Williams, 1996, p. 1). Woodward (1997, pp. 1489-1490) differentiates between the notion of biometric centralization versus balkanization.

According to Wayman (2000, p. 76), the privacy fear is very much related to how governments could use biometric records in the future to track individuals in real-time. Wayman states that those people who propose, design and implement biometric solutions for government applications are sympathetic to citizen concerns about potential breaches in privacy. This is likely to be true but as vigilant as the technology providers may be there are defining limits to the number of hours and the number of resources any one company can dedicate to a project. In a perfect world, a perfect biometric solution could operate without any qualms but the world we live in is not perfect, and no one can categorically state that a system is foolproof even if the teams working on the solutions do their very best. Dale (2001) writes that privacy concerns are an issue for biometrics used, especially those for the purposes of law enforcement. The challenge is in the sharing of sensitive data between the relevant agencies. In an interview Davies states: “[w]e can conceivably end up with a multiple purpose national/international system from which people can’t escape” (Roethenbaugh, 1998, p. 2).

Perhaps the most controversial of all biometrics is DNA and its potential future applications. According to the Privacy Committee of Canada (1992, pp. 16-25), current and potential uses of genetic testing (i.e. acquiring a DNA sample) include: workplace testing, screening associated with human reproduction, screening as part of basic medical care, genetic screening to determine the right of access to services or benefits, forensic DNA analysis in criminal investigations and testing for research. For example: “[e]mployers (both public and private sector) may wish to identify “defective” (less productive) or potentially defective employees or applicants through genetic screening” (p. 16); and “Governments may one day wish to test persons to see if they are genetically suited to have access to certain services (advanced schooling, immigration or adoption)… or benefits (disability payments)” (p. 20). While the Privacy Committee of Canada offer a number of recommendations, one can only begin to ponder on the potential privacy issues linked with such widespread use of DNA. An incorrect record entry could affect an individual’s life indefinitely. An opposing argument however could lay claim that neglecting to use DNA evidence in a court of law may mean that innocent persons are not exonerated for crimes they have not committed.

 

End-User Resistance

Biometrics has also differed to any other auto-ID device before it, in terms of its level of invasiveness. According to the Sandia report, retinal scan had the most negative client reaction when compared to other biometric techniques. The “users have… concerns about retina identification, which involves shining an infrared beam through the pupil of the eye” (Ruggles, 1996a, p. 7). Lazar (1997, p. 4) has noted that “[f]ears of ‘Big Brother’- combined with intrusive measuring devices such as bright lights and ink pads- have had even technophiles dragging their feet on occasion. As the systems have become less intrusive however, user resistance has dwindled, but the suspicion is still there, vendors said, and agencies should not underestimate the importance of a user feeling comfortable with a technology.” According to Gunnerson (1999) people were used to remembering PINs and carrying cards but they were definitely not used to using body parts to grant them access to funds etc.

Biometrics has forced an ideological and cultural shift to take place (Ng-Kruelle, Swatman, Hampe, & Rebne, 2006, p. 16). The human body almost becomes an extension of the machine for that one moment that the physical trait is being verified or authenticated (Solove, 2004). The body becomes analogous to a token, i.e., something we have but at the same time, it is something we are. Davies (1996, pp. 236-239) describes something similar to this in his book on the section entitled the Future of Fusion. This is what could be considered intimate human-computer interaction (HCI). And biometrics designers have had to pay attention to consumer requirements when building biometric systems to minimize resistance. For example, the stigma that biometrics is for law enforcement has some users opposed to being fingerprinted even for physical access control applications (Lazar, 1997, p. 2). When biometrics for social security services was first proposed in the state of Connecticut to say it was controversial “…would be an understatement… Public perception and the association of fingerprinting with the criminal element was pervasive” (Connecticut Dept., 1998, p. 1). But this in itself did not stop its implementation (Heckle, Patrick, Ozok, 2007).

 

The Right to Opt Out of Any System for Any Personal Reason

While designers can respond to making biometric systems more user friendly, they really cannot cater for the needs of those people who hold religious beliefs about how biometric technology may lead to the fulfillment of prophecy, particularly in the widely quoted Book of Revelation (Michael, 1999). Short of calling this group of people fundamentalists, as Woodward (1997, p. 1488) does of one prominent leader, Davies is more circumspect in his appraisals: “I think they’re legitimate [claims]. People have always rejected certain information practices for a variety of reasons: personal, cultural, ethical, religious and legal. And I think it has to be said that if a person feels bad for whatever reason, about the use of a body part then that’s entirely legitimate and has to be respected” (Roethenbaugh, 1998, p. 3).

Dunstone (2001), the executive director at the Biometrics Institute also adds “[p]ublic concerns over biometric use should be taken seriously. It is particularly important that these issues are openly recognized as valid, both by the biometric vendors and by system implementers, if they are to reduce the risk of adverse public sentiment, particularly for those systems that are intended for wide scale deployment.” Opponents to the DSS Connecticut fingerprint imaging scheme for instance, mostly argued that fingerprinting was invasive and dehumanizing. These opponents cannot be considered fundamentalists just because they do not agree with the State. The naive response of the DSS was to “narrow [public] perception” by making the states chief executive the first to be fingerprinted (Connecticut Dept., 1998, p. 2). Of course, if it was that easy to change public perception, it would be equally easy to change people with all sorts of cultural, religious and philosophical objections against biometrics. This kind of intolerance to diverse attitudes however is dangerous. The Australian Federal Privacy Commissioner and the president of the Australian Council of Liberties have expressed concerns over privacy implications for an Australian passport based on face recognition. The response has been “whether we like it or not, it’s going to happen” (Withers, 2002, p. 79).

 

Towards Multi-modal Biometrics

One of the least discussed topics in biometrics which is related to privacy is ethics. Davies stated in 1998 that “[t]he biometrics industry need[ed] to develop an ethical backbone” (Roethenbaugh, 1998, p. 3). This was with specific reference to the targeted use of biometric technology on minority groups such as prisoners, uniformed personnel and the military. Davies is quoted as saying: “I’ve heard it said that captive groups are a good target market and that the biometrics industry can work outwards from there… The idea of target captive populations is offensive and sneaky” (Roethenbaugh, 1998, p. 3). In the same token, multimodal biometrics present more ethical dilemmas. “Sandia envisage multiple biometrics being used for ultra-secure physical access control applications in the future. They are working on a system that simultaneously applies facial, voice and hand geometry checks” (SJB ed., 1996, p. 1).

The legitimacy of one or two biometrics being used for a variety of applications may be warranted but the use of numerous biometrics could be considered somewhat intrusive and dangerous. Multimodal biometrics may be convenient but there still seems to be a fair degree of privacy issues that have not been considered. It is regularly expressed that “[c]ivil libertarians worry that we’re moving toward a world where our privacy is the price of convenience” (Weise, 1998, p. 1). However, multimodal biometrics vendors pronounce that several modalities “…achieves much greater accuracy than single-feature systems” (Frischholz & Dieckmann, 2000, p. 64). In the final analysis, “[d]espite 20 years of predictions that biometrics devices will become the next big thing, proliferation has been slow because of technical, economic, human-factor, legal, ethical, and sociological considerations” (San Jose, 2002, p. 1). Before the announcement by U.S. President George W. Bush, that the U.S. government was going to utilize advanced technologies for administrative purposes, biometrics deployments seemed to be only steadily increasing. It was during the Bush administration’s reign that the future of biometrics was solidified forever (Bain, 2008).

 

BIOMETRIC APPLICATIONS

Overview

First-mover Biometric Deployments for Government Applications

At the turn of the century, Unisys was just one of about twenty well-known companies that promoted biometric technology to be used with respect to the following applications: social services, driver’s licensing, voter registration, inmate verification, national identity, immigration control, patient verification and banking (Figure 4). In 2003, several U.S. states had biometric identification programs already for the distribution of social welfare including in Arizona, California, Connecticut, Illinois, Massachusetts, New York, New Jersey and Texas. Today that number is closer to about thirty U.S. states and many more with plans to implement biometrics in the future (Motorola, 2005).

Prior to the September 11 attacks, very few U.S. airports were equipped with biometric technology for the purpose of immigration control. At Newark and JFK airports, the Immigration and Naturalization Service Passenger Accelerated Service System (INSPASS) used hand recognition terminals. In the U.S., Charlotte/Douglas, Orlando, Reagan, Washington Dulles, Boston Logan and Chicago O’Hare international airports also had biometric systems, all but the former using fingerprints. Andreotta (1996) provides detailed information on what INSPASS was and how it worked and Bernier (1993) gives a brief overview. The feature article on immigration and biometrics by Atkins (2001) raises some very important issues. For one of the most in depth case studies on biometric ID see Schulman (2002) on the US/Mexico border crossing card (BCC). The study looks at the differences in personal identification requirements before and after the September 11th attacks and documents some of the changes that have taken place between the US/Mexico border check-point.

The Federal Bureau of Investigation (FBI) is another user of biometric equipment. One of the pioneers of fingerprint technology was Identicator Technology. Since the early 1970s they have specialized in inkless fingerprint products. Some of Identicator’s commercial partners in the late 1990s included S.W.I.F.T. and MasterCard. Identicator customers included the National Security Agency (NSA), U.S. Secret Service and the Social Security Administration (SSA) (Identicator, 1999). Before IAFIS (Integrated Automated Fingerprint Identification System) was developed, the FBI manually processed fingerprint cards, since about the 1920s. By 1997, the projected growth of automated fingerprint live-scans was estimated at 20,000 per work day (Higgins, 1995, p. 409), although this figure is more precisely 20,000 per month (T. Jones, 2006).

The United Kingdom (UK) National AFIS (NAFIS) involving the Police Information Technology Organization (PITO) is another system that shares similar characteristics to IAFIS. As Roethenbaugh reported (1998, p. 2): “By the year 2000, it is expected that NAFIS will support a database of over six million ten-print sets (60 million images) and up to one hundred thousand scenes of crime latents. Between eight and nine million ten-print sets are expected in the database by 2010.” This projection was surpassed in 2004 when 8.2 million ten-print images were stored on the database along with 1.2 million scene-of-crime marks (NG, 2004). Northrop Grumman Mission Systems was the prime contractor and system integrator for the design, development, installation, integration, test, operation, and maintenance of NAFIS in the UK.

In Columbia, voters must have an official voter identification card complete with photograph and digitized fingerprints before they can legally participate in the election process (O’Connor, 1998, p. 4). Jamaica is also experimenting with fingerprint minutiae data for a register of eligible voters (Woodward, 1997, p. 1483). BallotMaster is a biometrics-based voting system that ensures one vote per citizen. It was developed jointly by Neurodynamics and Surveys International. The system uses a bar code card for pre-registered voters and takes advantage of fingerprint biometric technology. Inmate verification is another application of biometrics. Since 1990, Cook County (Illinois) Sheriff’s Department has been using retinal scanning to process prisoners (Ritter, 1995). The Department processes between 300 and 500 people per day, mostly in the morning and has compiled a database of 350,000 individuals (Brakeman, 1998, pp. 1-3). According to Tom Miller of the U.S. Department of Justice, inmates, prison staff and visitors will be required to enroll in the biometric system at all Federal prisons in a bid to reduce inmate escapes (Figure 5). “A major use of biometric-based security systems is not so much designed to keep people out, as to keep them in. Prisons have begun using fingerprint and hand geometry readers to track prisoners. Such systems have also been employed to monitor parolees...” (O’Connor, 1998, p. 5). The Australian Government invested in speech recognition and natural language software developed by ScanSoft in 2003 in a bid to cut personnel costs in Centrelink’s high volume contact center.

 

Biometrics for Private Enterprise

Biometrics systems once considered for law enforcement purposes are now being used in private enterprises (Woodward et al., 2001). Products such as the AFIM (Automated Fingerprint Recognition Machine) Time Security System by International Automated Systems (IAS) are being marketed to employers who would like additional payroll accuracy. Among the advantages IAS outlined are cost effectiveness, improvement in manager’s effectiveness, and employee morale. Australia’s largest supermarket chain, Woolworths Ltd has been using Identix fingerprint scanners for almost a decade to monitor employee attendance: “[i]nstead of punching time cards, about 100,000 employees check into PCs located in 500 stores. Each store has one or two PCs running time and attendance software” (Aragon, 1998, p. 5). The Coca-Cola Company uses hand scanning for time and attendance for some of its employees (Chandrasekaran, 1997) as do many medical facilities such as hospitals (Woodward et al., 2001, pp. 93-99).

At universities, biometric systems have been introduced for meal allowances, entrance into examinations and tutorial attendance. At the University of Georgia for example, hand geometry has been in place since 1972 for payment of meals (Weise, 1998, p. 3). In banking several trials have been conducted using fingerprint identification for ATM cardholder verification in order to do away with the traditional PIN. Since the mid-1990s the prospect of iris ATMs have been given attention in the popular press (Fernandez, 1997, p. 10). Sensar’s prototype, IrisIdent was one of the first iris recognition systems proposed for the banking sector. Coventry, Angeli and Johnson (2003) have conducted usability studies that reinforce the promise of biometrics at the ATM interface. Still, it will be some time before this kind of authentication enters the market commercially in the banking sector.

One of the most challenging to design and yet the most acceptable form of biometrics is voice recognition. Nortel Networks has been a world leader in offering total solutions for public and private operators. In Canada and the U.S. people were able to use spoken commands to access information as far back as the late 1980s. In Canada, for instance, a subscriber who wished to access directory assistance or dial a number could do so by speaking the digits into the handset (Cameron, 1996, p. 32): “ADAS Plus used speech recognition to discern the caller’s language preference, the city for which a telephone number was requested, and whether the listing is residential or non-residential. The system displayed the information on a monitor, and a human operator provided the actual listing.” The business case for high-volume call centers like hotels, airlines or car reservation companies to incorporate voice recognition is becoming more and more viable (Datamonitor, 1998). More innovative uses of biometrics is for animal ID, particularly for monitoring whales as they migrate in the ocean, and even mice (Nilsson et al., 2003). Exceptionally novel is the Argus Solution developed especially for patience recovering from drug addictions etc (Figure 6).

 

Case 1: Biometrics in Government Applications

Social Services and Citizen ID

In the U.S. biometrics systems have been used for electronic benefits transfer (EBT) and other social services since July 1991 (Campbell et al., 1996). In a bid to stop fraud, the Los Angeles County in California introduced AFIRM (Automated Fingerprint Image Reporting and Match) for the administration of its General Relief (GR) program in the Department of Public Social Services (DPSS). The following extract is from the Hewlett-Packard (HP) case study on the Los Angeles deployment (HP, 1995, p. 3). “Using the AFIRM system, a GR applicant places his or her index finger on a live-scan camera which displays the image on a workstation in the district office. The prints are scanned... The image is then analyzed by the workstation to ensure acceptable quality and correct positioning. If necessary, the system prompts the clerk to re-attempt image capture. If the image is satisfactory, it is transmitted over a dedicated phone line, along with the demographic data, to the central site where it is compared against all other prints in the database...” GR is for people who are not eligible for financial assistance from both the federal and state governments.

In 1994, National Registry Incorporated (NRI) supplied finger-image identification systems to the Department of Social Services (DSS) in Suffolk County and Nassau County, New York. The New Jersey Department of Human Services and DSS of Connecticut were also later clients of NRI- all requiring finger-image systems to eliminate fraudulent activities. David Mintie, the project coordinator of Digital Imaging for the state of Connecticut, reported that this electronic personal ID system (1996, p.1):

“- conveniently and accurately enrolls qualified General Assistance (GA) and Aid to Families with Dependent Children (AFDC) clients into a statewide database

- issues tamper-resistant identification cards that incorporate finger-image ‘identifiers’ stored in two-dimensional bar codes

- uses finger-image identification to verify that enrolled clients are eligible to receive benefits.”

      In 1995 the San Diego Department of Social Services (DSS) announced that it was implementing a pilot project for a fingerprint identification solution to ensure that public funds were being distributed to the correct recipients. Among the problems of the legacy system outlined by the county supervisor were the falsification of photos, signatures and social security numbers which were encouraging applicants to sustain multiple identities, commonly referred to as double-dipping. In November of 1996 the Pennsylvania DPW issued a Request for Proposal (RFP) for an automated fingerprint identification system (AFIS). As Mateer of BHSUG reported (1996, p. 2), the system was referred to as PARIS (Pennsylvania Automated Recipient Identification System) and would have the ability to “capture digitized fingerprint, photo, and signature images of cash, food stamp, and medical assistance ‘payment name’ recipients, who are required to visit county assistance offices (CAOs).”

In 1996 in Spain, all citizens requiring to be considered for unemployment benefits or worker’s compensation were issued with a smart card by the Ministry of Labor and Social Security (Kaplan, 1996, pp. 31f). The so-named TASS (Tarjeta de la Seguridad Social Espanola) initiative required the fingerprints of the smart card holder (Pepe, 1996; Jurado, 1996). Unisys reported that by early 1997 about 633 kiosks would have been installed in eight cities of the Andalucia region, covering about one fifth of Spain’s total population (i.e. approximately 7 million persons). The TASS project brought together some of the biggest telecommunications manufacturers, like Motorola (IC), Fujitsu-Eritel (network infrastructure), AT&T (kiosks), Siemens Nixdorf (smart card reader/writers) and Telefonica Sistemas (portable reader/writers). “To use the kiosks, citizens… insert their smartcards and then are prompted to place a finger on a fingerprint reader. Once the fingerprint has been verified, citizens are… granted access to the data” (Unisys, 1997, p. 1).

Similarly the Dutch National ChipCard Platform (NCP) requires the cardholder’s personal and biometric data to be stored on a smart card “…and be readable across a wide variety of terminals- for instance at libraries, banks, insurance companies, theatres, municipal authorities and mass transit undertakings” (D. Jones ed., 1996, p. 6). Cambodia’s national identification card also stores biometrics (fingerprints) but on a 2-D bar code instead of an integrated circuit. The cards have a 2D bar code that contains the citizen’s name, photograph, a digital fingerprint and demographic information. Initially the cards are to be used as identification for travel, voting and employment; but other applications to be added later have not been discounted (Automatic ID, 1998, p. 20).

 

Customs and Immigration Control

INSPASS was once envisioned to grow to include other airports at Miami, Chicago, Honolulu, Houston, Los Angeles and San Francisco, until the introduction of the ePassport. Prior to September 11th old sites at JFK, Newark, Toronto and Vancouver were upgraded with the latest technology. The strategy was to replace hand geometric devices with fingerprint devices in the long-term to ensure standardization. In 1996, the German federal government was seeking to implement hand geometry at Frankfurt’s Main Airport. The preferred German biometric technology was hand geometry which differed to that biometric used in the INSPASS project at Newark, JFK and Toronto airports.

The U.S. and Canada are not the only nations that are working on automated inspection systems for immigration purposes. In 1996, others countries included Australia, Singapore, Hong Kong, Holland, Germany, and the United Kingdom, Bermuda. Travelers who preferred to be identified using biometrics had to undergo a profile security check by authorities. In the case of North America, this included checking whether the traveler was a permanent resident or citizen of the U.S., Canada, Bermuda or part of the Visa Waiver Pilot Program (VWPP), had a criminal history or any previous customs infringements. If the traveler was deemed to be of low risk, they were enrolled to use the system for one year- the pass renewed annually. “At enrolment demographic details are captured and stored, along with a photograph and signature as well as the templates and images of prints from their two index fingers... Arriving travelers go to the CANPASS immigration lane and insert their card in a terminal for their fingerprints to be verified. The card is automatically checked against a database to ensure that it is valid... Travelers with goods to declare just put the relevant form in a slot and the correct amount of duty is charged to their credit card” (SJB, 1996c, p. 1). Only PortPASS holders were required to pay a small fee to enroll. When INSPASS began there were 2000 frequent fliers, in early 2003, there were over 100000.

Today, the rollout of the ePassport has had a major impact in the way travelers are authenticated, especially upon arrival. In Australia, several trials were begun and the first deployment of the SmartGate Automated Border Processing was in August of 2007 at Brisbane’s International Airport (Department of Immigration and Citizenship, 2008). The SmartGate solution was part of a broader strategy by the Australian Government to employ biometrics towards the improvement of border security techniques. The SmartGate solution works using a two step process. At the kiosk the traveler checks if they are eligible to self-process by placing their ePassport into the reader and answering standard declarations via a touch-screen. If the traveler is eligible to proceed a ticket is printed for them, and they carry this to the ‘smart’ gate where a live identity check and clearance is performed. By inserting their ticket into the reader, a photo of the traveler’s face is taken and compared with the image in their ePassport. If the two images match, the traveler is allowed entry. If the images do not match, the ticket is retained and the traveler is directed to go via a manual process (i.e. a Customs officer check).

 

Towards Biometrics as a Hub for Integrated Auto-ID Systems

In the past, governments worldwide have been criticized for their inefficiencies regarding the distribution of social services. Reports of persons who have been able to collect over ten times what they are lawfully owed by declaring several different identities (and postal addresses) have increased. Other reports indicate that persons who have the greatest need for social concessions are not the ones who are necessarily receiving them because of incorrect information that has been supplied about their eligibility to authorities. There are still many developed countries around the world which use paper-based methods in the form of vouchers, coupons, ration cards, concession cards to operate large-scale federal and state programs. As recent as 1994, even the Department of Agriculture in the U.S. issued paper coupons for food stamp programs, although it was not long before they moved to an electronic system  (Hausen & Bruening, 1994, p. 26).

Since that time, the U.S. also introduced ‘food card’ applications using magnetic-stripe (Pennsylvania- since 1984) and smart cards (Ohio since 1992). Some states used magnetic-stripe cards to help verify that the patient is indeed eligible for ‘free’ consultations to the doctor. The magnetic-stripe card first replaced paper based records that were prone to error. Smart cards are also being increasingly promoted by government agencies, many of them set to store citizen biometrics for additional security purpose. The latest trend in Federal and State government systems is program centralization (Marshall, 1997, pp. 10-15). Using database matching principles and smart card technology, one card can be used to store all the citizen’s personal information as well as their eligibility status to various State programs. Data-matching has been defined as “the comparison of two or more sets of data to identify similarities and dissimilarities... the term is used to denote the use of computer techniques to compare data found in two or more computer files to identify cases where there is a risk of incorrect payment of personal financial assistance or of tax evasion” (Privacy Commissioner, 1990, p. 1).

In England a similar model has been implemented (D. Jones, 2000): “the Department of Social Security (DSS) announced details of its new Generalized Matching Service (GMS)... It is hailed as the first system of its kind in Europe and will cross-match data across a number of benefit areas” (Smith, 1995, p. 40). The system has provided the foundations for national ID smart cards in the U.K. According to the UK Home Office (2008): “[t]he National Identity Scheme is an easy-to-use and extremely secure system of personal identification for adults living in the UK. Its cornerstone is the introduction of national ID cards for UK and EEA residents over the age of 16… Each ID card will be unique and will combine the cardholder’s biometric data with their checked and confirmed identity details, called a ‘biographical footprint’. These identity details and the biometrics will be stored on the National Identity Register (NIR). Basic identity information will also be held in a chip on the ID card itself.”

Gold (1996) estimated that the highly organized fraud racket in the U.K. was costing the government about 2 billion pounds a year. This was obviously an over-inflated figure with more recent statistics from the Home Office showing that identity fraud has cost the UK over 1.7 billion pounds in sum total. The UK’s Fraud Prevention Service also recorded 67,406 victims of identity fraud in 2006, over 10,000 fake passport applications annually and 430,000 illegal migrants residing in the UK. Identity-related benefit fraud was costing the taxpayer between twenty to fifty million per annum.

The single card approach is not only purported to greatly reduce operational costs but is equipped to catch out persons who have deliberately set out to mislead the government. In the U.S. for instance, there was a new Electronic Benefits Transfer (EBT) paradigm which called for a single card that could deliver benefits from multiple government programs across all states. The hope was that the system would be in place by 1999 (Robins, 1995, p. 58). The initial focus was on food stamps and AFDC but other benefits such as old-age pension, veteran survivors, and unemployment would eventually be integrated into the system (Jackson, 1996a, pp. 1-2).

Singapore, Spain, Germany and the Czech Republic were some of the first countries to introduce national ID smart cards. Proposed national ID schemes in other countries like Greece have fuelled much debate since the mid-1990s. In Greece, the preliminary decision to record a person’s religion on the national ID card was not surprisingly met with opposition, particularly by religious minority groups. One of the largest-scale smart card government projects is in China, led by China Citizen Card Consortium. The plan was to have one integrated card for citizen identification, health care and financial purposes. “The smart card is set to store the bearer’s ID number, health care code, address, birthdate, parents’ names, spouse’s name and a fingerprint” (Valles, 1998, p.7). The Taiwan government also considered following the Chinese initiative as their own paper-based identification card (as of 1998) was extremely ineffective- it did not carry a magnetic-stripe, nor did it have embossed numbers and it was very flimsy. The Philippines government was also embarking on a national ID card project which would have included biometric data as were the South Africans with the Home Affairs National ID System (Woodward, 1997, p. 1483).

Malaysia and Thailand are also following in the footsteps of Singapore. Malaysia’s MultiPurpose Card project, Mykad, is a flagship of the Multimedia Super Corridor (MSC). “The plastic card… has an embedded chip… that can perform a variety of functions… designed to combine national ID, driver’s license, immigration information, health information, e-cash, debit card and ATM card applications” (Creed, 2000, p. 1). In 1998 in South America, there were smart card trials in Brazil (Curitiba) where 30000 city employees were issued with smart cards that acted as a government ID and allowed monetary transactions. In 1999, the program was extended to families of municipal employees, and then to the city’s entire 1.5 million urban population” (Automatic ID, 1998, p. 1). This ID card has an RF interface, i.e. it is contactless. More recently, Saudi Arabia has embarked on a national ID scheme. Post Sept 11, there was a series of attempts to introduce national ID card schemes in numerous countries as documented by Privacy International (PI, 2002). One of the main findings from an investigation into national ID cards was that they do not in any way curb the threat of terrorism.

The U.S. Department of Defense (DOD) instituted a multiapplication smart card to replace the various military paper records, tags and other cards. The MARC program (Multi-Technology Automated Reader Card) was a targeted pilot in the Asia Pacific with 50000 soldiers. According to authorities, it was so successful that the card was distributed to all 1.4 million active duty armed forces personnel. Many believe that MARC was a large-scale trial necessary to prove-in a national ID for all citizens in the U.S., incorporating numerous government programs.  Coordinator, Michael Noll said that the ultimate goal of MARC was: “‘[a] single standard, multiple-use card that [could] be used across the government’... for applications such as payroll, employee records, health care and personnel assignments” (Jackson, 1996b, p. 41). MARC was first used during the Gulf War crisis. The card contains a magnetic-stripe and integrated circuit, as well as a photograph and embossed letters and numbers and it can handle up to 25 applications. Today all military personnel use the Common Access Card (CAC) for a number of different applications (Kozaryn, 2000). After the September 11th attacks on the U.S., Oracle’s CEO Larry Ellison offered to provide free software for a mandatory national ID smart card which would contain at minimum a photograph and fingerprint (Levy, 2001, p. 1). Sun’s CEO Scott McNealy also advocated a national ID (Scholtz & Johnson, 2002, p. 564).

Like the U.S., Singapore also tested a military ID card in 2002. The Clinton Administration also wanted to adopt smart card technology to track the expenses of federal government staff, responsible for 8.5 billion US dollars of annual expenditure. The card would be used to log travel expenses, make small purchases and allow for building access (D. Jones ed., 1998, p. 16). Also, smart cards were touted to be the driving force behind digital signatures allowing for encrypted messages between government agencies and citizens when Internet ecommerce applications like online taxation become mainstream applications. An exhaustive list of U.S. government applications using card technologies can be found in the U.S. Financial Management Service (1990). This study, though dated now, is a very comprehensive investigation into all the card programs in the U.S. at the federal and state level. Federal applications include: agriculture, commerce, energy, justice, NASA, transportation, treasury and veteran affairs. Defense was a topic that was treated as a special government application. The military takes advantage of numerous types of auto-ID technologies. In Bosnia in 1997 the military provided the most modern logistics system, featuring long-range RFID, smart card and bar code working in concert (Seidman, 1997, p. 37).

 

Case 2: Entertainment

Expo ‘92 was held in Seville, Spain. There, season ticket holders had to carry a smart card and use a biometric fingerprint reader to have access to the various sites and exhibits. The biometric fingerprint system was produced by the Bull subsidiary, Telesincro (M. Chadwick, 1992, p. 253). The aim at this event was to prevent ticket holders from giving their passes to their friends and family members to use (Zoreda & Oton, 1994, p. 172). This was quite an innovative solution for its time. Similarly visitors wishing to have seasonal or annual passes into Walt Disney’s theme parks in Florida U.S.A., also have to use a fingerprint biometric system (Chandrasekaran, 1997; Higgins, 67-68). Magic Kingdom, Epcot and Disney MGM are all involved in the biometric trial. The system uses fingerprint recognition and the measurement is useable at each of the three theme parks (SJB, 1996b, p. 1). Today, Walt Disney World is the largest single commercial application of biometrics in the U.S., with tens of millions of people using biometric readers to gain access to four theme parks in Orlando (Harmel, 2006). It is no secret that the U.S. Government have consulted Walt Disney toward large-scale civilian implementations of biometrics (Hopkins, 1999).

Face recognition systems have even made their debut in ten Nevada casinos. The joint venture between Mr. Payroll and Wells Fargo & Company uses the Miros TrueFace engine and Atreva machines. Gaming patrons can only cash their checks after agreeing for their picture to be taken. Once enrolled the patrons have their image stored for future identification. In 2001, Identix installed fingerprint recognition systems for patrons in two Las Vegas casinos. Biometrics systems are also used at global sporting events like the Olympic Games. Since Barcelona (Spain) in 1992 the level of security biometrics offers was recognized more widely. Access to the air traffic control tower at the airport in Barcelona was limited to fewer than 200 persons using signature recognition in case of terrorist attacks. At the 1996 Atlanta Olympic Games over 40000 athletes, staff and volunteers used a biometric system which measured hand geometry. Those wishing to have access to the Olympic Village required to have their hand characteristics verified. There were 125 verification devices installed at entry points into high security areas. Despite these security measures an attacker was still able to plant a bomb that went off in the village. At the 1998 Nagano Winter Olympics a biometric system was used to track biathletes.

An Australian company Nightkey is changing the way patrons gain entry to nightclubs across several states. Among the clubs to have adopted the Nightkey biometric system is Liquid NiteClub, Sultan’s Nightclub, Meche, Alma, Amplifier, Metropolis Fremantle, Capitol, The Highlander, and the Gate Bar and Bistro. Nightkey works using a four step process. First a manual ID check is conducted by the club’s authorized personnel, and then scanned using typical OCR software. The image taken is stored on the venues database. Secondly, the right index finger of the patron is then scanned to create a unique ID. As soon as this is done, the original image is deleted and only a value is stored. Step three requires a photo to be taken of the patron and linked to the fingerprint image. Finally, step four takes all the information collected and stores it on a remote co-located server using a secure link. This ensures that patron information does not find its way into terminals or somewhere where it is easily accessible. The benefits of such a scheme are considered to be deterrence from attracting patrons who may engage in some form of anti-social behavior.

 

Card Technologies Welcome

Companies who are still promoting magnetic-stripe cards for instance, find that entertainment applications are a steady market. Access Control Technologies (ACT) Incorporated specializes in entertainment solutions using prepaid card systems for cashless vending. Like ACT Incorporated, the Plastag Corporation is also a supplier of magnetic-stripe cards to entertainment companies. Plastag is one of the largest manufacturers of casino cards, servicing many states in the U.S. like Naivete, New Jersey, Michigan, Indiana and Missouri.

Smart cards are being used more and more in the entertainment business. Casinos, clubs and bars, sports complexes, cinemas, arcades, fun parks and conferences are using card technologies to encourage loyalty and to verify the user’s ID. McCrindle (1990, pp. 163-170) describes some of the earliest international examples:

“- Pathe Cinema in France: the smart card is pre-loaded with ten tickets. Used as a loyalty card by offering discounts on bulk ticket purchases

- Club Mediterranee in France: guests can use the smart card as a payment card. All their transactions are billed to the one card and can be checked at any time using terminals around the club facilities

- Dallington Country Club: the smart card grants users access to sporting facilities, bars, restaurants, and other shops. The card also has an electronic purse function- users are charged accordingly. The system… [is also used for] monitoring membership control, subscription collection and other statistics.”

As already mentioned Olympic and Commonwealth Games venues are always promoting the use of cash cards and other auto-ID technologies. An estimated 100000 disposable smart cards and 2000 reloadable smart cards were used at Kuala Lumpur at the Commonwealth Games in 1998. The cards were a showcase for the proposed identification card in Malaysia. It was also more convenient for visitors to use electronic cash for buying goods and services. Athletes can also attach RFID transponders to their shoelaces to ensure fair play and accuracy in times recorded (Finkenzeller, 1999, pp. 261-263). One of the first manufacturers of RFID transponders for marathons was Texas Instruments with their ChampionChip product. Marathon runners also wear placards to the front and rear which usually have bar codes (LaMoreaux, 1995, p. 12).

Beyond things one can carry, or one can posses, there are now clubs such as the Baja Beach Club in Barcelona, Spain, where RFID implants grant a patron access to a VIP zone that offers a host of exclusive services (V. Jones, 2004). The cost of getting the implant injection is about $153 USD. Patrons who visit the club regularly believe it is a solution which is about convenience, fashion and safety. There is no longer a need to carry a wallet or ID cards, which can often be stolen or misplaced in crowded spaces. The implant also signifies a fashion statement, and places a patron in an elite group of chipped persons, among who is the director of the Club, Mr Conrad Chase. The Baja Beach Club web site claims that it is the first discotheque in the world to offer the VIP VeriChip (Chase, 2009).

 

Biometrics Today

Post September 11th biometrics has proliferated for government-to-citizen applications. While the United States was a pioneer in the use of biometrics for border control, the new national security climate spurred on by frequent terrorist attacks has changed state-to-state dynamics (Petermann, Sauter & Scherz, 2006). Anyone entering the United States for instance must now have their fingerprints taken or risk being refused entry. Biometric systems by default do not have an opt-out clause because opting-out usually means being excluded from participation altogether. In this sense, government applications that rely on biometric identification may be considered mandatory. Individuals wishing to be eligible for social security payments need either accept a plastic card with their biometrics on-board or live with the consequences of not being recognized as a valid recipient of services. When biometrics were first introduced as potential solutions for companies (e.g. payroll and access control), the systems were considered clunky, highly proprietary and prohibitively expensive. Today, the systems are lightweight in terms of hardware, the software user-friendly for registration and administration purposes, and the technology scalable making it affordable to even the smallest organization (Osadciw, Varshney & Veeramachaneni, 2002). The technology has also become more pervasive, used to earn patrons reward points at casinos and even granting families entry into fun parks (Xiao, 2007). In addition, guidelines have also now been introduced to conduct payments wirelessly using a biometric (Grabensek & Divjak, 2006). Multimodal biometrics is also on the rise, used to minimize errors and ensure that modality equates to eligibility for all potential registrants. Despite its increased adoption, privacy fears remain, and the issue with who really owns ones biometrics continues to be highly controversial.

 

CONCLUSION

Biometrics are the first auto-ID technique that required users to place a body part directly onto a digital reader (e.g. fingerprint and handprint). First instituted for law enforcement purposes, biometrics was once considered to be a technology specifically used for convicted criminals. Later it became utilized in closed systems such as prisons, or university campuses. Today, interactive voice recognition systems (IVRS) rely heavily on voice recognition in the absence of call center personnel. Biometrics have also become popular as an additional security feature on the bar code and magnetic-stripe, particularly on government-to-citizen card-based applications. The biometric stored on a 2D bar code for instance, has acted to reignite interest in the bar code as an identification technique. Hybrid cards are now very common. Despite the roll-out of mass market applications however, biometrics are clouded with very real privacy concerns. Stories abound of large databases on external storage media that have accidentally gone missing at airports or have been stolen. The sensitivity of biometric details, such as fingerprint minutae in digital format is of much higher value than ID numbers. Of the most sensitive biometric is an individual’s DNA, which if disclosed, has the potential to reveal very private details (e.g. predisposition to disease). The proliferation of biometric systems presently, are as a result of sweeping changes to legislation which many would argue have been rushed through the political process without adequate thought and safeguards in place.

 

REFERENCES

Agre, P. (2001 14 November). Your Face is not a bar code: Arguments Against Automatic Face Recognition in Public Places. from http://dlis.gseis.ucla.edu/people/pagre/bar-code.html

Alyea, L. A., & Campbell Jr, J. P. (1996). Update on the US government’s biometric consortium. Biometric Consortium   Retrieved 4 August 1998, from http://www.vitro.bloomington.in.us:8080/~BC/REPORTS/CTSTG96

Andreotta, T. (1996). INSPASS update. Biometric Consortium   Retrieved 4 August 1998, from http://www.biometrics.org/REPORTS/INSPASS2.html

Aragon, L. (1998). Show me some ID: Biometrics is leaving its Fingerprints on the Market with Low-cost Devices. PC Week.

Arena, K., & Cratty, C. (4 February 2008). FBI wants palm prints, eye scans, tattoo mapping. CNN.com: Technology   Retrieved 2 January 2009, from http://www.cnn.com/2008/TECH/02/04/fbi.biometrics/index.html#cnnSTCText

Ashbourn, J. (1994). Practical implementation of biometrics based on hand geometry. IEE Colloquium on Image Processing for Biometric Measurement, 5/1-5/6.

Atkins, W. (2001). ‘Immigration issues. Biometric Technology Today, 9(5), 8-11.

Automatic ID. (1998). Progress made on Cambodian ID. Automatic I.D. News Asia(October/November), 20.

Bain, B. (6 June 2008). Bush pushes biometrics for national security. FCW.COM   Retrieved 3 January 2008, from http://www.fcw.com/online/news/152750-1.html

BBC. (2002, 17 May). Doubt cast on fingerprint security. BBC News, from http://news.bbc.co.uk/1/hi/sci/tech/1991517.stm

BC. (2009). Biometric Consortium: Research Database. Biometric Consortium   Retrieved 2 January 2009, from http://www.biometrics.org/research-resources.php

Bell, J. (1997, 16 December). Intellect sets smart standard. The Australian, p. 37.

Bernier, N. (1993). Your hand is your passport: technology cuts the time spent in line. Airport, 68.

Bigun, J., & Smeraldi, F. (Eds.). (1997). Audio- and Video-based Biometric Person Authentication. Crans-Montana, Switzerland: Springer, Berlin.

Biometrics Institute. (2006). Biometrics Institute Privacy Code. Australian Government: Office of the Privacy Commissioner   Retrieved 20 December 2008, from http://www.comlaw.gov.au/ComLaw/Legislation/LegislativeInstrument1.nsf/0/B85ED08C656C8E0ECA2571B80005D36F/$file/2006-07+Biometrics+Institute+Privacy+Code+approval+determi.pdf

Bolle, R., Connell, J., Pankanti, S., & Ratha, N. (2003). Guide to Biometrics (Springer Professional Computing). Berlin: Springer.

Boves, L., & Os, E. (1998). Speaker recognition in telecom applications. IEEE Interactive Voice Technology for Telecommunications Applications, 203-208.

Brakeman, L. (1998). Retinal scans always get their man. Automatic I.D. News, pp. 1-4.

Brinton, K., & Lieberman, K. (1994). Basics of DNA fingerprinting. University of Washington.

Bunney, C. (1998). Two more legislatures go biometric. btt, 6(5), 2.

Burnell, J. (1998). Identifying the biometric opportunity. Automatic I.D. News, 1-5.

Cameron, H. (1996). Speech recognition- from the lab to the real world, Telesis- Northern Telecom (pp. 28-41).

Campbell, J. P. (1996). Biometric security: government applications and operations. Biometric Consortium, from http://www.vitro.bloomington.in.us:8080/~BC/REPORTS/CTSTG96/

Campbell, J. P. (1999). Speaker Recognition. In A. K. Jain (Ed.), Biometrics: personal identification in networked society (pp. 87-101). Boston: Kluwer Academic Publishers.

Carter, J., & Nixon, M. (1990). An integrated biometric database. IEE Colloquium on Electronic Images and Image Processing in Security and Forensic Science, 8/1-8/6.

Chadwick, M. (1992). The hottest technology under the sun Expo ‘92. IEE Review, 38(7-8), 251-253.

Chandrasekaran, R. (1997, March 30). Brave new whorl: ID systems using human body are ere, but privacy issues persist. Washington Post.

Chase, C. (2009). Baja Beach Club.   Retrieved 4 January 2009, from http://www.bajabeach.es/

CITeR. (2008). The Center for Identification Technology Research. West Virginia Univerisity   Retrieved 20 December 2008, from http://www.citer.wvu.edu/

Clarke, R. (1991). The Tax File Number scheme: a Case study of Political assurances and Function Creep. Xamax Consultancy, from http://www.anu.edu.au/people/Roger.Clarke/DV/PaperTFN.html

Clarke, R. (1994). Human identification in information systems: management challenges and public policy issues. Information Technology & People, 7(4), 6-37.

Computing. (1999). Why the fear of biometrics? Computing Canada, 25(15), 8.

Connecticut Department of Social Services. (1998a). Biometrics and privacy issues. from http://www.dss.state.ct.us/digital/privacy.htm

Connecticut Department of Social Services. (1998b). Legislation authorising Connecticut’s digital imaging project. from http://www.dss.state.ct.us/digital/faq/dilegis.htm

Connecticut Dept. (1998). Understanding public perception. Connecticut Department of Social Services, from http://www.dss.state.ct.us/faq/disuppt.htm

Coventry, L., Angeli, A. D., & Johnson, G. (2003). Usability and biometric verification at the ATM interface. Paper presented at the Proceedings of the SIGCHI conference on Human factors in computing systems

Craig, A. (1997). Eye-scanning ATMs ready to face the public. TechWeb, from http://www.techweb.com/wire/story/TWB19971202S0001

Creed, A. (2000). Malaysian Government smart card project gets under way. Newsbytes, from http://www.fis.utoronto.ca/research/iprp/sc/malaysia06062000.html

Datamonitor. (1998). Customer Care in Financial Services. London: Datamonitor.

Daugman, J. (2006). Probing the uniqueness and randomness of IrisCodes: Results from 200 billion iris pair comparisons. Proceedings of the IEEE, 94(11), 1927-1935.

Daugman, J. (2008). Webpage for JOHN DAUGMAN. University of Cambridge: Computer Laboratory   Retrieved 20 December 2008, from http://www.cl.cam.ac.uk/~jgd1000/

Davies, S. (1996). Monitor: extinguishing privacy on the information superhighway. Sydney: PAN Macmillan.

DCITA. (2004). Biometrics: An Australian Government Perspective. Department of Communications, Information Technology and the Arts   Retrieved 20 December 2008, from http://www.dbcde.gov.au/__data/assets/pdf_file/0004/23467/Biometrics_-_An_Australian_Government_perspective.pdf

Department of Immigration and Citizenship. (2008). Fact Sheet 71 - SmartGate Automated Border Processing. Australian Government   Retrieved 29 December 2008, from http://www.immi.gov.au/media/fact-sheets/71smartgate.htm

Didier, B. (2004). Biometrics. In B. Stevens (Ed.), The Security Economy (pp. 35-54): OECD.

Dunstone, T. (2001). Getting to grips with public policy. Biometric Technology Today, 9(6), 7-8.

EBF. (2008). About the European Biometrics Forum.   Retrieved 20 December 2008, from http://www.eubiometricsforum.com/index.php?option=content&task=view&id=2&Itemid=28

European Court of Human Rights. (4 December 2008). CASE OF S. AND MARPER v. THE UNITED KINGDOM (Applications nos. 30562/04 and 30566/04). Strasbourg.

Fernandez, B. (1997, 15 April). Bank keeps eye on iris technology. The Australian.

Ferrari, J., Mackinnon, R., Poh, S., & Yatawara, L. (1998). Smart Cards: a case study: Research Triangle Park.

Finkenzeller, K., & Waddington, R. (2001). RFID Handbook: radio-frequency identification fundamentals and applications. New York: John Wiley & Son.

Freeman, E. H. (2003). Biometrics, Evidence, and Personal Privacy. Information Security Journal: A Global Perspective, 12(3), 4-8.

Frischholz, R. W., & Dieckmann, U. (2000). BioID: A multimodal biometric identification system. IEEE Computer, 64-68.

Fuller, H. R. (1995). Use of biometrics in proposed EBT program: GAO/OSI-95-20.

Furui, S. (2001). Toward flexible speech recognition- recent progress at Tokyo Institute of Technology. Paper presented at the Canadian Conference on Electrical and Computer Engineering.

Gold, S. (1996, 20 May). UK govt plans social security benefit smart cards. Newsbytes.

Greening, C. M., Kumar, S. V., & Leedham, G. (1995, 16-18 May). Handwriting identification using global and local features for forensic purpose. Paper presented at the European Convention on Security and Detection.

Gunnerson, G. (1999). Are you ready for biometrics?, PC Magazine (pp. 160).

Halici, U., Jain, L. C., & Erol, A. (1999). Introduction to Fingerprint Recognition. In L. C. Jain (Ed.), Intelligent Biometric Techniques in Fingerprint and Face Recognition (pp. 4-34): CRC Press.

Harmel, K. (2006). Walt Disney World: The Government's Tomorrowland? News21: A Journalism Initiative of the Carnegie and Knight Foundations   Retrieved 30 December 2008, from http://newsinitiative.org/story/2006/09/01/walt_disney_world_the_governments

Hausen, T., & Bruening, P. (1994). Hidden costs and benefits of government card technologies. IEEE Technology and Society Magazine, 13(2), 24-32.

Hawkes, P. (1992). Automatic user authentication & access control. IEE Colloquium on Designing Secure Systems, 6/1-6/4.

Heckle, R. R., Patrick, A. S., & Ozok, A. (2007). Perception and acceptance of fingerprint biometric technology Paper presented at the Proceedings of the 3rd symposium on Usable privacy and security.

Herald Tribune. (1998). FBI gets national DNA database. The Straits Times, p. 7.

Hibbert, C. (1996). What to do when they ask for your social security number. In R. Kling (Ed.), Computerisation and Controversy: value conflicts and social choices (pp. 686-696). New York: Academic Press.

Higgins, P. T. (1995). Standards for the electronic submission of fingerprint cards to the FBI. Journal of Forensic Identification, 45(4), 409-418.

Higgins, P. T. (2002). Fingerprint and Hand Geometry. In J. D. Woodward, N. M. Orlans & P. T. Higgins (Eds.), Biometrics (pp. 45-70). London: John Wiley and Sons.

Hong, L., & Jain, A. (1998). Integrating faces and fingerprints for personal identification. IEEE Transactions on Pattern Analysis and Machine Intelligence, 20(12), 1295-1298.

Hong, L., & Jain, A. (1999). Multimodal Biometrics. In A. K. Jain (Ed.), Biometrics: personal identification in networked society (pp. 327-344). Boston: Kluwer Academic Publishers.

Hopkins, R. (1999). An Introduction to Biometrics and Large Scale Civilian Identification. International Review of Law, Computers & Technology, 13(3), 337 363.

Howell, A. J. (1999). Introduction to Face Recognition. In L. C. Jain (Ed.), Intelligent Biometric Techniques in Fingerprint and Face Recognition. London: CRC Press.

HP. (1995). State, provincial and local government industry: Los Angeles county stops fraud with automated fingerprint matching system. HP Business and Technical Computing, 1-3.

Identicator. (1999). About Identicator Technology. from http://www.identicator.com/about/index.html

IEEE. (1997). Special issue on automated biometrics. Proceedings of the IEEE, 85(9), 1343-1345.

INCITS. (2002). M1-biometrics. International Committee for Information Technology Standards (INCITS), from http://www.ncits.org/tc_home/m1.htm

ISO. (2008). Biometric Standards. International Standards Organization   Retrieved 20 December 2008, from http://www.iso.org/iso/search.htm?qt=biometrics&sort=rel&type=simple&published=on

Jackson, W. (1996a). EBT cards for food programs get smarter. Government Computer News, 15(2), 1-3.

Jackson, W. (1996b). The MARC card gets smarter. Government Computer News, 15(1), 41-43.

Jacobs, A. (1998). Fingerprint security promises convenience. Computerworld, 1-2.

Jain, A. K. (2000). Filterbank-based fingerprint matching. IEEE Transactions on Image Processing, 9(5), 846-859.

Jain, A. K. (2004, 28-30 April). Biometric recognition: how do I know who you are? Paper presented at the Proceedings of the IEEE 12th Signal Processing and Communications Applications Conference.

Jain, A. K., Bolle, R., & Pankanti, S. (Eds.). (1999). Biometrics: personal identification in networked society. Boston: Kluwer Academic Publishers.

Jain, A. K., Hong, L., Pankati, S., & Bolle, R. (1997). An identity-authentication system using fingerprints. Proceedings of the IEEE, 85(9), 1365-1387.

Jain, L. C., Halici, U., Hayashi, I., Lee, S. B., & Tsutsui, S. (Eds.). (1999). Intelligent Biometric Techniques in Fingerprint and Face Recognition. London: CRC Press.

Jones, D. (1996). Dutch Model for Universal Smart Card. Card Technology Today, 10(2), 6.

Jones, D. (1998). Electronic Commerce in Government. Card Technology Today, 10(2), 13-16.

Jones, D. (2000). UK government launches smart card strategy. Card Technology Today, 11(6), 2.

Jones, T. (2006). i3 First to Submit Type 14 Fingerprint Live Scans to FBI. FindBiometrics   Retrieved 20 July 2007, from http://www.findbiometrics.com/press-release/3451

Jones, V. (7 April 2004). Baja Beach Club in Barcelona, Spain Launches Microchip Implantation for VIP Members. InfoWars.Com   Retrieved 3 January 2009, from http://www.prisonplanet.com/articles/april2004/040704bajabeachclub.htm

Jurado, P. (1996). Spain connects with citizens on-line. Dialogue- Andersen Consulting, 6(2), 11.

Kaplan, J. M. (1996). Smart Cards: the global information passport- managing a successful smart card program. London: International Thomson Computer Press.

Kozaryn, L. D. (2000). DoD Issues Time-saving Common Access Cards. About.Com: US Military   Retrieved 30 December 2008, from http://usmilitary.about.com/od/theorderlyroom/l/blsmartcards.htm

Kroeker, K. L. (2000). Biometric organisations. IEEE Computer, 33(2), 57.

LaMoreaux, R. D. (1998). Barcodes and Other Automatic Identification Systems. New York: Pira International.

Lawton, G. (1998). Biometrics: a new era in security. Computer, 16-18.

Lazar, G. (1997). Agencies scan biometrics for potential applications. Tech Briefing, from http://www.few.com/pubs/few/1997/0120/feature.htm

Lee, H. C., & Gaensslen, R. E. (Eds.). (1994). Advances in Fingerprint Technology (CRC Series in Forensic and Police Science). New York: CRC Press.

Levy, S. (2001, 8 October). A high-tech home front. Newsweek, from http://www.mnbc.com/news/635417.asp?cp1=1

Liu, S., & Silverman, M. (2001). A practical guide to biometric security technology, IT Professional (January/February ed., Vol. 3, pp. 27-32).

Lockie, M. (2000). Ear, eye, gait, keystroke, lip and nailbed biometrics, Btt (February ed., Vol. 7, pp. 8-11).

Lyall, S. (4 December 2008). European Court Rules Against Britain’s Policy of Keeping DNA Database of Suspects. New York Times   Retrieved 20 December 2008, from http://www.nytimes.com/2008/12/05/world/europe/05britain.html

M2SYS. (2008). Challenges of Biometric Integration. M2SYS Technology   Retrieved 2 January 2009, from http://www.m2sys.com/sales/whitepapers/Integration.pdf

Markowitz, J. (2001). Speaker verification. Biometric Technology Today, 9(1), 9-11.

Marshall, W. T. (1997). EBT: Keeping the benefits in proper balance. America’s Community Banker, 6(5), 10-15.

Mateer, S. (1996). Pennsylvania Automated Recipient Identification System (PARIS). Biometrics in Human Services User Group, 1(2), 2.

Mathewson, R. (1998). Testing times as school launches new drug checks. Sunday Morning Post, p. 3.

McCrindle, J. (1990). Smart Cards. London: Springer-Verlag.

McManus, K. (1996, May 6). At banks of future, and eye for an ID. The Washington Post.

McMurchie, L. L. (1999). Identifying risks in biometric use. Computing Canada, 25(6), 11.

Meenen, P., & Adhami, R. (2001). Fingerprinting for security. IEEE Potentials(August-September), 33-38.

Michael, M. G. (1998). The Number of the Beast, 666 (Revelation 13:16-18): Background, Sources and Interpretation. Macquarie University, Sydney, Australia.

Michael, M. G. (1999). The Genre of the Apocalypse: What are they saying now? Bulletin of Biblical Studies, 18, 115-126.

Michels, S. (2002, 25 February). National ID. Online NewsHour, from http://www.pbs.org/newshour/bb/fedagencies/jan-june02/id_2-26.html

Miller, B. (1994). Vital signs of identity. IEEE Spectrum(February), 22-30.

Mintie, D. (1996). Digital imaging FAQ’s: Implementing a statewide biometric identification system. from http://www.dss.state.ct.us/faq/diplan.htm

Moskowitz, R. (1999). Are biometrics too good? Network Computing, 85.

Motorola. (2005). Motorola's a global leader in biometric identification. Motorola: Fact Sheet   Retrieved 24 December 2008, from http://www.motorola.com/staticfiles/Business/Solutions/Business%20Solutions/Biometrics/Biometrics%20Identification/_Documents/Static%20Files/Motorola_History_of_Biometrics_New.pdf

Ng-Kruelle, G., Swatman, P. A., Hampe, J. F., & Rebne, D. S. (2006). Biometrics and e-Identity (e-Passport) in the European Union: End-user perspectives on the adoption of a controversial innovation Journal of Theoretical and Applied Electronic Commerce Research, 1(2), 12-35.

NG. (2004). National Automated Fingerprint Fingerprint Identification System. Northrop Grumman: Mission Systems   Retrieved 24 December 2008, from http://www.northropgrumman.co.uk/utils/downloads/NAFIS.pdf

NightKey. (2008). Nightkey Explained: A Four Part Process. Nightkey   Retrieved 3 December 2008, from http://www.nightkey.com.au/nightkey-explained/

Nilsson, K., Rognvaldsson, T., Cameron, J., & Jacobson, C. (2006). Biometric Identification of Mice. Paper presented at the 18th International Conference on Pattern Recognition.

NIST. (2002). Legislation- biometrics. The Biometrics Resource Center Website (Information Technology Laboratory), from http://www.itl.nist.gov/div895/biometrics/legislation.html

O'Neil, P. H. (2005). Complexity and Counterterrorism: Thinking about Biometrics. Studies in Conflict & Terrorism, 28(6), 547-566.

O’Connor, S. (1998). Collected, tagged, and archived: legal issues in the burgeoning use of biometrics for personal identification. Stanford Technology Law Review   Retrieved 20 December 2008, from http://www.jus.unitn.it/USERS/pascuzzi/privcomp99-00/topics/6/firma/connor.txt

O’Gorman, L. (Ed.). (1999). Fingerprint Verification in Biometrics: personal identification in networked society. Boston: Kluwer Academic Publishers.

Orlans, N. M. (2002). Facial and Voice Recognition. In J. D. Woodward, N. M. Orlans & P. T. Higgins (Eds.), Biometrics (pp. 71-88). London: John Wiley and Sons.

Osadciw, L., Varshney, P., & Veeramachaneni, K. (2002, 8-11 July). Improving personal identification accuracy using multisensor fusion for building access control applications. Paper presented at the Proceedings of the Fifth International Conference on Information Fusion.

Paranjape, R. B. (2001). The electroencephalogram as a biometric. Paper presented at the Canadian Conference on Electrical and Computer Engineering.

Parks, J. R. (1990). Automated personal identification methods for use with smart cards. In P. L. Hawkes (Ed.), Integrated Circuit Cards, Tags and Tokens: new technology and applications (pp. 92-135). Oxford: BSP Professional Books.

Pentland, A. (2000). Looking at people: sensing for ubiquitous and wearable computing. IEEE Transactions on Pattern Analysis and Machine Intelligence, 22(1), 107-119.

Pepe, M. (1996). Kiosks: Unisys is the name in Spain. Computer Reseller News, 674(11), 107-108.

Petermann, T., Sauter, A., & Scherz, C. (2006). Biometrics at the borders: the challenges of a political technology. International Review of Law, Computers & Technology, 20(1), 149-166.

PI. (2002). National ID Cards. Privacy International   Retrieved 30 December 2008, from http://www.privacyinternational.org/issues/idcard/_index.html

Privacy Commissioner. (1994). Data-matching guidelines. Privacy Commissioner Human Rights Australia, from http://www.austlii.edu.au/au/other/hreoc/privacy/dmguide.htm

Raina, K., Woodward, J. D., & Orlans, N. (2002). How Biometrics Work. In J. D. Woodward, N. M. Orlans & P. T. Higgins (Eds.), Biometrics (pp. 25-44). London: John Wiley and Sons.

Ritter, J. (1995, June 22). Eye scans help sheriff keep suspects in sight. Chicago Sun-Times.

Robins, G. (1995). Reinventing electronic benefits transfer. Stores, 77(6), 58-59.

Roethenbaugh, G. (1998). Simon Davies- Is this the most dangerous man in Europe? Biometrics in Human Services User Group, 2(5), 2-5.

Roethenbaugh, G. (1998a). Police and thieves. Biometrics in Human Services User Group, 2(4), 2-3.

Rosenweig, B. (2000, 12 July). The new face of law and order. The Globe and Mail.

Ruggles, T. (1996a). The California statewide fingerprint imaging system (CA SFIS) project. Biometrics in Human Services, 1(2), 5-6.

Ruggles, T. (1996b). Comparison of biometric techniques. The Biometric Consulting Group   Retrieved 2 January 2002, from http://biometric-consulting.com/bio.htm

San Jose University. (2000). Biometric identification. Research at San Jose University   Retrieved 12 December 2002, from http://www.engr.sjsu.edu/biometrics/

Scholtz, J., & Johnson, J. (2002). Identification technologies: can they make us more secure? SIGCHI Bulletin(July/August), 9.

Scholtz, J., & Johnson, J. (2002, 20-25 April). Interacting with identification technology: Can it make us more secure? Paper presented at the CHI 2002: changing the world, changing ourselves, Minnesota, USA.

Schulman, A. (2002). The US/Mexico border crossing card (BCC): A case study in biometric, machine-readable ID. Proceedings of the 12th Annual Conference on Computers, Freedom and Privacy   Retrieved 20 August 2003, from http://www.undoc.com

Seidman, S. (1990). Wallet-size solutions. In R. Ames (Ed.), Perspectives on Radio Frequency Identification: What is it, Where is it going, Should I be Involved? (pp. 1-19- 11-27). New York: Van Nostrand Reinhold.

Sensar. (1999). Sensar partners. Sensar   Retrieved 2 June 1999, from http://www.sensar.com/partners/partners.stm

Shen, W. (1997). Evaluation of automated biometrics-based identification and verification systems. Proceedings of the IEEE, 85(9), 1464-1478.

Sieghart, P. (Ed.). (1982). Microchips with Everything: the consequences of information technology. London: Comedia Publishing Group.

Sirohey, S., Wilson, C., & Chellappa, R. (1995). Human and machine recognition of faces: a survey. Proceedings of IEEE, 83(5), 705-740.

SJB. (1996a). Biometrics could prevent fraudulent welfare claims. Biometric Technology Today(26 February 1998).

SJB. (1996b). Finger geometry is passport to Disney theme parks.   Retrieved 26 February 1998, from http://www.sjb.co.uk/pr/18069603.txt

SJB. (1996c). Hi-tech biometric ‘passports’ speed immigration checks.   Retrieved 26 February 1998, from http://www.sjb.co.uk/pr/23029603.txt

Smith, R. E. (2002). How Authentication Technologies Work. In J. D. Woodward, N. M. Orlans & P. T. Higgins (Eds.), Biometrics (pp. 3-23). London: John Wiley and Sons.

Smith, S. (1995). Welfare’s big brother. Computer Weekly, 40-41.

Snyderwine, M., & Murray, D. (1999). O’Hare International Airport’s air cargo security access system. Paper presented at the IEEE 33rd Annual International Carnahan Conference on Security Technology.

Solove, D. J. (2004). The Digital Person: Technology and Privacy in the Digital Age. New York: New York University Press.

Solove, D. J. (2008a). The Future of Reputation: Gossip, Rumor, and Privacy on the Internet. New York: Yale University Press.

Solove, D. J. (2008b). Understanding Privacy. Harvard: Harvard University Press.

Solove, D. J., Rotenberg, M., & Schwartz, P. M. (2005). Information Privacy Law (2nd ed.). New York: Aspen Publishers.

Solove, D. J., Rotenberg, M., & Schwartz, P. M. (2006). Privacy, Information And Technology. New York: Aspen Publishers.

Stapleton, J. (2003). State of Biometric Standards. Biometritechexpo 2003   Retrieved 20 December 2008, from http://publicaa.ansi.org/sites/apdl/Documents/News%20and%20Publications/Links%20Within%20Stories/DI-4%20Standards%20Stapleton-%20Jeff%20Stapleton.ppt

Storms, J. (1998). Legislative background: Never give up. Retrieved 23 November 1998. from http://www.dss.state.ct.us/digital/faq/digarvey.htm.

Sutherland, K., Rengham, D., & Denyer, P. B. (1992). Automatic face recognition. First International Conference on Intelligent Systems Engineering(360), 29-34.

Tilton, C. J. (2000). An emerging biometric API industry standard. IEEE Computer, 33(2), 130-132.

U.S. Financial Management Service. (1990). Applications of computer card technology. Hyattsville: Government Printing Office.

Unisys. (1997). Spain plays it smart with smartcard (pp. 1-2): Personal ID Solutions.

USA Government. (2001). Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA Patriot Act) Act of 2001.   Retrieved 20 December 2008, from http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_public_laws&docid=f:publ056.107

USA Government. (2002). Enhanced Border Security and Visa Entry Reform Act of 2002.   Retrieved 20 December 2008, from http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_public_laws&docid=f:publ173.107

Valles, E. (1998, 7 October). Smart ID cards to guarantee privacy: national card plans get underway amid anxieties. China News, p. 7.

van der Ploeg, I. (2003). Biometrics and Privacy: A note on the politics of theorizing technology. Information, Communication & Society, 6(1), 85-104.

van der Putte, T. (2001). Forging ahead. Biometric Technology Today, 9(6), 9-11.

van Kralingen, R., Prins, C., & Grijpink, J. (1997). Using your body as a key; legal aspects of biometrics.   Retrieved 20 August 1998, from http://cwis.kub.nl/~frw/people/kraling/content/biomet.htm

Walden, I. (2000). The legal implications of biometrics data. IEE Colloquium on Visual Biometrics, 2/1-2/11.

Watson, F. (2001). Overcoming global terror. Biometric Technology Today, 9(6), 1.

Wayman, J. L. (2000). Federal biometric technology legislation. IEEE Computer, 76-80.

Weise, E. (1998). Body may be key to foolproof ID. USA Today, from http://www.usatoday.com/life/cyber/tech/ctc447.htm

Weng, J. J., & Swets, D. L. (1999). Face Recognition. In A. K. Jain (Ed.), Biometrics: personal identification in networked society (pp. 65-101). Boston: Kluwer Academic Publishers.

Wildes, R. P. (1997). Iris recognition: an emerging biometric technology. Proceedings of the IEEE, 85(9), 1348-1363.

Williams, G. O. (1997, April). Iris recognition technology. IEEE AES Systems Magazine, 23-29.

Withers, S. (2002). Who are you? Technology and Business(July), 72-79.

Woodcock, A. (2005). Biometric cards: privacy invaders vs. a safer America. ACM SIGCAS Computers and Society, 35(1), 3.

Woodward, J. D. (1997). Biometrics: privacy’s foe or privacy’s friend? Proceedings of the IEEE, 85(9), 1480-1492.

Woodward, J. D. (2001). Super Bowl Surveillance: Facing Up to Biometrics. RAND   Retrieved 21 December 2008, from http://www.rand.org/pubs/issue_papers/2005/IP209.pdf

Woodward, J. D. (2002a). Biometrics and Privacy. In J. D. Woodward, N. M. Orlans & P. T. Higgins (Eds.), Biometrics (pp. 197-216). London: John Wiley and Sons.

Woodward, J. D. (2002b). Case Study: Super Bowl Surveillance. In J. D. Woodward, N. M. Orlans & P. T. Higgins (Eds.), Biometrics (pp. 247-258). London: John Wiley and Sons.

Woodward, J. D. (2002c). Legal Considerations of Government Use of Biometrics. In J. D. Woodward, N. M. Orlans & P. T. Higgins (Eds.), Biometrics (pp. 217-246). London: John Wiley and Sons.

Woodward, J. D., Orlans, N. M., & Gatune, J. (2002). Esoteric Biometrics. In J. D. Woodward, N. M. Orlans & P. T. Higgins (Eds.), Biometrics (pp. 115-138). London: John Wiley and Sons.

Woodward, J. D., Orlans, N. M., & Higgins, P. T. (2002). Biometrics. London: John Wiley and Sons.

Woodward, J. D., Webb, K. W., Newton, E. M., Bradley, M. A., Rubenson, D., Larson, K., et al. (2001). Army Biometric Applications: Identifying and Addressing Sociocultural Concerns.   Retrieved 3 January 2009, from http://www.rand.org/pubs/monograph_reports/MR1237/

Xiao, Q. (2007). Technology review - Biometrics-Technology, Application, Challenge, and Computational Intelligence Solutions. IEEE Computational Intelligence Magazine, 2(2), 5-25.

Zoreda, J. L., & Oton, J. M. (1994). Smart Cards. Boston: Artech House.

Zunkel, R. L. (1999). Hand Geometry Based Verification. In A. K. Jain (Ed.), Biometrics: personal identification in networked society (pp. 87-101). Boston: Kluwer Academic Publishers.

Innovative Auto-ID and LBS - Chapter Seven Smart Cards: The Next Generation

Chapter VII: Smart Cards: The Next Generation

 

SMART CARD TECHNOLOGY

Historical Overview

The history of the smart card begins as far back as 1968. By that time magnetic-stripe cards while not widespread, had been introduced into the market (Purdue, 2008). Momentum from these developments, together with advancements in microchip technology made the smart card a logical progression. Two German inventors, Jürgen Dethloff and Helmut Grötrupp applied for a patent to incorporate an integrated circuit into an ID card (Rankl & Effing, 1997, p. 3). This was followed by a similar patent application by Japanese academic, Professor Kunitaka Arimura in 1970. Arimura was interested in incorporating “one or more integrated circuit chips for the generation of distinguishing signals” in a plastic card (Zoreda & Oton, 1994, p. 36). His patent focused on how to embed the actual micro circuitry (Lindley, 1997, p. 13).

 

Smart Cards in the 1970s

In 1971 Ted Hoff from the Intel Corporation also succeeded in assembling a computer on a tiny piece of silicon (Allen & Kutler, 1997, p. 2). McCrindle (1990, p. 9) made the observation that the evolution of the smart card was made possible through two parallel product developments- the microchip and the magnetic-stripe card- that merged into one product. However, it was not until 1974 that previous chip card discoveries were consolidated. Roland Moreno’s smart card patents and vision of an electronic bank manager triggered important advancements, particularly in France. In that year, Moreno successfully demonstrated his electronic payment product by simulating a transaction using an integrated circuit (IC) card. What followed for Moreno, and his company Innovatron, was a batch of patents among which was a stored-value application mounted on a ring which connected to an electronic device.

By the late 1970s the idea of a chip-in-a-card had made a big enough impression that large telecommunications firms were committing research funds towards the development of IC cards. In 1978 Siemens built a memory card around its SIKART chip which could function as an identification and transaction card. Despite early opposition to the new product it did not take long for other big players to make significant contributions to its development. In 1979 Motorola supplied Bull with a microprocessor and memory chip for the CP8 card. In July of that year Bull CP8’s two-chip card was publicly demonstrated in New York at American Express. French banks were convinced that the chip card was the way of the future and called a bid for tender by the seven top manufacturers at the time: CII-HB, Dassault, Flonic-Schlumberger, IBM, Philips, Transac and Thomson. Ten French banks with the support of the Posts Ministry created the Memory Card Group in order to launch a new payment system in France. Such was the publicity generated by the group that more banks began to join in 1981, afraid they would be left behind as the new technology was trialed in Blois, Caen and Lyon. Additionally, the US government awarded a tender to Philips to supply them with IC identification cards.

 

Smart Cards in the 1980s

By 1983 smart cards were being trialed in the health sector to store vaccination records and to grant building access to hemodialysis patients. But it the French who recognized the potential of smart cards in the provision of telephony services. The first card payphones were installed by Flonic Schlumberger for France Telecom and were called Telecarte. By 1984 Norway had launched Telebank, Italy the Tellcard, and Germany the Eurocheque. A number of friendly alliances began between the large manufacturers who realized they could not achieve their goals in isolation. Bull signed an agreement with Motorola and Philips signed and agreement with Thomson. Meanwhile, MasterCard International and Visa International made their own plans for launching experimental applications in the United States. In 1986 Visa published the results of its collaborative trials with the Bank of America, the Royal Bank of Canada and the French CB group. The “...study show[ed] that the memory card [could] increase security and lower the costs of transactions” (Cardshow, 1996, p. 1). Visa quickly decided that the General Instrument Corporation Microelectronics Division would manufacture their smart cards. The two super smart card prototypes were supplied by Smart Card International and named Ulticard. In 1987 MasterCard decided to spend more time reviewing the card’s potential and continued to conduct market research activities. Issues to do with chip card standardization between North America and Europe became increasingly important as more widespread diffusion occurred.

 

Smart Cards in the 1990s

The 1990s was a period characterized by the ‘microprocessor explosion’. Smart cards became a part of that new interest in wearable computing- computer power that was not only cheap and small, but was always with you (Cook, 1997, p. xi). The progress toward the idea of ubiquitous computing is quite difficult to fathom when one considers that the credit-card sized smart card possesses more computing power than the 1945 ENIAC computer which: “...weighed 30 tones, covered 1500 square feet of floor space, used over 17000 vacuum tubes... 70000 resistors, 10000 capacitors, 1500 relays, and 6000 manual switches, consumed 174000 W of power, and cost about $500000” (Martin, 1995, p. 3f). Today’s smart card user is capable of carrying a ‘mental giant’ in the palm of their hand. Smart cards can now be used as payment vehicles, access keys, information managers, marketing tools and customized delivery systems (Allen & Kutler, 1997, pp. 10-11).

Many large multinational companies have supported smart card technology because the benefits are manifold over other technologies. It was projected that by the year 2000, an estimated volume of smart-card related transactions would exceed twenty billion annually (Kaplan, 1996, p. 10). Michael Ugon, a founding father of smart card, said in 1989 that the small piece of plastic with an embedded chip was destined to “...invade our everyday life in the coming years, carrying vast economical stakes” (Ugon, 1989, p. 4). McCrindle (1990, p. ii) likewise commented that the smart card “...ha[d] all the qualities to become one of the biggest commercial products in quantity terms this decade”. And the French in 1997 were still steadily pursuing their dream of a smart city, “...a vision made real by cards that [could] replace cash and hold personal information (Amdur, 1997, p. 3). Currently, while there is a movement by the market to espouse smart card technology, numerous countries and companies continue to use magnetic-stripe cards. However, the vision for smart card now looks achievable, as some countries have vastly upgraded their payment systems (e.g. Singapore and Hong Kong). For a specific history of smart card in Russia see Travin (2008).

 

The Smart Card System

When considering which type of smart card technology to implement for a given service, buyers need to think about their requirements. What is paramount is that there must be a logical fit from the cardholder’s point of view (Hendry, 2007, p. 219). Major issues which need to be resolved include: card type, interface method, storage capacity, card operating functions, standards compliance, compatibility issues and reader interoperability, security features, chip manufacturers, card reliability and life expectancy, card material and quantity and cost.

 

Memory, Microprocessor Cards and Super Smart Cards

As Lindley (1997, p. 15f) pointed out there is generally a lack of agreement on how to define smart card. This can probably be attributed to the differences not only in functionality but also in the price of various types of smart cards. According to Rankl and Effing (1997, pp. 12-14) smart cards can be divided into two groups: memory cards and microprocessor cards. In a memory card there is a memory chip, and in a microprocessor card there is a microcontroller chip. Processor cards which are more sophisticated can be further classified into processor cards with or without coprocessors for executing asymmetric cryptographic algorithms such as RSA (Rivest, Shamir and Adleman). There are also ‘super smart cards’ which have displays and a keypad directly available to the user, many of which were prototyped to market electronic wallets and purses of the future (Rankl, 2007, p. 2). Ferrari et al. (1998), dedicate a whole chapter to the card selection process in their IBM Redbook (ch. 4).

As described by Allen and Kutler (1997, p. 4) memory cards are: “...primarily information storage cards that contain stored value which the user can “spend” in a pay phone, retail, vending, or related transaction.” Memory cards are less flexible than microprocessor cards because they possess simpler security logic. Only basic coding can be carried out on the more advanced memory cards. However, what makes them particularly attractive is their low cost per unit to manufacture, hence their widespread use in pre-paid telephone and health insurance cards (M'Chirgui, 2005). According to Hendry (2007, p. 17) an external application views a memory card as a data storage device with a limited range of functions. Today, wired-logic cards are much more common in which access is protected via a security protocol, either using encryption or a password. Memory cards are still highly marketable for mass market applications such as in transport applications (Blythe, 2000). For example NXP’s MiFare™ divides memory into sectors and fields, with each sector having separate access permissions (Figure 1).

The other type of smart card, the microprocessor card is defined by the International Standards Organization (ISO) and the International Electronic Commission (IEC), as any card that contains a semiconductor chip and conforms to ISO standards (Hegenbarth, 1990, p. 3). The microprocessor actually contains a central processing unit (CPU) which “...stores and secures information and makes decisions, as required by the card issuer’s specific application needs. Because intelligent cards offer a read/write capability, new information can be added and processed” (Allen & Kutler, 1997, p. 4). The CPU is surrounded by four additional functional blocks: read only memory (ROM), electrical erasable programmable ROM (known as EEPROM), random access memory (RAM) and the input/output (I/O) port. The Smart Card Forum Committee (1997, p. 237) outlines that the card is: “...capable of performing calculations, processing data, executing encryption algorithms, and managing data files. It is really a small computer that requires all aspects of software development. It comes with a Card Operating System (COS) and various card vendors offer Application Programming Interface (API) tools.”

 One further variation to note is that microprocessor cards can be contact, contactless (passive or active) or a combination of both (Petri, 1999). Thus users carrying contactless cards need not insert their card in a reader device but simply carry them in their purse or pocket. While the contactless card is not as established as the contact card it has revolutionized the way users carry out their transactions and perceive the technology. Rankl and Effing (1997, pp. 40-60) provide an exhaustive discussion on different types of microcontroller cards.

 

Card Formats

Smart card dimensions are typically 85.6 mm by 54 mm. The standard format ‘ID-1’ stipulated in ISO 7810 was first created in 1985 for magnetic-stripe cards. As smart cards became more popular, ISO made allowances for the microchip to be included in the standard. The standard size in the magnetic-stripe and smart cards gave way to the possibility of card migration. Smaller smart cards have been designed for special applications such as GSM handsets; these are ID-000 format known as the ‘plug-in’ card and ID-00 known as the ‘mini-card’ (Rankl & Effing, 1997, p. 21). It is important to note, that while smart cards come in numerous formats, the common feature is their thickness which is 0.76 mm. For a discussion on form factors of smart cards see Hendry (2007, pp. 54-56).

More recently mini-cards have been marketed and issued by companies such as VISA. The mini-card is almost half the size of a standard credit card at only 40 mm by 66 mm. It is considered a “companion card” to a normal full sized VISA card. The card contained a perforated hole at the bottom left corner so that it can easily be attached to a key chain, mobile phone, or other carry-along device. When the VISA Mini was launched in Australia during breakfast television programs, it was modeled fastened to a chain around the neck of young adults, who claimed it would increase their mobility. On their web site VISA (2008) have stated: “[w]hether you are going out for lunch with colleagues or friends, shopping at your neighborhood store, clubbing or dancing, on vacation or even when you are out for a jog!  Visa Mini is the answer to your demand for increased convenience and mobility in your everyday life.”

 

Card Elements

Several different types of materials are used to produce smart cards (Haghiri & Tarantino, 2002). The first well-known material (also used for magnetic-stripe cards) is PVC (polyvinyl chloride). PVC smart cards however, were noticeably non-resistant to extreme temperature changes, so ABS (acrylonitrile-butadiene-styrol) material has been used for smart cards for some time. PVC cards have been known to melt in climates that reach consistent temperature of 30 degrees Celsius. For instance, when the ERP system was launched in Singapore in 1998 a lot of people complained that melting smart cards had destroyed their card readers. Among the group who reported the most complaints to local newspapers were taxi drivers, who were driving for long periods of time. Similarly card errors often occur to mobile handsets that have been left in high temperatures. PET (polyethylene terephthalate) and PC (polycarbonate) are other materials also used in the production of smart cards.

The two most common techniques for mounting a chip on the plastic foil is the TAB technique (tape automated bonding) and the wire bond technique. The former is a more expensive technique but is considered to have a stronger chip connection and a flatter finish; the latter is more economical because it uses similar processes to that of the semiconductor industry for packaging strips but is thicker in appearance. New processes were developed in the mid 1990s that allowed a card to be manufactured in a single process. Rankl and Effing (1997, p. 40) explain, “[a] printed foil, the chip module and a label are inserted automatically into a form, and injected in one go”.

 

Multiapplication and Multifunction Cards

Most smart cards have a single function only. They are issued by a company to a customer for a specific purpose. For example, the first smart card payphone cards were used to make phone calls alone. The customer loaded the card up with money, made a telephone call, and the telephone operator charged the usage amount to the card. Multifunctionality should not be confused with multiapplication cards. Several functions on a smart card might include not only say a function to lend books out from a library, but also stored value for photocopying requirements and proof of identification of the person lending the books. The functions can be card-based (i.e. on board) or server-based via host and database.

Hendry (2007, p. 13) makes the distinction that a multiapplication card is one where several programs have been placed in the card’s memory. These applications can share data within the card, although this is not what usually occurs in practice. Often, a specific application is owned by separate entities, and cardholders need to select which application they wish to use during a given transaction, if it is not readily apparent to the terminal. 

 

Operating Systems

Smart card operating systems can be classified into native operating systems (e.g. using machine language) and interpreter-based operating systems (e.g. Java) (Hansmann et al., 2002). The principal task of operating systems is managing files (Rankl, 2007, p. 11). Where there is more than one application present on the smart card, a multi-application operating system is also present. According to Hendry (2007), such an operating system has to perform application protection, memory management, application downloading and updating. Well-known operating systems include Multos (originally developed by Mondex International), IBM’s MFC, Advantis (which follows GlobalPlatform’s JAVA architecture) and SECCOS (Secure Chip Card Operating System).

 

Interface, Readers and Terminals

Contact versus Contactless Cards

In contact smart cards, a power supply requires to have physical contact for data transfer. The tiny gold-plated 6-8 contacts are defined in ISO 7816-2. As a rule, if a contact smart card contains a magnetic-stripe, the contacts and the stripe must never appear on the same side. Each contact plays an important role. Two of the eight contacts have been reserved (C4 and C8) for future functions but the rest serve purposes such as supply voltage (C1), reset (C2), clock (C3), mass (C5), external voltage for programming (C6), and I/O (C7). Contactless smart cards on the other hand work on the same technical principles that animal transponder implants do. For simple solutions the card only needs to be read so that transmission can be carried out by frequency modulation.

Contactless solutions are becoming increasingly popular for ticketing applications due to the convenience factor. Commuters do not have to stop and queue to wait for “contacts” to read the card, they just go about their normal business and payment takes care of itself, after initialization of the ticket type (e.g. one journey, weekly or monthly). The International Standards Organization (ISO) has standardized the technologies used in contactless smart cards. The relevant standards are ISO14443 for proximity cards and ISO15693 for vicinity cards. ISO14443 is divided into four parts defining different aspects of the interface including physical characteristics, radio-frequency power and signal interface, initialization and anticollision, and transmission protocol. In simple terms, the microchip on a contactless card communicates with the card reader through RFID induction technology. Typically the read range needs to be not more than 10 cm to avoid charging other commuters accidentally. They are often used when transactions must be processed quickly or hands-free, such as on mass transit systems, where smart cards can be used without even removing them from a wallet (Trapanier, Tranchant & Chapleau, 2007).

 

Readers

A device that reads a smart card is known as a card accepting device (CAD) as it does not only read information from the card but also can write to it. Most smart card readers are embedded in larger terminal devices and usually follow application standards such as EMV (JCB Co, MasterCard and VISA), GSM or Calypso (Hendry, 2007, p. 22). Readers can either be insertion readers or motorized readers, the difference being how cardholders interact with the reader and the cost. Insertion readers are more privy to damage while motorized readers usually incorporate a shutter so they cannot be tampered with. Motorized readers slowly draw the card into the reader device, whereas insertion readers expect the cardholder to swipe the card through the contact points manually. This might lead to several read attempts if the cardholder does not know which way to face the card to be read properly etc.

 

Terminals

Terminals can take on various forms depending on where they are being utilized and for what purpose. For example, you can find smart card terminals at the point of sale (POS), in vending machines, kiosks, PC-connected readers, even personal smart-card readers. In the retail sector, the same terminal can be used to read multiple smart card applications. For example the same device can allow a consumer to purchase goods at the checkout, for an employee to log on to a cash register, even to grant customers loyalty points. The trend increasingly is toward self-service devices that cater for the needs of the individual, such as in the case of home banking applications.

 

Standards and Security

Similarly to magnetic-stripe technology, the most common method of user identification in smart cards is the personal identification number (PIN). The PIN is usually four digits in length (even though ISO 9564-1 recommends up to twelve characters), and is compared with the reference number in the card. The result of the comparison is then sent to the terminal which triggers a transaction- accept or reject. Additional to the PIN is a password which is stored in a file on the card and is transparently verified by the terminal. While the magnetic-stripe card relies solely on the PIN, smart card security is implemented at numerous hierarchical levels (Ferrari et al., 1998, pp. 11f).

There are technical options for chip hardware (passive and active protective mechanisms), and software and application-specific protective mechanisms. With all these types of protection against a breach of security, logical and physical attacks are said to be almost impossible (Rankl & Effing, 1997, pp. 261-272). The encryption in smart cards is so much more sophisticated than that of the magnetic-stripe. Crypto-algorithms can be built into smart cards that ensure both secrecy of information and authenticity. However, contactless cards are considered more susceptible to the breakage of keys than contact-only cards. External security features that can be added to the card include: signature strip, embossing, watermarks, holograms, biometrics, microscript, multiple laser image (MLI) and lasergravure (Figure 2). While the smart card is a secure auto-ID technology it has been proven in some instances that the device is still susceptible to damage, loss and theft without the reliance on expensive equipment. This has led to biometrics being stored on the smart card for additional security purposes. Thus we can say that while smart-card security is steadily advancing, at the same time “the range of attacks available to the determined attacker grows continuously wider” (Hendry, 2007, p. 230). What seems to be the consensus view is that even if a card is actually penetrated by an attacker, the wider systems the card is used to link to must remain secure.

 

THE SMART CARD INNOVATION SYSTEM

Social Specialization of Labor

The fundamental difference between the smart card and magnetic-stripe card is the on-board intelligence. Yet while the smart card is a far more sophisticated technology it does not mean it should be considered superior per se. Chadwick (1999, pp. 142-143) for instance, asserts that smart cards are not always the smart choice. Since the smart card’s invention, the microchip has acted to boost the profile of the device. The ultimate vision for the card has been that of a ‘PC in your pocket’, i.e., a mobile PC. Shogase (1988) coined the term ‘plastic pocket bank’. He worked for the Toshiba Corporation while they were developing the VISA SuperSmart Card. Although the card did not achieve expected diffusion rates in places like North America in the mid 1980s, entrepreneurs did not abandon it (especially in Europe). In the late 1980s, Bright (1988, ch. 8) wrote that France and Japan were leading the way followed by the U.S. Today, this geographic concentration still exists but other markets, particularly in Asia are starting to make an impact on the smart card industry, such as Hong Kong, Taiwan, Singapore, and China (McKenna & Ayer, 1997, ch. 3).

 

The Smart Card Stakeholders

Throughout the 1990s smart card gave rise to a new breed of start-up companies that were eager to exploit opportunities as they arose. The excitement even attracted some traditional magnetic-stripe card manufacturers. This was especially true of the system integration specialists who now had the job to build systems that could “talk” to each other (Ferrari, 1998, ch. 13). Not all auto-ID system integration companies were up to the task however, acquiring smart card knowledge required employee retooling and training (Keenan, 1997, p. 35f). With these new start-up companies came new knowledge and also the delineation of niche areas of expertise. Hendry (1997, p. 250) suggests a T-shaped knowledge base in a smart card organization where there are many people who have a top-level understanding of the technology while a few people need to develop detailed knowledge. These companies included: integrated circuit (IC) manufacturers, smart card manufacturers, terminal manufacturers, smart card integrators, smart card software specialists (operating systems, applications and access) and numerous other third parties.

 

Gathering Project Requirements

Smart card product development was unlike traditional technologies. Part of the difficulties with smart card, besides the fact that it was a relatively new high-technology is that most often project requirements were ill-defined, and they kept shifting throughout the lifetime of the project. Timeframes for each phase of development were hard to estimate along with costs and exactly what resources were required and when. Coordinating efforts between various suppliers was also problematic. In addition smart cards were privy to high rates of technical change and higher levels of uncertainty than other technologies (Fruin, 1998, pp. 241-249).

With so many individual stakeholders, many of whom were extremely specialized, designing an end-to-end smart card solution was a complicated task (Slawsky & Zahar, 2005; Davis & Mitchell, 1996). Some of the more complex issues are: “[h]ow can smart cards include multiple brand logos without confusing the consumer? Who is liable for lost and/or stolen cards and how are they replaced? Who provides customer service and how is it made seamless to the consumer? How are applications developed, certified, installed, and upgraded? How are privacy, accuracy, and security insured? How are revenues shared?” (Allen & Kutler, 1997, p. 12f; Ferrari et al., 1998, ch. 12; Barr et al., 1997, pp. 64-68). Fruin (1998, p. 248) summarizes developing smart card technology as “[h]ighly problematic, fraught with technical, organizational, managerial, and human resource difficulties”. Hendry (2007, p. 219) describes the difficulties associated with the implementation of smart card and emphasizes the importance of using a roadmap to help answer questions at each stage.

 

Utilizing Limited Human Resources

Apart from the few large smart card manufacturers, the other technology providers were usually small in size and had limited resources (Dreifus & Monk, 1998, pp. 305-314). Departments within the company had to be agile and customer-oriented but also forward-looking in terms of building generic hardware and reusable software. It is not always easy to mobilize resources in companies whose core products are applicable to more than just one high technology. For instance, in the case of integrated circuit suppliers, smart cards are only one technology among many that they are supplying. It is the same in the case of ISVs (Independent Software Vendors) who may be developing software for not only smart card players but also Internet-centric applications etc. It can be a dangerous proposition to freeze resources on a product-by-product basis but a fine balance needs to be struck between the two possible extremes.

 

Partnering

At the same time smart card component suppliers were also dependent on one another, particularly because no one vendor could provide the whole solution without relying on contributions from smaller players (Lindley, 1998, p. 87). In the VISA SuperSmart card development, Fruin (1998, p. 243) observed that “[n]either Toshiba nor Yanagicho boasted the complex and precise component-design, system-development, and product/process capabilities required for the project. A need for these forced Yanagicho to forge alliances with other Toshiba units and outside vendors.” In addition, one company may have the capabilities to do a particular part of the design process but the sheer magnitude of the project may not afford the time to complete tasks in-house, or there are other firms that have certain core competencies that would do that particular phase more economically.

When several organizations are working together to ensure that a service is available to a customer, it is important that the organizations are working to a common schedule. So many times the media has reported vendors of technology have let down their customers. Multiple vendors working together may have had four-fifths of a given solution ready but missing a vital component that ensures the ability to ‘go-live’ on a project. According to Hendry (2007, p. 220) priorities and decision-making processes need to be aligned and the choice of partners should not limiting in any way.

 

Firm-to-Firm Collaboration

Firm-to-firm collaboration between smart card companies continued to proliferate particularly in Europe (Allen & Kutler, 1997, p. 20; Cagliostro, 1999), even though the North American market was still struggling. Cortese (1997) also reported how the smart card market was poised to grow in the U.S. The establishment of the Smart Card Forum (SCF, 2002) in 1993 was an attempt to bring stakeholders even closer together. Citicorp, Bellcore, and the U.S Treasury Financial Management Services Division were integral to the formation of the Forum attracting business leaders from the public and private sector to share a common smart card vision. By the end of 1997, the Forum boasted 230 corporate and government international entities (Allen & Barr, 1997, pp. 268-273). The common goals of SCF included the:

“- promotion of the interoperability of cards, devices, and systems to assure an open market capable of rapid growth

- facilitation of information exchange, communications, and relationship development across industries in order to stimulate market trials

- service as a resource to policy makers, regulatory bodies, and consumer groups on issues impacting smart cards, especially in the areas of social responsibility and privacy” (Allen & Barr, 1997, p. 266).

Working groups and cross-industry committees were subsequently set up to brainstorm on issues specific to applications. The results of the studies are routinely published in white papers, standards and delivered at industry presentations. Similar forums have begun to sprout throughout the globe. For example, the Asia Pacific Smart Card Forum (APSCF) based in Australia was established in 1995 and had over fifty members in 2001. APSCF not only brought firms with common interests together but also promoted the interests of members to key policy makers at both the political and bureaucratic level of government (APSCF, 2000). The Forum does not exist in its original form, although there are now a number of smart-card related e-governance forums online. There is also the Asia Pacific Smart Card Association (APSCA, 2008) which is active in China, Singapore, Hong Kong, Taiwan, Japan, Korea, Malaysia and Thailand who may not have a large count of members, but boast memberships from the larger organizations such as Chunghwa Telecom Laboratories, Gemalto, IBM, Sony, Unisys, and Zebra.

 

Geographic Clustering

A pattern soon began to emerge linking the success of the smart card technology provider to its physical proximity to the customer. Lindley (1997, p. 88) also noted this stating that there was globally “…a strong correlation between the incidence of local suppliers and smart card application users.” In an effort to increase their revenues, European and Asian suppliers entered the US market, establishing a local presence in the hope that this would result in sales. Some of these smart card suppliers in the US believe that a smart card manufacturing group should be established in Silicon Valley: “[a] group such as this is needed to provide a road map, if you like, and a vision for the industry over the next decade.” Townend believed that the full spectrum of industry should participate in the group (McIntosh, 1997, p. 45) in order for greater collaboration to take place between firms and also as a central location to be able to demonstrate the full potential of smart card to prospective customers.

 

Private Enterprise and University: Forging New Links

As a result of geographic clustering very useful relationships began to form between private enterprise and local university research institutes. Not only was this a mechanism to perform useful collaborative research and development but it was also a way to attract skilled talent into the industry. Big smart card players like Schlumberger continued to fund and support initiatives particularly during the 1990s. The University of Michigan’s Centre for Information Technology Integration (CITI) is just one example. In late 1999 it formed a partnership with Schlumberger to develop the world’s smallest web server to run on a smart card (Media, 1999; University of Michigan, 1999). Prior to that CITI was investigating the future possibilities of the U-M card, the university’s campus smart card, supplied by Schlumberger. Both groups believed that the partnership would be mutually beneficial in the long term. At the University of Malaga the GISUM group was also researching smart card in 2002 (GISUM). The work was being supported by the European Union (EU) and the Spanish Ministry of Science. Two projects are of interest here- the eTicket project and the electronic forms framework for citizen-to-government (C2G) Internet-based transactions. Some collaboration between universities and enterprises, have resulted in university campus space being dedicated to technology parks/centers. For instance, the Smart Card Design Centre (SMDC, 2002) was operated as a business unit, housed within the City University of Hong Kong. The Smart Card Design Centre was funded by the Innovation and Technology Commission and the Hong Kong Government.

 

Consortiums and Alliances

The late 1990s saw a trend towards the formation of consortia and strategic alliances. Consortiums in high-tech typically pool together specialist resources from private enterprise, universities and other institutes, usually in anticipation of a new opportunity. As opposed to collaborative research on a specific topic that seeks to satisfy particular outcomes, a consortium’s scope is broader and usually more exploratory in response to a government or prospective large customer initiative. An example of this is the VerifiCard project in Europe which had six partners from four different countries, though it is not unusual to find consortiums with twenty partners containing mostly private companies. The VerifiCard project included: the University of Nijmegen (Netherlands), INRIA (France), Technical University of Munich (Germany), University of Kaiserslautern (Germany), Swedish Institute of Computer Science (Sweden) and SchlumbergerSema (France) (Partners, 2002). Most consortia usually have at least one or two big players that influence the direction of the rest of the group. It is also not unusual to find fierce competitors come together in consortiums, although typically this is avoided in overly competitive scenarios whereby separate consortia form.

Traditional players in auto-ID applications have especially sought to form alliances with providers of infrastructure, including banks, financial services, and telecommunications companies (Allen & Kutler, 1997, p. 16; Keenan, 1997, p. 37; Tam & Ho, 2007). Smart card business developers have identified new creative possibilities, piggybacking on the success of existing applications but in many cases the market response from users and merchants has been uncertain. For instance, there is the possibility for telecommunications operators to be earning revenues from public payphones capable of acting as cashless de facto ATMs or consumers being able to add vending machine purchase charges to their mobile phone bill or even CATV companies making use of set-top boxes to give subscribers online services on-demand. All these ideas sound very useful but in addition to the possibility of very slow take-up rates, deployment can be very tricky as well.

Independent software vendors (ISVs) specializing in smart card can build what look to be cutting-edge applications but without the access infrastructure (fixed or wireless), it is impossible to proceed. Hendry (1997, p. 250) makes the important observation that while individual applications can be built in a very short time frame (especially for closed systems), it can take two to three years for a national infrastructure to support the application to emerge and even five to ten years for a global one. Hendry’s analysis is precise: “[g]etting the infrastructure right, and making it easy to upgrade and add applications, should… be a top priority for any scheme.” In the same way telecommunication operators may wish to deploy state-of-the-art applications but how to collect revenues from subscribers (i.e. billing issues) and how to share profits between the players in the value chain may be fuzzy.

Alliances also act to curb the threats from non-traditional new entrants that may know little about the smart card business but have the venture capital to invest. With the rise of the dot.coms, non-traditional players especially entered the banking and telecommunication sectors hoping to make a lot of money from online applications. Many of these companies were attracted by the inflated revenue forecasts that were being predicted by analysts so the whole business case was built on shaky foundations from the outset. There was little in the form of user surveys granting valuable feedback, and unfortunately millions of dollars have been wasted during this time on ‘get rich quick’ schemes. Kaplan (1996, ch. 4) has identified successes and failures in the smart card industry pre-1996. He provides a good example in the Smart Card International experience (Kaplan, 1996, p. 22). The company assembled worldwide licensing rights but it was unable to distribute its product because it had no strategic alliances with other companies to assist with reselling locally, e.g. the Global Chipcard Alliance.

 

Communicating Information

With smart card development innately encouraging so many interactions between stakeholders it is no surprise that so much literature has been published on the topic. The distribution of information has acted to continually educate all the various stakeholders, including users, about smart cards and their applications. Today users are a lot more technically astute than they used to be. The PC, cable television, game play-stations, Internet and mobile phone, and more recently the personal digital assistant (PDA) and internet POD (iPOD) have all contributed to a more technology-savvy society. In some ways the permeation of so much information may have been one reason why some users have resisted the change (Lindley, 1998, pp. 144-145; Keenan, 1997, pp. 26-34). The Internet has played an important role in granting people access to information that was otherwise in hard-copy form in limited locations, such as public libraries.

Today there are daily reports on worldwide smart card activities. Apart from the numerous web sites like SCN (1999) there are a number of industry magazines dedicated to smart cards is indicative of the general growth of the auto-ID industry over the years. Some of the more prominent journals include: Card Technology, Cards&Payments, Card Technology Today (now CTT), Report on Smart Cards, Smart Card and Systems Weekly, Smart Card Monthly, Smart Card News and Smart Cards and Comments. There is an explicit knowledge infrastructure that has grown with the industry.

Industry associations are also contributing to smart card growth, like the Smart Card Industry Association (SCIA) that was established in 1989. SCIA acts as a resource centre and is also involved in organizing conferences and other industry events. SCIA’s primary purpose is educational in nature. SCIA represents smart card technology providers. Other institutions include the SmartCard Developers Association, the International Card Manufacturers Association (ICMA) and the Smart Card Club, Card Europe. The latter association which tries to promote user confidence in smart cards believe (Kaplan, 1996, p. 318): “...that only by achieving consensus across both industry and country borders, [they]… will be able to achieve a true representative set of products and standards leading to full interoperability with a multi-service capability...”

     

The Importance of ISO

According to ISO, “[s]tandards are documented agreements containing technical specifications or other precise criteria to be used consistently as rules, guidelines, or definitions of characteristics, to ensure that materials, products, processes and services are fit for their purpose” (Dreifus & Monk, 1998, p. 29). It is not difficult to see why standards play such an important role in smart card development. Without them there would be no common point of reference for any of the stakeholders to follow. ISO is a worldwide federation of national standards bodies which has worked towards ways of making cards and equipment interoperable (ISO, 2008). Adherence to ISO standards is not compulsory but it is advisable.

Unlike magnetic-stripe cards where proprietary schemes could possibly increase the security of applications in particular scenarios, smart cards have in-built security features and standardization is almost always desirable (Mayes & Markantonakis, 2008). In the case of magnetic-stripe card technology, it was no coincidence that ISO 7810 was composed, “rather [it was] the close cooperation among major providers that established global standards and specifications” (Kaplan, 1996, p. 210). Early smart card developers adopted existing magnetic-stripe standards initially in order to allow a smooth migration from magnetic-stripe. Today all three technologies can be utilized on the same card- “the information... can be accessed by reading the chip, swiping the magnetic stripe, or making an imprint from the embossing” (Dreifus & Monk, 1998, p. 31).

Other important ISO standards that influenced the rise of smart cards were ISO 7816 which defines ICCs (Integrated Circuit Cards) with contacts and ISO 10536 which defines contactless ICCs (Jacquinot Consulting, 2008). ISO 7816 contains seven parts stipulating guides to physical characteristics, dimensions and locations of the contacts, electrical signals and transmission protocols, inter-industry commands, application identifiers and data elements for interchange. Suppliers should be ISO 7816 or ISO 10536 compliant even though adhering to ISO standards does not ensure that interoperability is achieved between cards and terminal equipment. ISO leaves room for industry-level specifications but when none exist mismatches can happen (McKenna & Ayer, 1997, p. 48). Hendry (1997, pp. 253-258) provides a complete list and description of ISO standards as related to smart cards. Ferrari et al. (1998, ch. 3) also discusses standards and specifications, especially ISO 7816, CEN726 (the ETSI version), GSM, EMV (MULTOS), PC/SC, the OpenCard framework, IATA Resolution 791, SEIS (Secured Electronic Information in Society), Cryptoki, CDSA (Common Data Security Architecture), PC/SC Workgroup, and MASSC a generic architecture for multiapplication smart cards.

 

Specifications

As has already been mentioned ISO ICC standards are not so constraining that there is no room for industry-specific standards. Thus in some cases additional specifications need to be drawn. In late 1993, Europay, MasterCard and Visa took the initiative to join forces as EMV to formulate ICC Specifications for Payment Services. As Kaplan (1996, p. 214) explains, the EMV cooperation was the pooling of expertise for a common goal. The objective was, “to eventually permit interoperability among chip-based payment cards for credit and debit applications [figure 3]. Without common technical standards, an array of incompatible systems would proliferate- building serious barriers to both consumer and merchant acceptance” (Allen & Kutler, 1997, p. 8). Dreifus and Monk (1998, p. 42) notice that the development of the EMV specification followed a series of evolutionary steps. The EMV specifications were delivered in three parts each focusing on a different set of issues. EMV-1 described the smart card and its environment, EMV-2 described the terminal environment and EMV-3 described how data would be exchanged between the card and the terminal.

EMVCo was established by the EMV alliance in 1999 to administer EMV standards for debit/credit cards. The newer CEC (Chip Electronic Commerce) and the existing SET (Secure Electronic Transaction) was combined in the EMV specification (Jones, 2000; EMVCo, 2003; SET, 2000). It also should be noted that e-purse standards emerged (not in competition to EMV but at another layer of detail) called CEPS (Common Electronic Purse Specifications) and TAPA (Terminal Architecture for PSAM Applications), i.e. PSAM standing for Purchase Secure Application Modules. “The PSAM is a device that performs security functions during an electronic purse purchase transaction. TAPA provides a structure for terminals that can process single or multiple applications” (Jones, 2000). In 2002, MasterCard acquired Europay and in 2004, JCB International joined EMVCo alongside MasterCard and VISA. An important lesson learnt from the development of the EMV specification is (Allen & Kutler, 1997, p. 12): “that progress… requires collective discussion, and action. No one company can optimize smart cards unilaterally, and even industry-wide coordination through, say, a banking or retailing association, will fall short of the mark.”

Just like EMV, ETSI (European Telecommunications Standard Institute) decided to formulate an industry specification in the 1980s for its proposed Global Systems for Mobile (GSM) network. The specification, known as SIM (Subscriber Identity Module) is predominantly used in Europe and Asia. The SIM has the functionality to perform authentication and offer a personalized service to subscribers. GSM offers international compatibility and allows for the subscriber to roam in any country where there is GSM coverage. GSM specifications include: security aspects (02.09), SIM (02.17), network functions (03.20) and SIM interface (11.11). When designing smart card solutions different levels of standards need to be adhered to dependent on the application. These levels may pertain to the physical card itself, the contact pads, the card reader, the interface, the Application Programming Interface (API), the application itself, even card management. Standards and specifications can change and/ or evolve. According to Dreifus and Monk (1998, p. 46) changes in standards are “…a result of the natural evolution and the maturation of the technology”.

 

Legal, Regulatory and Policy Issues

Regulation E and Stored Value Cards (SVCs)

In 1987 Svigals (p. xviii) noticed that the national governments of Japan and France were beginning to implement government policies and actions relating to smart cards. Twenty years later the rise of smart card schemes in operation has brought the question of regulation into the spotlight. This is not necessarily a bad thing for the industry; some experts see it as an evolutionary step in the life-cycle of smart cards. Barr et al. (1997, p. 69) believe that a technology such as smart card is becoming commercially significant when lawyers and regulators begin to study the legal, regulatory and policy implications. From about the late 1990s discussion about Regulation E has increased. “Regulation E was promulgated by the Federal Reserve Board as the implementing regulation for the Electronic Fund Transfer Act of 1978. It is designed to protect consumers and defines the right and obligations of consumers and ‘financial institutions’ with respect to electronic transaction affecting consumer accounts” (Barr et al., 1997, p. 70). In the past it has been easier to identify smart card applications that require financial transactions to be performed and need appropriate regulations, but with the introduction of multiapplication smart cards this defining line has blurred. According to Barr et al. (1997, p. 78), the following issues need to be considered: “is the issuer of a SVC going to be treated as a bank for federal or state purposes; will there be export control restrictions because of the encryption used in the smart cards; and how will general commercial law principles which have evolved in connection with old-style payment systems apply to smart card.”

Financial institutions are no longer banks, building societies and credit unions; they can be anything from telecommunications companies to airlines, it all depends on the services being offered. The Federal Reserve board believes “that if cards are used to access an account” they are subject to Regulation E (Noe, 1995, p. 44). Thus, the Board has issued proposed changes to Regulation E and how it should be applied to stored value cards (SVCs). Owens and Onyshko (1996) provide a comprehensive discussion on regulations, legal and privacy issues as they relate to credit cards, debit cards and SVCs. One industry spokesman, the president of Cash Station Incorporated, James Hayes, does not think that Regulation E should be imposed on SVCs. Hayes rather compares SVCs to cash equivalents rather than customer transaction accounts. He believes that smart card “development will be impeded by regulation imposed before the purpose, risks and benefits can be clearly assessed... [he] cautioned that smart card regulation is in its infancy and that it will continue to evolve” (Noe, 1995, p. 45).

In 1997, the US Federal Reserve issued a clarification and simplification of Regulation E, finally providing protection to credit cardholders (Grupe, Kuechler & Sweeney, 2003). “Maintaining consumer confidence, managing technology and preventing fraud are among the most often cited reasons for applying regulation E to smart card transactions” (Puri, 1997, p. 138). One of the biggest problems of Regulation E is that it requires a receipt to be kept for every transaction, and in the case of smart cards, this is very difficult given the breadth of applications a single card could support (e.g. parking meters, vending machines etc) (Figure 4). In 1998 O’Connor wrote about the de minimis exemption for stored value cards in proposed changes to Regulation E. He pointed out that removing SVC protections would make cardholders easy targets for either unscrupulous vendors or fraudulent issuers who disburse defective cards. He called this an “open invitation to fraud”. To make things even more complicated it is no longer the point of sale (POS) in which companies focus on but the point of interaction. Furletti (2004b) believes the whole area of payment cards and Regulation E is very “unsettled” which has led to a great deal of consumer confusion. There has been a clear call for uniform standards to be introduced (Furletti, 2004a).

 

Who Has Access to Information and Where?

In 1997, Puri (p. 134) stated that on average 80 more times of data can be stored on a smart card than a magnetic-stripe card; today about 10 megabytes of data can be stored on a smart card. No matter how one looks at future possibilities, the smart card is set to play a major role in remote banking services. Tarbox (1997, p. 262) believes that smart card issuers must therefore disclose to application developers and consumers, how and who will have access to information, and how it will be distributed. For a thorough discussion on privacy see Branscomb (1994). On the topic of smart cards (p. 70) she provocatively questions: “[b]ut are we willing to have so much medical information about ourselves contained in so little electronic space, with possible access not only to us and the doctors treating us, but as well to our insurance companies, our employers, and the FBI, not to mention that bizarre world of computers voyeurs?” Cuddy (1999), Brin (1998), and Davies (1996, ch. 7; 1992, ch. 4) offer groundbreaking insights into this area. When considering the rise of multiapplication cards, the problem of ‘who owns information’ is even more complex. At least a single application card can undergo some sort of assessment with visible limits.

Another question mark that surrounds world-wide interoperability of smart cards is how they will be regulated when they are used in different countries. For example, does a regulation applied in the U.S. have any legal bearing in Australia or Japan? Some have suggested the enactment of a number of privacy torts related to smart card, others are encouraging the use of electronic contracts between issuers and consumers since new laws are not about to appear overnight. The contract should give the consumer confidence that they will have full control of personal information on the card (i.e., in case of error); why this personal information is required, who will use it and for how long; how the consumer’s privacy is protected to ensure non-disclosure and if a particular application is covered by existing statutes; and reference to the issuer’s privacy policy (Cavazos & Morin, 1995, pp. 34-45; Barr et al., 1997, p. 76).

 

Sources on Consumer Acceptance of Smart Card

Svigals (1987, ch. 16) was one of the first authors to discuss the potential societal impacts of smart card as was C. P. Smith (1990, ch. 9). For key strategies and considerations for user acceptance of smart cards refer to Lindley (1994) and Cooper, Gencturk & Lindley (1996). Consumer acceptance of the smart card in some geographic regions is very low, even in some cases where adoption of other high-technologies such as mobile phones has been high (Bright, 1988, pp. 145-149; Card World, 1990, pp. 42-45; Radigan, 1995; Smart Card Alliance, 2006). Specifically it was user privacy concerns that initially hampered smart card diffusion in many parts of the world (Lindley, 1997, pp. 132-142; Barr et al., 1997, pp. 73-78; Vincent, 1995). A number of links can be found on Ontario’s Smart Card Project created by the Information Policy Research Program (2002). The site contains useful press clippings and articles on public policy and smart card. Included in this site are links to Roger Clarke’s articles on public policy issues related to identification (Clarke, 1997). Other useful reports include: Privacy Committee of NSW (1995) and the Privacy Commissioner (1995).

 

The Social Implications of Mass Market Chip Cards

Many citizens across the globe have vehemently protested the use of smart cards for citizen identification. However in some countries citizens are powerless to voice their concerns, while in other countries governments have already introduced unique lifetime identifiers (ULI) linked to an ‘everything’ card (Drudge, 1998) without much public discourse or consultation. It is not the technology itself that most people fear but what it represents and how the capability of unique ID can be used by anyone who has access to the information, particularly potential totalitarian governments or regimes. For a comparison between Australian and UK national ID proposals, see Jackson and Ligertwood (2006, pp. 45-55) and for an indepth review of Australia’s identity card proposals see Jordan (2008).

While there are many advantages gained by the use of multiapplication smart cards for government and non-government applications, more research needs to go into what these advantages mean in real terms. Almost always, the economics behind large schemes such as national ID cards are unjustified, costing the taxpayer more in the long-term (M.G. Michael & K. Michael, 2006, pp. 359-364). The notion of many ‘little brothers’ versus one Big Brother has been put forward in opposition to multiapplication cards. While the intent of the issuer may be noble, i.e. to offer a better service to its customers, no one can guarantee that the information will not be used ‘against’ an individual. These are not conspiracy theories but lessons from history (K. Michael & M.G. Michael, 2006).

One of the most infamous uses of dossiers against a people was that of the Nazis against the Jews (Black, 2001). Evans (1987) writes with reference to the proposition of an ID card in Australia: “I can understand why many people- particularly those who have lived under totalitarian regimes or fled from Nazism- oppose the Australia card”. In 2006, the Australian government proposed the Human Services Access Card which was to replace 17 different cards issued by 4 government agencies (Australian Privacy Foundation, 2007; Greenleaf, 2007). In the end the proposal did not gain support (Clark, 2008, pp. 156-166). This is contrast to country-specific mass market cards in Hong Kong (Octopus, 2008) and Britain (e.g. Oyster Card). There seem to be cultural differences in the adoption of new mass technologies. Due to their multiapplication capabilities, smart cards are renowned for function creep.

Function creep is defined by Clarke (1996) as “the commencement of a scheme with a small number of uses, but with accretion of additional uses (and often intrinsically more invasive ones) at a later stage.” For example, the Octopus Card was never meant to be a government ID card, but specific applications were deployed after the card was introduced as a solution for transit (Figure 5). Observers suspect that the British Oyster Card may be going down the same roadmap. Each Oyster smart card has a unique ID number which is linked to the registered owner’s name. Every time the card is used a transaction is recorded of where and when it occurred. Commuters have been told that the data is retained for planning purposes to help in the provisioning of services, but it is well-known that the data could also be released to law enforcement agencies (Turban & Brahm, 2000; Mustafa, Giannopoulos & Pitsiava-Latinopoulou, 1995; Teal, 1994). Mark Littlewood of the civil rights group Liberty in the UK reflects: “[a]ll too often we have seen data collected for one apparent purpose, only for it to end up being used for something entirely different” (Scullion, 2003).

 

SMART CARDS APPLICATIONS

Overview

Like the magnetic-stripe card and bar code card before it, the smart card can be applied to many different applications (Datamonitor, 1996, ch. 3). The question is whether or not the smart card is the best-fit solution to the problem at hand (Carr, 2002). For example, “[i]n France, virtually all bank cards have been converted from magnetic stripe technology to chip technology to cut down on fraud” (Lever, 1997, p. 18); yet the same level of migration cannot be assumed in all parts of the world. It is therefore not surprising that it was also in France that one of the first multiapplication city smart cards was trialed in Vitrolles in 1990 (Sola, 1990). The UK also announced a similar CityCard project in 1998. Smart cards are also being used more and more for travel and to reduce traffic congestion. The Electronic Road Pricing (ERP) system in Singapore, officially launched in March of 1998, collects two forms of road revenue: using a particular stretch of road and for entering the CBD (Central Business District) during designated busy hour traffic periods. Inserted in the reader of each vehicle is a Cash Card which is debited each time the vehicle crosses an ERP area. Parking is yet another application for smart cards used for charging drivers for the time they occupy a space and/or given access to a car park (Figure 6). Prepaid smart cards have even been used for consumer electricity payment (Raad, Sheltami & Sallout, 2007).

Health cards using smart card technology have also become common. The main motivators for the use of smart cards in health care from the patient, service provider and payer perspectives can be found in Brainerd and Tarbox (1997, p. 155). Smart cards can store patient information making the processing of transactions particularly in hospitals easier. In some countries like Germany, the health care smart card has been implemented successfully but for the greater part controversy surrounds privacy aspects of the card. There is a fear that if health data is stored centrally then it may be at risk of being misused by independent entities. Errors in patient records can also be damaging to an individual if they go unnoticed. However fully networked and integrated health care systems that incorporate end-to-end health provision are still lacking. It is envisaged that in the future, a patient will be able to visit his/her doctor, receive a diagnosis from the doctor and store this information on the smart card. If the patient requires drugs, prescriptions could be made electronically to ensure non-conflicting medications were given. Visits to specialists and test results could also be stored on the card.

The largest application of smart cards however is for public telephones. Figures released by Datamonitor indicated that in 1996 around 66 countries had adopted smart card payphones and smart cards for payphones accounted for approximately 75% of all smart cards sold globally. While the benefits offered by smart payphone cards over magnetic-stripe payphone cards are negligible, telephone operators are strategically positioning themselves for tomorrow’s mass market consumer mobile payment applications. If the smart card infrastructure in payphones is ready to be used, it is only a matter of additional software to be written for other applications such as banking. Imagine using a payphone or a mobile device that could act as an ATM (Figure 7). The development of the Global Standard for Mobile Telecommunications (GSM) required a subscriber identity module (SIM) to be inserted into the mobile handset. The SIM is the mechanism that allows a subscriber to connect to the network and is essentially a smart card made to ISO specifications (Moorhead, 1994). Smart cards are also being used for satellite and cable television (CATV) to prevent unauthorized viewing of programs and for metering of household energy use. Security algorithms decode the signal via a set-top box. Monnin (1992, pp. 418-421) writes of the exclusive advantages in pay-TV. University campus smart cards are also widely used.

Many governments are also looking into smart cards for social welfare and more generally for citizen identification (e.g. for voting). The Malaysian Government multiapplication smart card known as MyKad began being issued by the National Registration Department in 2001. The ID card is now issued to all citizens and permanent residents over the age of 12 years old and there are now about 20 million active MyKads with more to follow as citizens continue to migrate from the older ID card. MyKad card holds drivers license details, passport data, and other information. In some countries such national cards have been launched without adequate data protection and privacy legislation. In 2002, there is the well-known case of the Japanese government who launched JukiNet effectively linking national, regional and local government databases together, without adequate privacy protections. Within 24 hours, local authorities had disconnected from the network citing privacy problems. A privacy law was then rushed through Japan’s judicial system. According to Hendry (2007, p. 199) the Diet and Juki Cards which are now commonplace in Japan, contain the name, address, civil status, and a link to the holder’s records in JukiNet.

 

Case 1: Smart Cards in Telecommunications

Pre-paid Telephones Cards

Without a doubt, prepaid smart cards for public payphones account for the largest segment of the smart card market (Crotch-Harvey, 1996), and this continues to hold true today. In 1995, telecommunication-specific smart cards accounted for 80 per cent of the market. More recent market share forecasts are available. They indicate that the market share has shifted by application type (Freedonia, 2003; Frost & Sullivan, 2004; IMS, 2008). The future for broadband services continues to flourish which forced traditional telecommunications companies in the 1990s to form alliances or even merge with CATV companies, Internet Service Providers (ISPs), Web software businesses and media corporations in a bid to share their risks and make sure they are not left out of the race (Wilson, 2001). All these applications require smart cards for subscriber access authorization with capabilities to bill customers for services used and information content downloaded (Hadeed, 2000).

The first recognized trial of smart cards for prepaid telephone cards was by the French Post Telephone and Telegraph (PTT) in 1982-83. The French justified the move from coin operated payphones to smart card payphones by highlighting that about 15 per cent of phone call tariffs were lost as a direct result of telephone charging frauds and coin theft (Svigals, 1987, p. 97). The French trials were so successful that in 1984 ten thousand smart card payphones were installed in France with 400,000 smart cards issued to consumers. By 1995 there were a reported 1.5 billion prepaid telephone cards sold- “four hundred million of these were smart cards that can be accepted in one of every five payphones in more than 70 countries” (Lutz, 1997, p. 131). The smart cards used by French Telecom were made by Gemplus (now Gemalto). Gemplus is the leading maker of smart phonecards with 40 per cent of the market share. It supplies smart cards to 50 national telephone operators in about 50 countries worldwide. Gemplus sold 120 millions smart cards in 1994 alone.

In 1994 US WEST marketed the Telecard smart card in conjunction with the Nortel Millennium payphone. In 1995, Québec Telephone became the first company in North America to modernize its entire payphone system. In 1996, BellSouth chose to team up with Nortel at the Atlanta Olympic Games. BellSouth deployed 200 smart card-compatible Nortel Millennium intelligent payphones which were able to handle VISA Cash. Nortel was the first to bring smart card capable payphones to North America and in 2003 they had more than 100000 Millennium terminals installed throughout the region. It was a way for BellSouth to differentiate itself from the other 866 payphone providers in Georgia. The Millennium payphone was multi-pay, multi-card capable, accepting “VISA Cash as well as magnetic-striped, commercial credit and calling cards, and coins” (Scarlett & Manley, 1996, p. 3). By 1997, the smart cards had become so popular that Mondex International decided to use the Nortel Millennium payphone and Nortel PowerTouch 360 (also known as the Vista in Canada) to offer electronic banking and home banking services. Customers now have the additional ability to ‘reload’ their prepaid cards by transferring funds from their personal accounts. In essence, the intelligent telephone has now become a remote ATM.

 

Subscriber Identity Modules in Mobile Phones

Another use of smart cards in telecommunications since 1992 is as a SIM card, also known as the User Identity Module (UIM), for mobile handsets.  As Kaplan describes (1996, p. 162): “SIM cards contain non-volatile information embedded by the manufacturer related to security and identity, and a programmable memory (electrically erasable) to provide for optional and dynamically changeable information.” It is the microchip in the SIM card that authorizes the subscriber’s connection to the network. This way the subscriber can place and receive calls. The card is personalized in such a way that the subscriber’s account information is stored on the microchip. Other data includes card ID, PIN, service features, access class and memory configuration. Subscribers can remove the SIM card and put it into any other GSM handset and all the subscriber-customized features will work, provided they are the same standard size (e.g. standard ISO SIM card). Another excellent feature of the SIM is that it allows for global roaming. Global roaming provides the subscriber access worldwide at the operating frequency or technology used in a particular country (e.g. GSM, DCS 1800, PCS 1900, DECT, UMTS or satellite systems). The most important function of the SIM card is that of billing (pre-paid or post paid). A subscriber can take their card with them anywhere and have total control of who uses it- the PIN enabling the SIM is always a safe practice for any subscriber just in case they lose their phone or have it stolen.

 

Mobile Payment Systems

Reports which herald the SIM as a vital piece of tomorrow’s wireless personal digital assistants (PDA) do so for good reason (Ince, 1997, pp. 26-30). Japan’s NTT DoCoMo launched i-Mode at the end of 2000, to trial a packet-switched mode of transmission over the 2G mobile environment. By 2003, about 3000 companies were offering transaction capabilities over i-Mode officially linked to DoCoMo’s mobile commerce billing system. The results speak for themselves; in 2003, more than 50 per cent of mobile subscribers use i-Mode and about 40,000 new subscribers were joining the network each day. The first generation of i-Mode applications allowed the user to do anything that the ‘fixed’ Internet offered, such as book airline tickets, buy and sell shares on the stock market, play games, check the latest weather forecasts, shop and browse for products, play government-approved lotteries, download images and even use a company’s intranet. DoCoMo’s c-Mode, marketed in 2004 was also set to challenge the way in which consumers spent their money. Using their wireless handset, consumers were able to purchase items from vending machines and be billed accordingly on their i-Mode bill. Today, i-Mode in Japan boasts 48 million subscribers and currently more than 95,000 Internet sites are providing a variety of content (NTT-DOCOMO, 2008).

In Singapore consumers can pay for their taxi fare via their mobile phone as well as purchase coke from a vending machine. In the Australian market, Vodafone and 3 were eager to follow the Japanese example, although the readiness of the market was debatable in 2003. In 2002, Telstra began running trials in Bronte, Sydney: “[c]ashless parking meters activated by mobile phones and smart cards…” (R. Smith, 2002, p. 11). But it is not inconceivable that the wireless personal digital assistant (PDA) or e-wallet will become the future mechanism by which all purchases, even government transactions will be made. Coupled with mobility will be the ability to use the same smart card in the home. In the case of such cable television applications like video-on-demand (VoD) or home shopping, smart cards have the ability to not only grant the customer access to subscription channels but also to charge the individual for content viewed and items purchased (Hendry, 1997, p. 153). Lutz adds (1997, p. 141) that “[s]mart cards can add substantial value to th[e] growing industry by providing payment options, access authorizations, personalized services, and security”.

 

Smart versus “Dumb” Cards

PhoneCards

In 1990, Telecom Australia introduced the Phonecard- a prepaid telephone card system. The technology supplied by the Anritsu Corporation had been used in Japan for some years successfully. Cook (1994, p. 1) an executive of Telecom’s payphone services business unit described the technology choice in conference proceedings. “The technology revolves around an encoded magnetic stripe which is credited with a series of dollar values ($5, $10, $20 and $50) that are decremented according to the call type when inserted in the payphone…” Telecom saw many benefits to the widespread roll-out of magnetic-stripe technology. They believed that it would increase profitability of their payphone business, reduce vandalism and theft of public payphones and be more convenient for the consumer. Telecom produced in excess of 10 million cards per year and over 75 per cent of payphones accepted PhoneCard. However, Telecom did reveal that the costs of producing and distributing the cards were expensive when counted with the costs of upgrades to payphones (Cook, 1994, p. 5). The Telecom experience is quite typical of many telephone operators’ experience in the United States. The company was aware of smart card technology being used in France at the time of making the magnetic-stripe decision but opted for the ‘safer’ option. Perhaps this was a strategic decision, for Telecom Australia (now Telstra), to gauge consumer reaction to the PhoneCard before moving towards the more expensive smart card solution. Still, this was either an expensive strategic move or an expensive loss.

 

Smart PhoneCards

In 1997, Telstra launched ‘Smart Phonecards’ in Perth. Within a six-month transition period all magnetic-stripe cards were phased out and new payphone terminals were installed (developed by Spanish manufacturer Amper) (Figure 8). Telstra have made it obvious that the new Telstra Smart Phonecard would also facilitate cashless payment for a variety of goods. The Phonecard experience seems to be a recurring pattern in other countries worldwide. In Pakistan for example, where 100 million people had access to only 2000 payphones in Islamabad and Lahore in 2002, competing operators implemented different auto-ID solutions. In Britain, BT (British Telecom) replaced their optical card payphones with smart card. Even in the United Arab Emirates, old coin and magnetic-stripe payphone terminals were replaced with smart-card capable ones (Fromentin & Traisnel, 1995, p. 82). Yet in the mid 1990s, the U.S. smart card payphone situation was still “very much in its infancy, with only a few payphones equipped with readers capable of handling credit cards or telephone chargecards. There are signs of change, however, with several operators conducting trials with magnetic stripe cards” (Communications, 1995, p. 58).

 

Plain Old Calling Cards

Telecom’s pre-paid PhoneCard should be differentiated from other services that are presently being offered by telephone operators. For instance, using the AT&T Direct Service requires a consumer only to be in possession of a recognized credit card such as American Express, MasterCard, Diners Club or an AT&T corporate card. The service offered by AT&T does not require the use of the magnetic-stripe technology to make a call internationally. The process only requires the use of a touchtone telephone. The cardholder enters the special AT&T Access Number (dependent on where the call is being originated), dials the international telephone number and then enters the AT&T Calling Card number plus the credit card number followed by the four digit expiration date to complete the call. All calls are then billed to the cardholder’s credit card. If the process of dialing all these numbers seems prone to error, that is because it is. Telephone operators have a host of calling card services some of which only require the cardholder of an access card to dial an operator which then places a call on behalf of the caller. Newer more innovative secure network access can be achieved using biometrics (Messmer, 1998, pp. 1-2).

 

Case 2: Smart Cards for Health Care

Almost every patient in a more developed country (MDC) possesses a health care card of some type, whether he or she is covered by either private health insurance or a government medicare scheme or both. While in Europe and Canada smart cards have been prevalent in the health care sector other countries such as the U.S. and Australia have lagged behind. In the U.S. several attempts have been made to introduce a health care card (Hausen & Bruening, 1994, pp. 24-32), especially by the Clinton administration but these failed; the same as in the Australian case. In Clinton’s proposal the smart card would carry an ID number, and the information to be stored on the card was very comprehensive including blood type, allergies, health insurance details, treatment programmes and major illnesses (Stix, 1994).

 

In Europe and Canada

France

In contrast, in France the Sesame Vitale scheme has been in place since 1986. The smart card scheme used to assist the French Social Security boasted of approximately 10 million French citizens and over 100000 doctors and other health professionals in the late 1990s. Ultimately the scheme will cover the entire French population for the primary purpose of proving the identification of the cardholder and conveying prescriptions to pharmacists. The scheme is not directly concerned with individual patient medical records- this is the task of another card called Santal. Other projects that have been piloted in France include the Biocarte system and the Transvie card.

 

Germany

In 1989 the German Health Insurance Card, Versichertenkarte, was distributed to citizens by government, enforceable by law. In the case of Germany where a national health care card was introduced, Kaplan (1996, pp. 158-161) describes the advantages to patients, insurers and health care providers noting however, that there are privacy risks associated with the scheme. Also, Hendry (1997, ch. 13) discusses medical records, prescriptions and patient monitoring and Gogou et al. (2000, pp. 559-561) a smart card network for health services. The Versichertenkarte card was used to provide individuals with access to medical treatment and to assist with billing of services and the reduction of administration costs. Schaefer (1997, p. 1) reported that by October 1994, 63.4 million cards had been distributed to insured persons and about 135,000 readers had been installed at medical institutions. The card was accepted by about 93 per cent of health insured persons and about 45 per cent of all doctors. By the end of 1994 the card was issued to about 79 million persons. The content on the patient card included: title, given name, surname, date of birth, address, name of health fund, insurance company identification number, patient health insurance number, status of the insured and the card expiration date. The magnitude of this project cannot be underestimated.

 

Canada

The Québec health card developed by the Laval University Medical center and the Québec Health Insurance board was piloted in May 1993. About 7,000 cards were issued to potential participants and about 300 doctors, pharmacists and nurses were targeted. The information on the health card was grouped in five separate zones: identification, emergency, vaccination, medications and medical history. In Ontario, in the same year the Encounter smart card was also piloted. Cards were issued to about 2,200 volunteers and 80 health care providers. The card contained three separate sections: biographical, health status data and encounter (patient visiting) data. However what was different about this card was that it contained not only numbers relevant to health but also the unique lifetime identifier (ULI) of the patient represented in the registered persons official database. According to Lindley (1997, p. 97) there were over 30 health card trials between 1985-1990, some were implemented widely while others were not. For an overview of a smart health care service case study see Kaplan (1996, pp. 104-109). McCrindle (1990 ch. 9) provides a generic overview of medical applications with some international examples.

 

Europe-Wide

Since the Schengen Agreement, European-wide smart card health schemes have also been promoted by specific programs like the Advanced Informatics Medicine (AIM). It is envisaged that cross-border national medical sectors in Europe will be integrated in a shared system. One of the functions of the Eurocard will be to reduce health administrative costs. The Diabcard is also making headways in Germany, Austria, Italy and Spain. The Diabcard “...provides the specification for a chip card-based medical information system (CCMIS) for the treatment of patients with chronic diseases” (Engelbrecht et al., 1996; Schaefer, 1997, p. 4). In 2004, the European Health Insurance Card was introduced as a proof of national health insurance valid in all countries of the EU (Hendry, 2007, p. 187). The Card allows a cardholder or their family to receive necessary healthcare in a public system of any European Union country or in Switzerland, if they become ill or injured while on a temporary stay in that country. According to the European Commission (2004), “the health insurance card represents an essential stage in the possible development of new services or functions using information technologies, such as storing medical data on a smart card or secure access to the medical file through the insured’s identifier.” Under the eEurope 2002 charter of Smart Card Initiatives, the card is seen as paving the way forward to responding to the needs of citizens and the business community.

 

Privacy Concerns over the Smart Card

The Medicare card distributed to all Australian citizens entitles the cardholder to receive government-funded medical services and benefits. For example, the card can be used to subsidize patient visits to general practitioners (GPs). The card contains a magnetic-stripe, an embossed number, an expiry date and the name(s) of the cardholder(s). Before a cardholder can see a doctor, he/she must present the card which is carbon-copied and forwarded to the Health Insurance Commission (HIC) for processing. Due to earlier privacy concerns regarding pseudo national ID cards, attempts to introduce a smart card were extinguished. The Minister of Health in 1991 promised the public that a smart card would never replace the existing system (Davies, 1992, pp. 52-55). However, the Warren Center still believed that a smart card would “improve the administration of PBS, and reduce fraud and errors... a smart chip could also be added to the Medicare card, storing the history of the drugs issued and for which benefits had been paid” (Privacy Committee of NSW, 1995, p. 32). The process proposed by the Warren Center was not only seen as efficient to administration but possibly life-saving for the patient. Despite the on-board security of smart cards, a great number of Australians still view the smart card with some distrust, primarily because of its storage capacity.

Private health care funds in Australia are also beginning to roll-out magnetic-stripe cards. MBF (Medical Benefits Fund) distributed cards to their customers in 1998 and NIB in 1999. The MBF card unlike the Medicare Card is not embossed but does display the cardholder’s signature. When patients claim rebates on health services that are not covered by Medicare, they must now present their private health insurance card as a way for the health fund to track expenses. Previously, the system was confusing for patients and health institutions wishing to claim money owed to them- several different medical bills for health services made reconciliation difficult. The MBF cardholder is also entitled to discounts at certain health-related companies like Rebel sports store and entertainment venues (MBF, 1999).  

 

The Potential for Biometrics and RFID

Other auto-ID devices being used in health care include biometrics and RFID (Fulcher, 2003). For a person in a critical condition who requires urgent medical attention, and who is unconscious, biometric identification in the form of hand or fingerprint scanning could end up preventing further damage or death (Takac, 1990, p. 19). Many people have died unnecessarily because of injections they are either allergic to or have received too high a dosage. Even as early as 1999, SJB reported that there were over 70 live installations of biometrics in health care. Menendez (1999) also writes about biometrics for health care. In 1992, Kaufman and Woodward (1992, pp. 165-167) who pioneered a medical record system called Plustag-Magic, also demonstrated the use of alternative technology for health care.

Today, RFID tags and transponders are being adopted, mainly for the precise identification of new-born babies, mentally-ill patients or those suffering from allergies. While there are many tags or bracelets that do not possess any intelligence (like bar code), RFID is a technology that is predicted to change everything from physical access control in hospitals to drug delivery using biochips to treat illnesses like diabetes. During the Severe Acute Respiratory Syndrome (SARS) epidemic, Ling (2003) described the use of the Contact Track & Trace system, and the Hospital Movement Tracking System, based on RFID technology used to monitor visitors, patients and hospital staff. The system worked as follows. Every individual given physical access to the hospital was issued with a RFID sensor card to be worn around the neck. As people walked around the hospital, data was captured via RFID readers and stored in the central computer’s database. Information about an individual’s contact in the hospital was stored for 21 days after each new contact point.

 

Medical Implantable Devices

RFID transponders which store a unique ID can now also be implanted for emergency response applications (Michael, Michael & Ip, 2007). It is estimated there are over two thousand recipients of these tiny identification devices, most of which are sourced back to the Food and Drug Administration approved products of the VeriChip Corporation, based in the United States. The premier implantable VeriChip is used for the VeriMed application, namely patient identification. There are over 900 registered medical facilities that are now equipped with VeriChip readers. The VeriMed system claims to overcome the problems often associated with ‘at-risk’ individuals. For example, to aid patients in times of crisis- if they have collapsed, suffered memory loss, are unable to communicate, or have a complex medical history they cannot recollect. Corporate marketing identifies the following benefits of the VeriMed system: rapid identification in the emergency response (ER) room, instant medical record access, and improved emergency response (VeriMed, 2007). The chip simply stores a unique identification number, and associated medical records are stored in a secure global Verichip subscriber (GVS) registry database. The chip is inserted through a basic medical procedure, in the subdermal layer of the skin in the left or right upper arm, much as in the case of a dog or cat implant. VeriChip’s other non-implantable applications are related to infant protection, wander prevention, and emergency management among others. An alternate approach to the medical implantable device is the wireless monitoring technology called Digital Plaster (Toumaz, 2008; BBC News, 2005).

 

Smart Cards Today

The smart card as an auto-ID technique came up against a number of barriers which hampered its success early on (Kaplan, 1996, pp. 22-24; Hill, 1996, p. 1). Mitchell (1995) believed that one of the primary reasons that smart cards had not reached their anticipated potential in the U.S. was because merchants did not accept the card to begin with. The merchant indifference towards smart card meant that consumers could not offer the payment method to purchase goods and services because the likelihood of their being an available device to read the card was very low. A Gartner study in 1998 also reported that smart cards were a push technology and until new developments established their business value, that the technology would continue not to meet wild expectations (Essick, 1998, p. 1). For instance, Dataquest’s (1999) worldwide chip market forecast for 1997-2002 was off the mark. Schiffer (2000) provides an insight into why the smart card encountered such obstacles, giving the analogy of the electric automobile, and the way that social behavior stifled its development process. Part of the blame should also be shared with the system developers who overlooked the fact that customers have a mind of their own and they cannot be manipulated to act in a certain way (Rankl, 2007, p. xi).

The period post the dot.com crash saw smart card giants endure some turmoil as expectant smart card demand projections were not reached. Smart card companies like Schlumberger and Gemplus shed a sizeable chunk of their workforce at this time. It must be stressed that this is not to set a pessimistic undertone about the future of the smart card, only to underscore that other types of cards such as bar code and magnetic-stripe, have maintained their place in the auto-ID industry. Today, smart cards have proliferated in a variety of countries and for stable mass market applications like national ID cards. Countries like China and Hong Kong have rolled out citizen identification cards that are truly multiapplication in nature. The Octopus Card in Hong Kong for instance, is not only a national ID card, but it is used for passenger transport and as an e-payment mechanism (Chau & Poon, 2003; Poon & Chau, 2001). While it is indisputable that the Octopus Card has suffered function creep, its citizens do not seem to feel that their privacy is encroached but much rather that the card is highly convenient in their busy lives. Hendry (2007, p. 219) has written that the scope of multi-application smart card projects has a strong tendency toward ‘function creep’ as has been discussed already in this chapter.

Rankl (2007) believes that today, the smart card has reached a turning point in its lifecycle, a type of paradigm shift. He believes that the driver for smart card has little to do with technology being pushed onto consumers, and that today, it has more to do with the needs of users preoccupying developers. He writes: “[t]his is quite a normal cycle in the course of technology development, as has been seen repeatedly in this form and in similar forms” (Rankl, 2007, p. xi). The authors agree with Rankl, that it was quite a ‘normal’ path for smart card to go through on the product lifecycle curve but it came with associated tangible and intangible costs to the industry at large as well.

 

CONCLUSION

Multiapplication smart cards have the potential to herald in a pure cashless society. Attempts in the 1990s by private enterprises like Mondex, toward the acceptance of a smart card wallet were only mildly successful. Some critics would go as far as stating that these ventures were a dismal failure. ePayment solutions beyond anything such as petty cash transactions, seem to be a stumbling block for smart card city-based schemes. The promise of smart card seems more practicable in a government-mandated solution whereby an ID card has multiple applications and multiple functionalities onboard. While these sorts of schemes seem to be popular in Asia and some parts of Europe, the United States, Canada, Australia and lesser developed countries have chosen other routes for personal ID, such as tax file numbers and the like. Time will tell if even these countries will adopt smart ID solutions, especially given the seemingly increased sense of nations requiring better border security. Contact smart cards have been widely adopted in health care for patient tracking and also by the steady telecommunications industry, particularly for mobile telephony. Contactless smart cards on the other hand, remain popular as access control solutions and in electronic road pricing as vehicle solutions. It is true to say that for the time being, the full force of smart cards have yet to be unleashed, although as in the case of bar code and magnetic stripe card, the infrastructure that is growing around the technology, takes time to build. We may well be entering a new decade where the capacity for smart card as an epayment solution will explode, coupled with broadband Internet, cable television, high definition television (HDTV), and the like.

 

REFERENCES

Allen, C. A., & Barr, W. J. (Eds.). (1997). Smart Cards: Seizing Strategic Business Opportunities. New York: McGraw-Hill.

Allen, C. A., & Kutler, J. (1997). Overview of smart cards and the industry’, in Smart Cards: seizing strategic business opportunities. In C. A. Allen & W. J. Barr (Eds.), (pp. 2-20). New York: McGraw-Hill.

Amdur, D. (1997). France moves toward chip card future- Internet seen as opportunity in the United States.

APSCA. (2008). Members. Asia Pacific Smart Card Association   Retrieved 1 December 2008, from http://www.apsca.org/members/member.php

APSCF. (2000). Australian Smart Card Capabilities. Paper presented at the Asia Pacific Smart Card Forum, The Warren Centre for Advanced Engineering, the University of Sydney.

Argy, P., & Bollen, R. (1999). Australia: raising the e-commerce comfort level. IT Pro(November-December), 56-58.

Australian. (2002, 7 May). Pay your taxi fare by mobile phone. The Australian, p. 2.

Australian Privacy Foundation. (2007). The Federal government calls it a ‘Human Services Access Card’.   Retrieved 3 December 2008, from http://www.privacy.org.au/Campaigns/ID_cards/HSAC-FAQ3.html

Barr, W. J. (1997). Shifting boundaries. In C. A. Allen & W. J. Barr (Eds.), Smart Cards: Seizing Strategic Business Opportunities (pp. 57-78). New York,: McGraw-Hill.

BBC News. (2005). 'Digital plaster' monitors health. BBC News   Retrieved 5 December 2008, from http://news.bbc.co.uk/1/hi/health/4617633.stm

Black, E. (2001). IBM and the Holocaust. UK: Little, Brown and Company.

Blythe, P. (2000). Transforming Access to and Payment for Transport Services through the Use of Smart Cards. Journal of Intelligent Transportation Systems, 6(1), 45 - 68.

Brainerd, L., & Tarbox, J. D. (1997). Healthcare and smart card technology. In C. A. Allen & W. J. Barr (Eds.), Smart Cards: Seizing Strategic Business Opportunities (pp. 151-168). New York: McGraw-Hill.

Branscomb, A. W. (1994). Who Owns Information? New York: Basic Books.

Bright, R. (1988). Smart Cards: principles, practice, applications. New York: John Wiley & Sons.

Brin, D. (1998). The Transparent Society: will technology force us to choose between privacy and freedom? Massachusetts: Perseus Books.

Browne, F. X., & Cronin, D. (1996). Payment technologies, financial innovation, and laissez-faire banking. Cato Journal, 15(1), 101-116.

Cagliostro, C. (1999). Rosy outlook predicted for US smart card market. Card Forum International(November/December), 45-47.

Card World (Ed.). (1990). ITALY- Slowed by cultural resistance. Surrey.

Cardshow. (1996). The birth of smart cards: 1974-1989. The Smart Card Cybershow- Smart Card Museum, from http://www.cardshow.com/museum/ex70.html

Carr, M. R. (2002, 20-24 October). Smart card technology with case studies. Paper presented at the 36th Annual 2002 International Carnahan Conference on Security Technology.

Cavazos, E. A., & Morin, G. (1995). Cyberspace and the Law: Your rights and duties in the on-line world. Massachusetts: The MIT Press, Massachusetts.

Chadwick, D. (1999). Smart cards aren’t always the smart choice. IEEE Computer(December), 142-143.

Chau, P. Y. K., & Poon, S. (2003). Octopus: An E-Cash Payment System Success Story. Communications of the ACM, 46(9), 129-133.

CITI. (2002). Center for Information Technology Integration.   Retrieved 6 December 2002, from http://www.citi.umich.edu/

Clark, S. R. (2008). Privacy and National Identity Cards: A legal and technical study. In K. Michael & M. G. Michael (Eds.), Australia and the New Technologies: Evidence Based Policy in Public Administration. Wollongong: University of Wollongong.

Clarke, R. (1996). Privacy Issues in Smart Card Application in the Retail Financial Sector XamaX Consultancy   Retrieved 3 December 2008, from http://www.anu.edu.au/people/Roger.Clarke/DV/ACFF.html

Clarke, R. (1997). Roger Clarke’s main publications on data surveillance and information privacy. Xamax Consultancy   Retrieved 15 September 1997, from http://www.anu.edu.au/people/Roger.Clarke/DV/RogersDVBibl.html

Communications. (1995). The word on the street... Communications International, 22(4), 56-58.

Cook, J. (1994, 15-16 October). Lessons from the Phonecard: "Watch this space" advertising. Paper presented at the AIC Conference.

Cook, S. (1997). Foreword. In C. A. Allen & W. J. Barr (Eds.), Smart Cards: Seizing Strategic Business Opportunities (pp. xi-xiv). New York: McGraw-Hill.

Cooper, J., Gencturk, N., & Lindley, R. A. (1996). A sociotechnical approach to smart card systems design: an Australian case study. Behaviour & Information Technology, 15(1), 3 - 13.

Cortese, A. (1997). The ultimate plastic. Business Week, 119-122.

Crotch-Harvey, T. (1996). Smart cards in telecoms. Smart Card News, from http://www.smartcard.co.uk/telecoms.htm

Crowley, M. J. (1996). Stored value: an analysis of its institutional and economic implications. Melbourne: Monash University.

Cuddy, D. L. (1999). Secret Records Revealed: the men, the money & the methods behind the new world order. Oklahoma City: Hearthstone Publishing.

Datamonitor. (1996). Global Smart Cards. London: Datamonitor.

Dataquest. (1999). Smart card research. from http://www.smartcardcentral.com/research/

Davies, S. (1992). Big Brother: Australia’s growing web of surveillance. Australia: Simon and Schuster.

Davies, S. (1996). Monitor: extinguishing privacy on the information superhighway. Sydney: PAN Macmillan.

Davis, R. H., & Mitchell, H. (1996). Smart cards: a design for the future. Journal of Information Technology, 11(1), 79 - 97.

Devargas, M. (1992). Smart Cards and Memory Cards. New York: Blackwell Publishing.

Dreifus, H. N., & Monk, J. T. (1997). Smart Cards: a guide to building and managing smart card applications. New York: John Wiley and Sons.

Drudge, M. (1998). ID number to track medical history. from http://www.warroom.com/natid.html

EMVCo. (2003). Europay, MasterCard and Visa Co. from http://www.emvco.com/

Engelbrecht, R., Hildebrand, C., Bruguas, E., De Leiva, A., & Corcoy, R. (1996). DIABCARD an application of a portable medical record for persons with diabetes. Informatics for Health and Social Care, 21(4), 273 - 282.

European Commission. (2004). European health card for 1 June 2004. Employment, Social Affairs and Equal Opportunities   Retrieved 3 December 2008, from http://ec.europa.eu/employment_social/news/2003/feb/hicard_en.html

Eurosmart. Eurosmart: the voice of the smart card industry. from http://www.eurosmart.com/

Evans, D. (1987, 12 August). Everything you wanted to know about the Australia Card… but were afraid to ask. The Daily Mirror.

Ferrari, J., Mackinnon, R., Poh, S., & Yatawara, L. (1998). Smart Cards: a case study: Research Triangle Park.

Freedonia Group. (2003). World Smart Cards to 2006 - Demand and Sales Forecasts, Market Share, Market Size, Market Leaders.   Retrieved 3 December 2008, from http://www.freedoniagroup.com/World-Smart-Cards.html

Fromentin, J.-R., & Traisnel, J. (1995). Smart payphone services. Telecommunications, 29(7), 82-83.

Frost and Sullivan. (2004). World Contactless Smart Card Market and Market Share Study.   Retrieved 3 December 2008, from http://www.researchandmarkets.com/reports/365434

Fruin, W. M. (1998). Smart cards and product-development strategies in the electronics industry in Japan. IEEE Transactions on Engineering Management, 45(3), 241-249.

Fulcher, J. (2003). The use of smart devices in eHealth. Paper presented at the Proceedings of the 1st international symposium on Information and communication technologies Dublin.

Fünfrocken, S. (1999). Protecting mobile web-commerce agents with smartcards. First International Symposium on Agent Systems and Applications, 90-102.

Furletti, M. (2004a). Payment System Regulation and How It Causes Consumer Confusion.   Retrieved 1 December 2008, from http://www.philadelphiafed.org/payment-cards-center/publications/discussion-papers/2004/PaymentSystemRegulation_112004.pdf

Furletti, M. (2004b). Prepaid Card Markets & Regulation.   Retrieved 1 December 2008, from http://papers.ssrn.com/sol3/papers.cfm?abstract_id=927077

GISUM. (2002). GISUM research group.   Retrieved 6 December 2002, from http://www.lcc.uma.es/~gisum

Gogou, V. (2000, July 23-28). A smart card network in health care services. Paper presented at the Proceedings of the 22nd Annual EMBS International Conference, Chicago, Illinois.

Greenleaf, G. (2007). Australia's Proposed ID Card: Still Quacking Like a Duck Computer Law & Security Report, 23.

Grupe, F. H., Kuechler, W., & Sweeney, S. (2003). Dealing with Data Privacy Protection: An Issue for the 21st Century. Information Security Journal: A Global Perspective, 11(6), 45 - 56.

Hadeed, A. (2000). Using Smart Cards to Gain Market Share. New York: Gower Publishing Company.

Haghiri, Y., & Tarantino, T. (2002). Smart Card Manufacturing: A Practical Guide. London: Wiley.

Hansmann, U., Nicklous, M. S., Schäck, T., & Schneider, A. (2002). Smart Card Application Development Using Java. Germany: Springer.

Hausen, T., & Bruening, P. (1994). Hidden costs and benefits of government card technologies, IEEE Technology and Society Magazine (Vol. 13, pp. 24-32).

Hayes, S. (2002). SIMple device for coke online. The Australian, p. 8.

Hegenbarth, M. (1990, 15-16 October). The latest status in standardisation of smart card technology. Paper presented at the in proceedings of the AIC Conference, Smart Card technology: applications for the 1990’s, Sydney.

Hendry, M. (1997). Smart Card Security and Applications (Artech House Telecommunications Library). Boston: Artech House.

Hill, M. J. (1996). Contact and contactless cards. from http://mot2.mot-sps.com/csic/smartcrd/library/cc_simple.html

IMS. (2008). The Worldwide Market for Smart Cards and Semiconductors in Smart Cards. IMS Research Group   Retrieved 3 December 2008, from http://www.electronics.ca/reports/ic/smart_cards.html

Ince, J. (1997). Simplicity & standards. Cellular Business, 14(2), 26-30.

Information Policy Research Program. (2002). Ontario smart card project. from http://www.fis.utoronto.ca/research/iprp/sc/

ISO. (1999). 35.240.15 Identification cards and related devices. International Standards Organisation, 1-3.

ISO. (2008). ISO/IEC 7816-15:2004. International Organization for Standardization   Retrieved 5 December 2008, from http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=35168

Jackson, M., & Ligertwood, J. (2006). Identity management: is an identity card the solution for Australia? In K. Michael & M. G. Michael (Eds.), The Social Implications of Information Security Measures on Citizens and Business (pp. 45-55). Wollongong: Wollongong University.

Jacquinot Consulting. (2008). The ISO 7816 Smart Card Standard: Overview CardWerk: Smart Card Solutions   Retrieved 5 December 2008, from http://www.cardwerk.com/smartcards/smartcard_standard_ISO7816.aspx

Johnston, M. (1997, 19 May). The ultimate plastic. Business Week, 62-33.

Jones, D. (2000). Europay and Visa issue new e-purse standards. Ctt, 11(6), 5-6.

Jordan, R. (2008). Identity Cards and the Access Card. Australian Government: Parliamentary Library   Retrieved 5 December 2006, from http://www.aph.gov.au/library/intguide/LAW/IdentityCards.htm

Jouet, J. (Ed.). (1991). European Telematics: the emerging economy of words. Holland: North-Elsevier Science.

Kaplan, J. M. (1996). Smart Cards: the global information passport- managing a successful smart card program. London: International Thomson Computer Press.

Kaufman, A., & Woodward, L. H. (1992). PlusTag-Magic medical record system. Computing Applications to Assist Persons with Disabilities, 165-167.

Keenan, W. (1997). Components of the business proposition: the consumer demand proposition:the consumer demand proposition. In C. A. Allen & W. J. Barr (Eds.), Smart Cards: Seizing Strategic Business Opportunities (pp. 21-43). New York: McGraw-Hill.

Lever, R. (1997). Smart cards: the next generation of money. Europe, 365, 16-18.

Lindley, R. A. (1997). Smart Card Innovation. Australia: Saim.

Ling, T. C. (2003). Contact track and trace. Electronics Review, 16(2).

Lokan, C. J. (1991). The design and applications of smart cards. he Australian Computer Journal, 23(4), 159-164.

Lopez, J. (2002). The role of smart cards in practical information security. ERCIM News, from http://www.ercim.org/publication/Ercim_News/enw49/merino.html

Lutz, K. (1997). Telecommunications and information services. In C. A. Allen & W. J. Barr (Eds.), Smart Cards: seizing strategic business opportunities (pp. 128-150). New York: McGraw-Hill.

M'Chirgui, Z. (2005). The economics of the smart card industry: Towards coopetitive strategies. Economics of Innovation and New Technology, 14(6), 455-477.

Macaire, A. (2000). An open secure terminal infrastructure for hosting personal services. Paper presented at the IEEE International Conference on Technology of Object-Oriented Languages.

Marron, K. (2000, 9 June). Incubators nurture e-com ventures. The Globe and Mail, p. E5.

Martin, C. D. (1993). The myth of the awesome thinking machine. Communications of the ACM, 36(4), 120-133.

Mayes, K., & Markantonakis, K. (Eds.). (2008). Smart Cards, Tokens, Security and Applications. Germany: Springer.

MBF. (1999). ‘Member privileges’, Living Well (MBF), pp. 22-23.

McCrindle, J. (1990). Smart Cards. London: Springer-Verlag.

McIntosh, T. (1997, 29 April). Curly questions for smart cards. The Australian, p. 45.

McKenna, J., & Ayer, K. (1997). Worldwide developments and player motivations. In C. A. Allen & W. J. Barr (Eds.), Smart Cards: Seizing Strategic Business Opportunities (pp. 44-56). New York: McGraw-Hill.

Media. (1999, 19 November). University of Michigan develops the world’s smallest web server in partnership with Schlumberger. ScreamingMedia, from http://industry.java.sun.com/javanews/stories/print/0,1797,20667,00.html

Messmer, E. (1998). Using ‘body language’ to secure networks. NetworkWorldFusion, 1-2.

Michael, K., Michael, M., & Ip, R. (2007). Microchip Implants for Humans as Unique Identifiers: a Case Study on VeriChip. Paper presented at the 3TU: Ethics, Identity and Technology, The Hague, The Netherlands.

Michael, K., & Michael, M. G. (2006). Historical Lessons on ID Technology and the Consequences of an Unchecked Trajectory. Prometheus, 24(4), 365 - 377.

Michael, M. G., & Michael, K. (2006). National Security: The Social Implications of the Politics of Transparency. Prometheus, 24(4), 359-364.

Mitchell, R. (1995). Sorry we don’t take smart cards. Credit Card Management, 8(5), 16, 18.

Monnin, G. (1992). Smart cards exclusive advantages in pay-TV. Paper presented at the IBC 1992.

Moorhead, S. (1994). Personalisation of GSM telephones, AIC Conferences.

Mustafa, M. A. S., Giannopoulos, G. A., & Pitsiava-Latinopoulou, M. (1995). The Electronic Road Tolling and Enforcement Experiment of Thessaloniki. Journal of Intelligent Transportation Systems, 2(4), 327 - 340.

Noe, J. (1995). The dawn of smart card regulation. America’s Community Banker, 4(11), 44-45.

NTT-DOCOMO. (2008). i-mode.   Retrieved 3 December 2008, from http://www.nttdocomo.com/services/imode/index.html

O'Connor, S. M. (1998). The De Minimis Exemption of Stored Value Cards From Regulation E: An Invitation to Fraud? The Richmond Journal of Law and Technology, 5(2).

Octupus. (2008). Welcome to Octupus.   Retrieved 3 December 2008, from http://www.octopuscards.com/consumer/en/index.jsp

Owens, R. C., & Onyshko, T. S. (1996). Legal regulations and privacy concerns relating to credit cards, debit cards and stored-value cards.   Retrieved 21 January 1999, from http://www.smythlyons.ca/it/credit/index.htm

Partners, V. (2002). VerifiCard Project. from http://www.cs.kun.nl/VerifiCard/files/partners.html

Petri, S. (1999). An Introduction to Smart Cards. Messaging Magazine   Retrieved 5 December 2008, from http://www.opengroup.org/comm/the_message/magazine/mmv5n5/SmartCards.htm

Poon, S., & Chau, P. Y. K. (2001). Octopus: The Growing E-payment System in Hong Kong. Electronic Markets, 11(2), 97 - 106.

Privacy Commissioner. (1995). Smart Cards: implications for privacy: Commonwealth of Australia, Canberra.

Privacy Committee of NSW. (1995). Smart Cards: Big Brother’s Little Helpers. 66(August).

Purdue. (2008). Magnetic Stripe. Material Handling and Industrial Distribution Lab: School of Industrial Engineering at Purdue University   Retrieved 5 December 2008, from http://cobweb.ecn.purdue.edu/~tanchoco/MHE/ADC-is/Magnetic/main.shtml

Puri, V. (1997). Smart cards – the smart way for the banks to go? International Journal of Bank Marketing, 15(4), 134–139.

Raad, M. W., Sheltami, T., & Sallout, M. (2007, 26-27 July). A Smart Card Based Prepaid Electricity System. Paper presented at the 2nd International Conference on Pervasive Computing and Applications.

Radigan, J. (1995). Consumers are lukewarm on smart cards. US Banker,  105(9), 24.

Rankl, W. (2007). Smart Card Applications: Design Models for using and Programming Smart Cards. West Sussex: John Wiley and Sons.

Rankl, W., & Effing, W. (1997). Smart Card Handbook. New York: John Wiley and Sons.

Rijn, F. V. (1988, 24-27 June 1987). Concerning home telematics. Paper presented at the proceedings of the IFIP TC 9 conference on social implications of home interactive telematics, Amsterdam.

RUN. (12 March 2008). Dismantling contactless smartcards. Radboud University Nijmegen   Retrieved 25 November 2008, from http://www2.ru.nl/media/pressrelease.pdf

Scarlett, D., & Manley, T. Smart cards brighten Atlanta this summer. Northern Telecom, Enterprise: Millennium- SmartCard, from http://www.nortel.com/home/about/articles/smartcard/

SCF. (2002). Smart Card Forum. from http://www.smcardforum.org

Schaefer, O. P. (1994). Introduction of chip technology to healthcare in Germany. Smart Card News, from http://www.smartcard.co.uk/health.htm

Schiffer, M. B. (2000). Looking back: why the electric automobile lost market share: How social behaviour can affect product technology. IEEE Potentials, 40-43.

SCIA. SCIA...Your link to a smart future.   Retrieved 20 January 1999, from http://cardtech.faulknergray.com/scia.htm

Scullion, A. (2003). Smart cards track commuters. BBC News | Technology   Retrieved 3 December 2008, from http://news.bbc.co.uk/2/hi/technology/3121652.stm

SET. (2000). Secure Electronic Transaction. from http://www.setco.org/

Shogase, H. (1988). The very smart card: a plastic pocket bank. IEEE Spectrum, 25(10), 35-39.

SJB. (1999). Biometrics are hot in health care. smartcard&biometrics Research News(July), 2.

Slawsky, J. H., & Zafar, S. (2005). Developing And Managing a Successful Payment Cards Business. London: Ashgate Publishing.

Smart Card Alliance. (2006). Contactless Payments: Consumer Attitudes and Acceptance in the United States. Smart Card Talk   Retrieved 5 December 2008, from http://www.smartcardalliance.org/newsletter/december_2006/feature_1206.html

Smart Cards. (2002). SchlumbergerSema smart cards, terminals, consulting and system integration.   Retrieved 6 December 2002, from http://www.smartcards.net/

SMDC. Centre information. from http://www.smartcard.com.hk/layout.htm

Smith, C. P. (1990). Smart Cards- the user’s view. In P. L. Hawkes (Ed.), Integrated Circuit Cards, Tags and Tokens: New Technology and Applications (pp. 165-176). Oxford: BSP Professional Books.

Smith, R. (2002, 28 July). Motorists dial up to pay parking fees. The Sunday Telegraph, p. 11.

Sola, R. (1990, 15-16 October 1990). Case study: City card implementation in Vitrolles, France- from concept to reality. Paper presented at the AIC Conferences.

Stix, G. (1994). Dr. Big Brother. Scientific American, February, 79.

Sun-Herald. (2002, 29 December). Multimedia phones put friends in frame. The Sun-Herald, p. 27.

Svigals, J. (1987). Smart Cards: the new bank cards. New York: Macmillan Publishing Company.

Takac, P. F. (1990, 15-16 October). An analysis of the issue of smartcard applications within the health services sector. Paper presented at the AIC Conference.

Tam, K. Y., & Ho, S. Y. (2007). A Smart Card Based Internet Micropayment Infrastructure: Technical Development and User Adoption. Journal of Organizational Computing and Electronic Commerce, 17(2), 145 - 173.

Tarbox, A. (1997). Security, privacy, and smart cards. In C. A. Allen & W. J. Barr (Eds.), Smart Cards: seizing strategic business opportunities (pp. 248-264). New York: McGraw-Hill.

Teal, R. F. (1994). Using Smart Technologies to Revitalize Demand Responsive Transit. Journal of Intelligent Transportation Systems, 1(3), 275 - 293.

Toumaz. (2008). Connected Freedom. Toumaz Technology   Retrieved 5 December 2008, from http://www.toumaz.com/public/page.php?page=sensium_intro

Trapanier, M., Tranchant, N., & Chapleau, R. (2007). Individual Trip Destination Estimation in a Transit Smart Card Automated Fare Collection System. Journal of Intelligent Transportation Systems, 11(1), 1 - 14.

Travin, V. (2008). The history of smart-cards and their place in modern Russia St.Petersburg State University: Faculty of Economics   Retrieved 5 December 2008, from http://works.tarefer.ru/29/100312/index.html

Tual, J.-P. (1999). MASCC: a generic architecture for multiapplication smart cards. IEEE Micro(September-October).

Turban, E., & Brahm, J. (2000). Smart Card-Based Electronic Card Payment Systems in the Transportation Industry. Journal of Organizational Computing and Electronic Commerce, 10(4), 281 - 293.

Ugon, M. (1989). Smart card- present and future. In D. Chaum (Ed.), Smart Card 2000: the future of IC cards. New York: North-Holland.

University of Michigan. (1999). Joint investigation of enhancements to smart card technology. from http://www.umich.edu/~newsinfo/Releases/1999/Feb99/r020999c.html

VeriMed. (2007). Solutions: VeriMed. VeriChip Corporation Retrieved 7 December 2007, from http://www.verichipcorp.com/content/solutions/verimed

Vincent, N. (1995, 26 August). Big brother is selling you. The Daily Telegraph.

VISA. (2008). VISA Mini: A breakthrough in Card Design. VISA-ASIA   Retrieved 24 November 2008, from http://www.visa-asia.com/ap/au/cardholders/cardsservices/visa_mini.shtml

Website, S. C. I. A. SCIA home.   Retrieved 27 November 2001, from http://www.scia.org

Wilson, C. (2001). Get Smart: The Emergence of Smart Cards in the United States and their Pivotal Role in Internet Commerce. New York: Artech House.

Zoreda, J. L., & Oton, J. M. (1994). Smart Cards. Boston: Artech House.

Innovative Auto-ID and LBS - Chapter Six Magnetic-Stripe Cards: The Consolidating Force

Chapter VI: Magnetic-Stripe Cards: The Consolidating Force

 

The Magnetic-stripe Card System

Almost simultaneously that the retail industry underwent revolutionary changes with the introduction of bar code, the financial industry adopted magnetic-stripe card technology. What is of interest is that both bar code and magnetic-stripe card enjoyed limited exposure when they were first introduced in the late 1960s. It took at least a decade for the technologies to become widespread. Each overcame a variety of obstacles. Coupled together the two techniques were major innovations that affected the way that consumers carried out their day-to-day tasks. The technologies were complementary; on the one hand were the actual commodities consumers purchased and on the other was the means with which they purchased them. Yet, the bar code differed from magnetic-stripe card in that it was more a service offered by retailers to consumers, with the primary focus being to make business back-end operations more efficient. The magnetic-stripe card however, had a more direct and personal impact on the cardholder, as it was the individual’s responsibility to maintain it. The consumer had to carry it, use it appropriately, and was liable for it in every way. Certainly bar codes on cards were being used early on but they were far less secure than magnetic stripe cards and therefore not adopted by financial institutions. Before too long, magnetic-stripe cards became synonymous with the withdrawal of cash and the use of credit which acted to heighten the importance of the auto-ID technology. Even today, magnetic-stripe cards for financial transaction cards dominate the market.

 

Historical Overview

Plain card (i.e. blank paper card) issuing became popular in the 1920s when some United States retailers and petrol companies began to offer credit services to their customers. McCrindle (1990, p. 15) outlines the major developments that led to the first magnetic-stripe being added to embossed cards in 1969. “By the 1920s the idea of a credit card was gaining popularity... These were made of cardboard and engraved to provide some security... The 1930s saw the introduction of some embossed metal and plastic cards... Embossed cards could be used to imprint information on to a sales voucher... Diners Club introduced its charge card in 1950 while the first American Express cards date from the end of the 1950s.” Magnetic-stripe cards made their debut more than a decade after computer technology was introduced into the banking system in the 1950s (Mee & Daniel, 1996). Until that time computers were chiefly used for automating formerly manual calculations and financial processes rather than offering value-added benefits to bank customers (Essinger, 1999, p. 66). One of the first mass mail-outs of cards to the public was by credit card pioneer, Chuck Russell, who launched the Pittsburgh National Charge Plan. Out of the one hundred thousand cards that were sent to households about fifty per cent of them were returned, primarily because consumers did not know what to do with them or how to use them. Cash remained the preferred method of payment for some time. Armed with this experience, Russell went on to become the chairman of Visa International in the 1980s.

Historically, embossed cards had made an impact on the market, particularly on the financial services industry. Financial transaction cards (FTC) were widespread by the late 1970s and large firms that had invested heavily in embossed-character imprinting devices needed time to make technological adjustments (Bright, 1988, p. 13). Jerome Svigals (1987, p. 28f) explained the integration of the embossed card and the new magnetic-stripe as something that just had to happen: “It would take a number of years before an adequate population of magnetic-stripe readers became available and were put into use. Hence, providing both the embossing and stripe features were a transition technique. It allowed issued cards to be used in embossing devices while the magnetic-stripe devices built up their numbers.”

Today magnetic-stripe cards are still the most widely used card technology in the world, and they still have embossed characters on them for the cardholder’s name, card expiry date, and account or credit number. This is just one of many examples showing how historical events have influenced future innovations. As Svigals (1987, p. 29) noted more than twenty years ago, it is not clear when or even if, embossing will eventually be phased out. Hence, his prediction that the smart card would start its life as “...a carrier of both embossed and striped media.” These recombinations are in themselves new innovations even though they are considered interim solutions at the time of their introduction; they are a by-product of a given transition period that continues for a time longer than expected. Perhaps here also can be found the reason why so many magnetic-stripe cards still carry bar codes also. The bar code on the same card can be advantageous to the card issuer. For instance, in an application for a school it can serve a multifunctional purpose: the bar code can be used for a low risk application such as in the borrowing of books, the magnetic-stripe card in holding student numbers, and the embossing can also be used for back up if on-line systems fail.

Essinger (1999, p. 80) describes this phenomenon by describing technology as being in a constant state of change. No sooner has a major new innovation been introduced than yet another incremental change causes a more powerful, functional, and flexible innovation to be born. Essinger uses the example of the magnetic-stripe card and subsequent smart card developments, cautioning however, that one should not commit the “cardinal sin of being carried away by the excitement of new technology and not stopping to pause to ask whether there is a market for it.” He writes (1999, p. 80) “what matters is not the inherent sophistication of technology but the usefulness it offers to customers and, in extension, the commercial advantage it provides”.

 

Magnetic-Stripe Card System

Encoding the Magnetic-strip

The magnetic stripe technology had its beginnings during World War II (Svigals, 1987, p. 170). Magnetic-stripe cards are composed of a core material such as paper, polyester or PVC. Typically, plastic card printers use either thermal transfer or dye sublimation technology. The advantage of dye sublimation over thermal transfer is the millions of colors that can be created by heat intensity. If color is required by the operator on both sides then one side of the card is colored first before the other but this is expensive. The process as outlined on a manufacturer’s web page is quite basic (Eltron, 1998): “...you simply insert the ribbon and fill the card feeder. From there, the cards are pulled from the card feeder to the print head with rollers. When using a 5 panel color ribbon the card will pass under the print head and back up for another pass 5 times. When all the printing is complete, the card is then ejected and falls into the card hopper.”

Finally, the magnetic-strip (similar to that of conventional audio tapes) is applied to the card and a small film of laminated patches is overlaid. The magnetic-strip itself is typically gamma ferric oxide “...made of tiny needle-shaped particles dispersed in a binder on a flexible substrate” (Zoreda & Oton, 1994, p. 16). The strip is divided laterally into three tracks, each track designed for differing functions (Table 1). Track 1 developed by IATA, is used for transactions where a database requires to be accessed such as an airline reservation. Track 2, developed by the ABA contains account or identification number(s). This track is commonly used for access control applications and is written to before the card is dispatched to the cardholder so that every time it is presented it is first interrogated by the card reading device. As Bright (1988, p. 14) explains: “...[t]he contents, including the cardholder’s account number, are transferred directly to the card issuer’s computer centre for identification and verification purposes. This on-line process enables the centre to confirm or deny the terminal’s response to the presenter...” Finally, Track 3 is used for applications that require data to be updated with each transaction. It was introduced some time after Tracks 1 and 2. It contains an encoded version of the personal identity number (PIN) that is private to each individual card. The cardholder must key in the PIN at a terminal that is then compared with the PIN verification value (PVV) to verify a correct match.

Each magnetic-stripe card is magnetically encoded with a unique identification number. This unique number is represented in binary on the strip. This is known as biphase encodation. When the strip is queried, the 1s and 0s are sent to the controller in their native format and converted for visual display only into decimal digits. When magnetic-stripe cards are manufactured they do not have any specific polarity. Data is encoded by creating a sequence of polarized vertical positions along the stripe. An important concept in understanding how tracks are triggered to change polarity is coercivity (measured in Oersted, Oe). This can be defined as the amount of magnetic energy or solenoid required which can be broadly defined as low (about 300 Oe) and high (3000-4000 Oe). Most ATM cards are said to have low coercivity (loco) while access control cards have high coercivity (hico) to protect against accidental erasure. Here is one reason why embossed account numbers still appear on ATM or credit cards; if the card has been damaged, information can be manually retrieved and identified (from the front of the card) while the replacement card is dispatched.

Mercury Security Corporation (1998) explain this process in more detail: “[t]he magnetic media is divided into small areas with alternating polarization; the first area has North/South polarization, and the next has South/North, etc. In order to record each “0” and “1” bit in this format, a pattern of “flux” (or polarity) changes is created on the stripe. In a 75bpi (bits per inch) format, each bit takes up 1/75th (0.0133) of an inch. For each 0.0133” unit of measure, if there is one flux change, then a zero bit is recorded. If two flux changes occur in the 0.0133” area, then a one bit is recorded.” When choosing a magnetic-stripe card for an application the following issues should be taken into consideration. First, should the magnetic-stripe be loco or hico. Hico stripes can typically withstand 10 times the magnetic field strength of loco stripes. Most stripes today are hico so that they are not damaged by heat or exposure to sunlight and by other magnets. Second, which track should the application use to encode data, track one, two or three. One should be guided by ANSI/ISO standards here that recommend particular applications to particular tracks. Other considerations include whether the card requires lamination, to be embossed or watermarked and whether the card will follow ISO card dimensions. The cost of the card chosen should also be considered as it can vary significantly.

 

Automated Teller Machines (ATMs)

An automated teller machine is an unattended computer which is located in a public space, accessible twenty-four hours a day, and seven days a week by bank customers (Figure 1). The electronic machine is connected to a data network and other peripheral devices and activated by a consumer to obtain transaction information in the form of mini-statements, to deposit or to make a withdrawal of cash, or to make a basic enquiry about their account(s). Don Wetzel is credited as the inventor of the ‘networked’ ATM. He created the machine while working for the Docutel Company in Dallas, Texas, during the 1960s. Today there are more than 1.5 million ATMs worldwide. ATMs are always positioned in a convenient location close to banks, shopping centers, petrol stations or where large numbers of people congregate. ATM installations are considered to be located either on premises or off premises. On premise ATMs are usually more advanced and offer a range of services just like a customer would enjoy in a bank branch. Off premise ATMs are cheaper models which serve the primary purpose of allowing customers to withdraw cash.

 

Hardware and Software

An ATM is much like a standard computer, although historically ATMs had custom hardware architectures using microcontrollers. A modern ATM has a central processing unit (CPU) that controls the user interface and handles transaction requests. It has a display that the customer reads when making a transaction in order to follow simple commands. Customers enter details such as a PIN, the amount of cash to be withdrawn using a dedicated PIN pad and access special features through function key buttons (e.g. OK and Cancel). Customers insert their magnetic-stripe card into a card reader, and also can request a printout of a receipt or specialized transactional query. The ATM uses a cash dispenser to provide the money to the customer. When a transaction is complete, typically, the user will receive their card back first, then they can receive their cash, then finally a printout of their receipt. Some ATMs have features like voice commands, useful for the blind or are housed in sunken units to help shorter persons. What makes ATMs different to computers is a purpose-built secure cryptoprocessor and vault which is not accessible to the general public. Mechanisms in the vault ay include: dispensing, deposit, security sensors, and locks. Most vaults are attached to the ground so they cannot be stolen. The operating systems utilized on ATMs are again similar to those available in standard computers. ATM applications built on these standard operating systems (eg Microsoft Windows) are vulnerable to the same attacks, as those in computers. Common application layer transaction protocols include Diebold 912, IBM PBM, and NCR NDC.

 

Networks

ATMs are directly linked to an ATM Transaction Processor via a network link such as a leased line. Dial-up modems have traditionally been used in the past but with increasing bandwidth, leased lines are used because they establish a connection faster. In Australia for instance, the cost of leasing an E1 (i.e. 2 Mbps made up of 32 channels at 64 Kbps) is still expensive, so the promise of high-speed Internet Virtual Private Networks (VPNs) are solutions that customers are demanding from banks. It is not uncommon still to find ATMs in developing countries that use lower-level layer communication protocols to communicate back to the bank such as X.25 and Frame Relay. The Secure Socket Layer (SSL) protocol is used to encrypt information going between the ATM and the ATM Transaction Processor to ensure that all transaction information remains secure.

 

Security

Given ATMs are located in a public space, physical security of the actual machine is paramount. Ram-raids are not unheard of, and are an attempt for thieves to crash into the ATM and literally carry it away with them using a heavy vehicle. ATMs can also be subject to tampering, surveillance by professional fraudsters, and other problems. Essinger (1999, pp. 162f) is correct in highlighting that cardholders need to adhere to the bank’s instructions of never writing a PIN down. However recent attacks against magnetic-stripe cards have focused on using tiny secret cameras or other equipment to steal cardholder PINs as they are entering them onto the ATM keypad (Smith, 2002, p. 3). In 1994, fraud on Visa was about 0.4 per cent of total credit card transactions (Harris, 1994). By 2005, this figure had grown to 0.7 per cent, much higher when one considers that the number of credit card transactions had also increased substantially overall.

Personal information is secured using Triple DES encryption in most cases to ensure that transactional integrity is enforced. Alarm sensors are also located within the ATM itself to alert operators when illegal access has occurred. Security surveillance cameras are usually located near ATMs, recording consumer behavior. In some countries, like Chile and the Philippines, security guards stand watch over ATMs.

 

Card Processing

So magnetic stripe cards are issued by financial institutions and can be used to withdraw money or when a customer pays for products or services with a credit card. In the latter case, the card information needs to be recorded either manually, using a card imprinter or at a point of sale (POS) terminal which is then verified so that the merchant can ensure that they receive payment. Typically in any credit transaction there are five stakeholder types: the cardholder, merchant, acquirer, card association and issuer. The cardholder owns the card which is used to make a purchase. The issuer is the financial institution that issued the credit card to the cardholder. The merchant is the business accepting the credit card payment for particular goods or services sold to the cardholder. Now for a consumer to purchase a product with a credit card, a card processing service needs to be made available to a merchant via a financial institution, known as the acquirer in this context. A card association, such as VISA or MasterCard, acts as a gateway between the acquirer and issuer to authorize and fund a given transaction. The flow of information and money between the stakeholders is known as the process of interchange and involves the following steps: authorization, batching, clearing and settlement, and funding (Hendry, 2007).

 

Magnetic-stripe Drawbacks

The durability of magnetic-stripe cards often comes into question: “[m]agnetic stripes can be damaged by exposure to foreign magnetic fields, from electric currents or magnetized objects, even a bunch of keys” (Cohen, 1994, p. 27). This is one reason why so many operators have expiry dates on cards they issue. According to Svigals (1987, p. 185), “[m]agnetic stripes have been tested and are generally specified to a two-year product life by the card technology standards working groups.” Another drawback is that once a magnetic-stripe has been damaged, data recovery is impossible (Cohen, 1994, p. 29). Another way that a magnetic-stripe card can be worn out is if it has been read too many times by a reader. The read head has a small surface window, known as the field of view, that comes into direct contact with the magnetic-stripe. When a card is passed through or inserted in a reader a read head generates a series of electrical pulses. These alternating voltages correspond to alternating polarities on the magnetic-stripe. Per bit length, the reader counts the changes in polarity that are then decoded by the reader’s electronics to recover the information that is hidden on the card.

Svigals (1987, p. 36) is more explicit in describing the limitations of magnetic-stripe by writing that “[m]ost knowledgeable tape experts readily admit that the magnetic stripe content is: readable, alterable, modifiable, replaceable, refreshable, skimmable, counterfeitable, erasable, simulatable.” Jose and Oton (1994, p. 20) identify the primary methods of magnetic-stripe fraud as being theft, counterfeit, buffering, and skimming. The magnetic-stripe has rewrite capability and data capacity ranges from 49-300 characters. The latter is clearly a handicap when a chosen application(s) requires the addition of new data or features. While linear bar codes are even more limited, magnetic-stripe may still not be the right solution for a given service. Another issue that requires some attention is security. As Bright explains (1998, p. 15): “[t]he primary problem may be described with one word ‘passivity’; lacking any above board intelligence, the magnetic stripe card must rely on an external source to conduct the positive checking/authentication of the card and its holder. This exposes the system to attack. The scale of the problem exacerbated by the relative ease of obtaining a suitable device with which to read and amend the data stored in the stripe.” Consider the case in the United Kingdom were hundreds of cards were skimmed at Shell Service stations in 2006. While the UK press claimed that it was the EMV card that criminals were targeting, it was in fact the older EMV magnetic-stripe cards that were vulnerable to the attack (Aconite, 2006). There are however, numerous innovators that continue to believe that magnetic-stripe technology still has a future and they are researching means to make the technology more secure.

 

THE MAGNETIC-STRIPE CARD INNOVATION SYSTEM

Retail and Banking Associations Join Forces

The rise of the magnetic-stripe card, as we know it today, can be attributed to the collaborative efforts between the banking and transport associations, namely the American Banking Association (ABA) and the International Air Transport Association (IATA). It is commonly stated that an American National Standards Institute (ANSI) publication in 1973, developed jointly by ABA and IATA for a plastic credit card with a magnetic-stripe, laid the foundations for widespread diffusion. By banding together, the two associations were able to present a positive case for standardization. Banking and transport are two broad application areas that affect the masses, so the influence of the organizations on the direction of the magnetic-stripe card cannot be underestimated. Early on however, magnetic-stripe technology like bar code was hampered by a lack of standards: “[a]s has so often been the case with the commercialization of new ideas, one of the delaying factors was the absence of recognized international standards during its early existence” (Bright, 1988, p. 14). ISO finally resolved this issue through its Technical Committee for information processing standards (TC 97). International Standards (IS) 7810 and 7811 were published outlining definitions about the physical dimensions of the magnetic-stripe card, embossing, layout and reading requirements. Magnetic-stripe can boast a 35 year stockpile of documentation. ISO and ANSI have published a plethora of information on the topic, together with IATA and ABA. With input from the IATA, ABA and the Thrift industry, specific tracks were defined on the magnetic-stripe for specific uses. Track 2 for instance, reserved for banking applications, contained a field for the primary account number (PAN) of 19 digits. Another field for additional data such as the expiration date (4 digits) of the card, restriction or type (3 digits), offset or PVV (5 digits) or discretionary data is available, as well as control characters for the start and end sentinel, field separator and redundancy check character.

 

From Exclusivity to Interoperability

Solutions for magnetic-stripe cards based on proprietary schemes were initially used strategically by banks and other companies to secure a loyal customer base. Cash dispensers were not plentiful initially, so banks were able to attract customers by being the first to market. Louderbacker (1980, p. 40) recounts that one of the first cash dispensers was installed by the Chemical Bank in New York City in 1969. By early 1970, other banks began planning for full-service ATM (Automatic Teller Machine) installations. By the late 1970s bank card technology became a mechanism for differentiating financial institutions. If a bank was able to offer the card linked to its existing portfolio of services it was considered technologically advanced. Egner (1991, p. 56) wrote that ATM services were exclusive, and institutions like Citibank were actually able to shift market share by their promotion. The same could be said for Barclays Bank in the UK. According to Essinger (1999, pp. 172-173), the United Kingdom’s first cash dispensers were installed by Barclay’s bank in 1967 and branded Barclaycash. “They were not strictly speaking ATMs, as their function was restricted to providing cash. They were only open for limited periods in the day and were off-line (i.e. not connected to the central computer in real time)… The first implementation in the UK of a machine which was recognizably an… ATM rather than simply a cash dispenser is regarded as having taken place on 30 June 1975”.

There was often friction between the major bank players who had reaped the rewards for taking the risk with the new technology versus the banking association that wished to exercise authority on behalf of all the other (and in most cases smaller) banks to make it a level playing field. In fact Citibank, so protective of its market share, vehemently challenged magnetic-stripe standardization. Yet the bank soon realized that if it did not commit to the changes that it would be left behind, eventually becoming the minority. In essence, what Citibank and others in a similar position were afraid of was losing their competitive advantage to interoperability. Interoperability “…[r]elates to a situation whereby a card issued by one organization, e.g. a bank, can be used in an ATM belonging to another” (Bright, 1988, p. 15). Today most major service provider’s cards can be used in each others’ ATMs. In Australia customers were only able to access funds from the ATMs of different banks in 1992. The National Bank’s corporate affairs manager was quoted as saying: “[t]he attitude of the 1980s has certainly changed for the better and it’s only a matter of time before a uniform system comes into being” (Daily Telegraph, 1992).

Today, banks across the world have forged stronger relationships, as can be seen by international ATM sharing schemes (Essinger, 1999, p. 160). And all this is possible because of the PAN that is defined in Track 2 of the magnetic stripe. All PANs contain an industry code for the issuer (1 digit), an issuer identification (5 digits), customer identification (12 digits) and check digit. It was this very field that enabled different banks to accept magnetic-stripe cards at ATMs, regardless the operator. The PAN can identify the card issuer and cardholder, thus making interoperability possible via advanced card readers. It is important to note, that not all applications require a standardized magnetic-stripe card format, especially for ‘closed’ systems like amusement parks. In fact there are some instances when a non-ISO design would be more appropriate, acting to increase security by non-conformity. This usually makes counterfeiting or fraudulent alterations to the card difficult (Mullen & Sheppard, 1998, p. 1).

 

The ATM Economic Infrastructure

As ATM machines began to sprout up all over North America and the UK in the 1980s, a physical infrastructure began to grow to support the banking sector. It should be noted however that this infrastructure was very expensive and it took about 16 years for the first one hundred thousand ATMs to be installed. First and foremost, magnetic-stripe cards without ATMs were almost entirely useless: “[i]mprovements in card technology would not be particularly valuable without reader technology” (Browne & Cronin, 1996, p. 102). Second, internal bank equipment needed to be able to communicate with ATMs. A physical network was required for this to become possible, and telecommunication data providers quickly sought these opportunities as they became available using protocols such as X.25. Here is perhaps one reason why smart cards have not yet replaced magnetic-stripe cards in North America- the physical infrastructure in terms of the installed base of ATMs and POS equipment kept growing and growing throughout the 1990s. For instance, in 1997, NCR installed three thousand units (ATMs) in just 150 days for Banc One (Korala & Basham, 1999, p. 6-7).

In the 1970s and 1980s ATM volumes boomed but in the 1990s manufacturers turned their attention to adding POS functionality (Mitchell, 1996, p. 57). In some parts of the world like the United States, Japan and Hong Kong large investments in magnetic-stripe equipment have tied card issuing organizations to the technology. Apart from the initial investment it should also be considered that ATMs also incur ongoing rental space costs (Godin, 1995, p. 178). Weighing up the total potential losses as a direct result of fraud and other drawbacks of magnetic-stripe cards, against the potential multi-million dollar investment of upgrading readers and writers for smart cards worldwide; one is able to understand how physical infrastructure directly affects innovations. Smart cards are also more complicated to produce and need more expertise than magnetic-stripe. And the more complicated the production process, the harder it is produce large quantities. Murphy (1996, p. 82) outlines the intricate process by which one can only assume that the person in charge must have acquired some first hand experience previously. “Converting to smart card production is no easy task. Not only does a company need state-of-the-art printing presses, it must upgrade its plastics to a thickness that can accommodate the computer chip that makes a smart card ‘smart,’ as well as ensure the cards are temperature resilient; it needs special machines to drill holes for the chips, and another set of machines to place computer chips in those holes…” Economies of scale are necessary here.

 

The Global Inter-bank Network

The success of magnetic-stripe card technology can be measured by the increasing need for the interconnection of thousands of banks across every continent in the world. Colton and Kraemer (1980, pp. 22-23) list some of the major centralized network operations. “Federal Reserve System (FedWire) manages Federal reserve banks across the US interconnecting 275 banks; Clearinghouse Interbank Payment System (CHIPS) has the capability to execute international transactions among 62 financial institutions in New York; interbank switching in Japan is provided by Zenginkyo and the National Cash Service (NCS) network systems; the UK clearing banks have formed a company called Bankers Automated Clearing Services (BACS); Society for Worldwide International Financial Telecommunications (SWIFT) links more than 239 banks.”

SWIFT stands for the Society for World-wide Interbank Financial Telecommunications. It was established in 1973, and by 1984 it enveloped 1,104 banks in 49 countries (Dean, 1984). Dean’s article on the cashless society raises ethical issues about the power of an organization like SWIFT (see also Kirkman, 1987, pp. 224-227). As of November 2008, the SWIFTNet FIN network had corporate customers from 209 countries on its network, 2,272 full members, 3,303 sub-members, 3,146 participants and 8,721 live users. The users are typically banking organizations, securities institutions or private enterprise and exchange millions of standardized financial messages every day (SWIFT, 2008). SWIFT believes that its role is two-fold. First they provide a proprietary communications platform, products and services that allow their customers to exchange financial information securely and reliably. Second, they act as a hub to bring the financial community together to work towards defining standards and mutually beneficial financial solutions.

One can only begin to guesstimate the number of agreements that are in place between so many different entities to allow it all to work properly. This kind of meshed structure cannot be established instantaneously but only after years of formal exchanges. The European Union is another example of inter-bank data transfer standardization that requires thousands of banks to agree on a particular type of electronic payment system (EPS) that goes beyond even SWIFT (Central Banks, 1989, p. 102; Radu, 2002). Of course to understand the extent of sharing, of not only data but of physical resources such as ATMs, one must consider the networks of the large credit card and banking associations of Visa, MasterCard, Cirrus, PLUS, GlobalAccess, ATM™, AutoCash. What is worthy of noting here is the support structure that has been built around the magnetic-stripe functionality, i.e. being able to withdraw, deposit and transfer funds almost anywhere in the world. Without this infrastructure in place, the magnetic-stripe card would not have become as prolific as it has. Brands like Visa and Mastercard would not have had in excess of twenty million members each.

 

Calculated Social Change

“Twenty-five years ago, the very idea of going to a machine in order to withdraw money from a bank seemed outlandishly fanciful. Yet, with the rapidity so often associated with technological change, it soon became just another part of everyday life” (Korala & Basham, 1999, p. 6-1). The same could be said for Electronic Funds Transfer at Point of Sale (EFTPOS) (Figure 2). Numerous business people were convinced during the mid 1980s that EFTPOS would be an unsuccessful application and yet it is increasingly being used today (Essinger, 1999, p. 9). It is important to note however, that while change was “rapid”, it still took a considerable amount of time for end-users to come to terms with the fact that they did not have to physically enter a branch to withdraw money. Essinger regards ATMs to be the “[m]ost visible, and perhaps most revolutionary, element of the virtual banking revolution” (Essinger, 1999, p. 159). He believes that ATMs changed the way we lived forever and that every day throughout the world millions of people in thousands of walks of life rely on the convenience of the cash machines to gain access to money.

Governments across the globe committed resources to investigating the potential impact of the technical change of ATMs, EFT, and EFTPOS. In Australia, a Technological Change Committee investigated the possible changes EFT would initiate (ASTEC, 1986). One of the earliest EFT trials in Australia was conducted in 1982 between the Whyalla Credit Union and the G.J. Coles Company (S.A. Council of Technology, 1983, pp. 21-25). The government had a role to play in regulating EFT transactions but before doing so it had to ensure that it had adequately researched the implications of the new technology. Worldwide studies were also conducted on EFT by the OECD in particular (OECD, 1989; Revell, 1983, pp. 108-110).

As in the case of bar code, labor unions and other groups were again quick to point out that the automation would mean job losses for bank staff. The technology appealed more to the needs of business, as they sought ways to operate more efficiently. Learning about consumer spending habits through transaction history records was also important. Both banks and retailers saw the advantages that had to be gained by using financial transaction cards. Speed and security were among the most important attributes. Retailers also saw a reduction in the amount of cash-on-hand they required to handle. Many bank branches have been closed as a result of the automation and face-to-face over the counter staff numbers have been significantly reduced, driving consumers to change their habits for the sake of minimizing bank fees and charges. Stephen Bennett (1995, p. 10) a senior manager with KPMG wrote: “[e]lectronic transactions are considerably more cost effective than the counter based equivalent. This led to banks in the U.S. charging fees for branch based transactions and providing “free” transactions via telephone, ATM’s and EFTPOS, a concept that is now being embraced in Australia.”

As part of their marketing campaign in the 1970s credit companies mailed out plastic cards to consumers and in the early 1980s banks mailed out magnetic-stripe cards to prospective cardholders. For many of the recipients, it was unclear what added benefit the card could provide, although this was later realized. Essinger (1999, p. 8) wrote: “…it is likely that the availability of the new technology, and the fact that someone had decided to create it, is what is determining the application, rather than the customer need for it. In effect, after the invention has been put on the market, the customer demand is created for it.” He continues by pointing out that “…the cash machine was not an instant success; people needed to get used to the idea. However, once they had, the cash machine rapidly became an essential part of the customer service armory of any bank…” (p. 68).

 

Big Brother and the Privacy Invasion

At the time, some consumers believed that the new magnetic-stripe technology would eventually lead to breaches in privacy, especially by government agencies. Watts (1997) highlights that breaches in privacy have more to do with government outsourcing contracts than auto-ID itself. For a comprehensive overview of issues such as those related to the invasion of privacy see Rothfeder (1995, pp. 152-162), Colton and Kraemer (1980, pp. 28-30), Campbell et al. (1994), Wacks (1993), Tucker (1992), Young (1978), Federal Department of Communications and Justice in Canada (1974), Madgwick and Smythe (1974) and Cowen (1972). The rise of magnetic-stripe cards coincided with numerous Big Brother predictions made by Orwell and others. Compare Will’s The Big Brother Society (1983) with ‘Big Brotherdom has benefits’ (MIS, 1994, p. 80): “[i]t is a mistake to believe that the information supplied to such public and private organizations, or to the tax commissioner or to your employer, is your property…”  Other authors that reference the term ‘big brother’ as related to auto-ID include: Thompson (1997), Andersen (1995), Conolly (1995), Martin (1995), Privacy Committee of NSW (1995), Smith (1995a), Vincent (1995), Crosby (1994), Stix (1994), Davies (1992; 1996), Hogarth (1987), Donelly (1986). It was also at this stage of the magnetic-stripe card product lifecycle, that many countries across the globe formulated Privacy Acts. Citizen identity cards were also a topical issue in which civil libertarians became involved. The Australia Card debate is a fascinating case to reflect on (Clarke, 1987; Greenleaf, 1988).[i]

There are still people today who refuse to use plastic cards to make any sort of transactions, though it is becoming more and more difficult for them to continue this practice. The younger generations, who have been brought up surrounded by technology like the Internet are far less cynical about technology in general. Internet banking (Yan, Paradi & Bhargava, 1997, pp. 275-284) has been adopted by a technology-savvy population that appreciates the convenience of banking from anywhere/ anytime. There is now an established customer base with which to leap into the new-age authentic cashless society (Egner, 1991, pp. 105-109; Husemann, 1999; Smith, 1998). Some countries like Singapore disclosed their agenda to abandon cash by the year 2000, thus preparing all consumers for the change, even though this has not obviously eventuated as yet. “In France, an agreement has been signed that forms the basis of a nationwide, electronic replacement for cash” (O’Sullivan, 1997, p. 57; Fisher, 1996, Pope, 1990). While the cashless society is not completely here yet, many countries and consumers have made substantial inroads into the virtual world. According to most it is just a matter of time.

 

A Patchwork of Statutes

Current laws worldwide have lagged behind technological innovation. US privacy law, for instance, has been developed in a piecemeal fashion and in a case-by-case mode. It is little wonder that some types of personal information that have been enabled mostly by auto-ID techniques, such as supermarket transaction records, are still unprotected (Barr et al., 1997, p. 75). As can be seen from Table 2, U.S. privacy-related laws are a patchwork of statutes addressing specific areas and specific types of data. There is, however, no structure or governing authority in place to enforce these statutes. This means that not only can laws vary between states but with respect to the global arena, laws in other countries are also disparate, if existent at all. A similar problem is faced in Australia. Harris (1994) reported that “[t]he Australian Federal Police Association (AFPA) [was] calling for national legislation to curb credit card fraud… [as] officials find themselves virtually powerless…” In 1994, counterfeit cards accounted for $US260 million of credit card fraud worldwide, i.e. one quarter of the world’s credit card fraud. Cornford (1995) reported that Australian “[f]ederal police fear that our laws are inadequate to deal with this type of crime. The Indonesian criminal caught with the card encoder was set free on a legal technicality. Two Americans who used counterfeit cards to steal $250,000 and then sent it back to the US could be charged only with illegal transfer… A Malaysian is awaiting trial after being arrested with 77 counterfeit Visa cards. A Hong Kong criminal was jailed for nine months after using three counterfeit credit cards to get $40,000 in Sydney… The Chinese Public Security Bureau raided factories in Beijing and Shantau, which together made more than 110,000 counterfeit Visa and MasterCard holograms.”

Consider the case where a traveler to a foreign country had their credit card stolen and misused by a perpetrator. Where does the liability lie- with the traveler, with the credit card company, with the perpetrator? “In most national jurisdictions, once the customer has notified the bank of the loss or theft, the customer is then no longer liable for any withdrawals made by a third party, although sometimes the liability remains if the customer has disclosed the PIN to somebody else” (Essinger, 1999, p. 27). Whatever the perspective, for those unfortunate persons who have found themselves in this predicament (and these are not isolated incidences) the experience can be daunting as they attempt to gather evidence.

 

Regulation E

Regulation E implements the Electronic Fund Transfer Act (EFTA). The act and regulation cover the following consumer electronic funds transfer systems: ATM, POS, automated clearinghouse, telephone bill-payment system, or remote banking programs. Regulation E provides the rules that restrict unsolicited issuance of ATM cards, the need for financial institutions to disclose terms and conditions of EFT services, the provision for receipts and account statements to be given to cardholders, limitations in consumer liability in the case of unauthorized transfers and procedures for error resolution. It has to be said, that most consumers do not consider the implications of Regulation E, until they fall victim to unauthorized transfers or disputes in banking errors (FDIC, 2008).

In the U.S. there is no law governing electronic payments; these aspects are covered by provisions in the Civil Code (Central Banks, 1989, p. 217). Regulation E under the Electronic Funds Transfer Act of 1978 does not include check guarantee and authorization services, transmission of data between banks and any transaction that is about the purchase or sale of securities (Scott, M.D., 1994, p. 497). Canada has also followed the United States by setting up a voluntary code of practice for debit card issuers, retailers, and consumer associations, as well as the federal and provincial regulatory bodies. In 1992 the code for Consumer Debit Card Services was introduced by the Canadian Bankers Association (CBA). However, it would be essential to remember, “[t]he code applies only to services which use debit cards and personal identification numbers (PINs) to access automated banking machines and point of sale terminals in Canada. It does not apply to cross-border transactions. The code establishes a code of practice for the issuance, use, and security of PINs. It sets the general requirements for cardholder agreements, transaction records, and transaction security, and is intended to set a minimum standard which participating organizations meet or exceed. It does not preclude protection given by other laws and standards. The code deals with the theft, fraud, technical malfunction, and other losses, and requires card issuers to establish fair and timely procedures for resolving disputes” (Campbell, 1994, p. 44).

Numerous associations have endorsed the code. The most prominent members include: the Canadian Payments Association, the Trust Companies Association of Canada, Credit Union Central of Canada, Retail Council of Canada, Canadian Federation of Independent Business and Consumers’ Association Canada. Other innovations like EFTPOS require long-term commitments to improvements to rules and regulations if they are to continually evolve to meet the needs of the end-user and withstand the test of time. The Commonwealth of Australia wrote a detailed report on the rights and obligations of users and providers of EFT systems in 1986, however much of what was documented was voluntary codes of practice like in the case of Canada and the United States.

In a recent article by Geva (2006), three topics are explored on the common theme of changes in the law due to the developments in electronic banking. These topics include: checks, payment cards, and securities transfers. Checks once considered purely paper-based payment systems are now being transmitted either in whole or in part, electronically. This process is called check truncation. The question of whether checks are now recognized under Regulation E is discussed by Geva, as are other more advanced devices used for payment.

 

Incremental Innovations

A number of incremental innovations to the basic magnetic-stripe card have been introduced since its inception (Ross, 2003). Developers in magnetic-stripe have primarily aimed to increase basic track capacity and protect data content with some form of encryption (Smith et al., 1996). While some of these improvements are theoretically possible many hold that the widespread introduction of these techniques is not economically viable and not worth pursuing. Consider the example of Washington University’s Magnetics and Information Science Centre (MISC) that has discovered a way of protecting the magnetic-stripe card against fraud. “The biggest expense of deploying Magneprint will be replacing or modifying card readers so they can read the magnetic wave patterns” (Stroud, 1998, p. 2). This is not to discount the efforts of MISC or other commercial manufacturers.

There is evidence to suggest that companies are still investing R&D dollars into magnetic-stripe. For example refer to the new developments listed by IPC (2001). Other experts, particularly those in smart card, believe that the costs of delivering projected magnetic-stripe innovations are too high and fall short when compared to smart card solutions which are already proven and on offer now. Svigals (1987, p. 146) predicted that if smart card was to replace magnetic-stripe cards that “...the economic and functional break-even point might be reached within a five-year period.” Svigals did not believe that the incremental density changes to the magnetics would come close to even challenging the advantages of the smart card. Yet these and other predictions made in the late 1980s and early 1990s have not eventuated and those that were quick to publicize the demise of the magnetic-stripe card have been left wondering where things went wrong.

It is true that smart card has now reached economies-of-scale and is becoming more affordable but this does not necessarily equate to the total extinction of magnetic-stripe (Nickel, 1999, pp. 1-2; Holland, 2004).  Even Svigals (1987, p. 175f) himself, acknowledged that: “[a]ll evidence suggests that the magnetic-stripe FTC will have a place in the future. A financial institution with a static market, a significant investment in magnetic-stripe work stations, a very low card acceptance rate and/or rapid customer turnover, and little prospect of additional types of electronic services will probably stay with the magnetic-stripe FTC... At the other end of the spectrum is the institution with a large stable of aggressive magnetic-stripe FTC users, a fast-growing range of electronic services, an increasing set of interchange and sharing arrangements, and a growing concern about magnetic-stripe-based losses and frauds. That institution will take an early look at Smart Cards... In between the two extremes are the majority of institutions... In the final analysis, an active effort to accommodate both types of financial transaction cards appears to be the appropriate action path” (Svigals, 1987, p. 175f). In the case of the current global EMV migration, some regions have been slow to take-up the new chip and pin card. Analysts have noted that the slow uptake has been due to the complexity of replacing the entire card and terminal base, coupled with changes to the networks and bank issuer systems to deal with processing requirements (Aconite, 2006, p. 12). Fraudsters can still continue to target EMV cards, so long as the magnetic stripe is present on the back.

The new-found relationship between the magnetic-stripe and biometrics techniques has also opened a plethora of new opportunities for the technology. The University of Kent began to conduct research on encoding facial images on blocks of data small enough to fit on a magnetic-stripe in (Middleton, 1998). In addition manufacturers of numerous auto-ID devices have even seen a possible convergence between the bar code, magnetic-stripe and integrated circuit (IC) onto the one device (de Bruyne, 1990; Magbar, 2000).

 

Collaborative Research

Together with firms and standards-setting organizations, universities are also investing research dollars in developing further magnetic-stripe innovations, admittedly however many of these projects are sponsored. Yet it is firms that are generally more overprotective about their intellectual property (IP). But as Bright (1988, p. 136) does rightly point out, the reluctance on the part of potential suppliers to disclose their techniques and progress is understandable, granted the commercial sensitivity. Even universities, that were once considered fairly open institutions, have now jumped on the commercialization bandwagon, in order to attract even bigger funding opportunities to support laboratories and centers. For instance, MISC has developed MAGNEprint to increase the security of magnetic-stripe technology. Previously, this had been one of the technology’s technical limitations, making smart card technology more favorable for access control applications (Magneprint, 1999; Batterson, 2002): “Researchers at Washington University have invented a method for the positive identification of any piece of magnetic recording medium. The innovation permits a reading device to verify the authenticity of a document bearing magnetically recorded information, and to reject unauthorized copies... The innovation eliminates all types of magnetic fraud.” This innovation can now be implemented by manufacturers of magnetic-stripe cards to increase the attractiveness of magnetic-stripe technology compared to other card technologies. The innovation was first presented at a number of technical forums. Thereafter an article was published in a recognized journal and in 1993 became protected through worldwide patenting. With further trials conducted the university licensed Magneprint to Mag-Tek Incorporated, a firm that makes electronic readers (Stroud, 1998, p. 1). This is yet another sign that the technique is continuing to evolve and will continue to meet the needs of a variety of applications.

 

MAGNETIC-STRIPE CARD APPLICATIONS

Overview

Financial Transaction Cards

A cursory glance at the content of one’s wallet will reaffirm why “[f]inancial cards are by far the main application of magnetic stripe cards” (Zoreda & Oton, 1994, p. 20). The finance sector, have been responsible for the FTC explosion in the form of debit and credit cards which have paved the way towards an evolving cashless society.[ii] The two types of cards differ in that debit cards require the cardholder to enter a personal identification number (PIN) at unsupervised terminals (known as automatic teller machines ATMs) whereas credit cards only require signature verification at supervised terminals (known as electronic funds transfer at point of sale EFTPOS). Financial transactions can even be carried out from the home using a PC (personal computer) or a touchtone telephone. For the present however, ATMs and EFT terminals can be viewed as the most popular complementary innovations to magnetic-stripe cards that have changed the face of banking. For instance, between 1990 and 1994 the number of EFTPOS transactions worldwide increased from 61 million to 245 million (Federal Bureau of Consumer Affairs, 1995, p. 6). In the same period EFTPOS terminals grew annually at a rate of 38 per cent as compared to ATM terminals which only experienced an annual growth of 4 per cent. The trends as identified by Tren (1995, p. 42) can be attributed to the early adoption of ATMs by North America, Canada and Japan versus the adoption of EFTPOS by European countries to handle multi-currency payments.

 

Wallets Bulging with Plastic not Cash

The magnetic-stripe card was heralded as the technology that would see an end to the large bulging wallet containing copper coins and paper money (Johnstone, 1999). For a fascinating study on what consumers actually store in their wallet and the shifting uses for wallets over time see L. Cooper (1999, pp. 87-93). Financial objects in wallets include: receipts, money (cash and coins), loyalty cards, debit cards, bank cards, credit cards, charge (smart cards) and checks. Non-financial objects include: membership cards, business cards, drivers license, telephone numbers, ID cards, postage stamps, lottery tickets, coupons, photographs, national insurance card, medical prescriptions, train tickets and a calendar. While the magnetic-stripe card has successfully acted to reduce the amount of money people carry, the technology has attracted other countless product innovations. Unfortunately, the reality is that wallets and purses are still bulging but not with money, instead with numerous plastic cards. It is not unusual to be held up in a shopping queue while someone is shuffling through their collection of magnetic-stripe cards searching for the right one to make their transaction. It is not out of the ordinary for a consumer to possess a separate ATM savings card, several credit cards, a frequent flyer card, a phone card, a discounted travel card, an employee identification card, a library photocopy card, a driver’s license and several different loyalty retail cards (Cox, 1997, pp. 28-31).

There are presently several billion magnetic-stripe cards in circulation in the United States alone (Blank, 2007). This is testament to the increase in consumer acceptance of card technology and the marketing efforts of large corporations to sell the benefits of the card. In addressing the issue of the magnetic-stripe card taking the form of an electronic purse, Peter Harrop (1992, p. 227) describes the main applications other than the FTC. He makes the observation that: “[s]o far, payphones are the commonest application… Mass transit, particularly ‘stored-value tickets’ for trains and buses, is the second largest application… Prepayment cards are widely used for taxis, road tolls, parking [Figure 3], vending, payment in canteens and small shops, purchase of electricity and gas at the home meter, in launderettes and many other applications.”

The Plastag Corporation, a card manufacturer approved by MasterCard and Cash Station have put together an imaginative range of product solutions. While producing the standard line of bank cards and blank cards, they are also the largest supplier of casino cards in the U.S. Other Plastag (1998) products include:

“- pre-paid phone cards: phone cards are one of the most popular and effective promotional tools to build traffic in a business

- membership/I.D. cards: an important record-keeping tool for hospitals, nursing homes, other health providers, insurance companies and colleges/universities

- keylock cards: all over the world, hotels and resorts are changing the traditional door locks to electronic swipe key cards... they keep guests safe... [Figure 4] ”

It is important to keep in mind that not all applications require the same level of security as the FTC- it all depends on the application. For instance, paper bus and rail travel tickets featuring a magnetic-stripe are highly negotiable (i.e. they do not require a PIN or user ID and can be interchanged between persons).

 

Case 1: Magnetic-stripe Cards for Financial Transactions

Some may have thought it more valuable to relate financial services to smart cards but the reality is that widespread usage of smart cards by most banks is still some time away, especially in North America. “…Less than 5% of smart cards worldwide are issued by banks… Mass rollout of smart cards is years away because of the cost to convert magnetic-strip credit, debit and ATM card systems to chip technology” (Bank Sys., 1997, p. 21). Presently, it is the plastic embossed card with the magnetic stripe and signature that has permeated most countries around the world. The card is used to perform transactions for various types of electronic funds transfer systems (EFTS): ATMs, CDs (cash dispensers), EFTPOS and remote banking. As one report noted these ‘profound changes’ linked for the first time the consumer directly to the computer. Prior to magnetic-stripe cards, consumers depended upon the services of an intermediary at the counter but now the consumer is able to perform operations that were previously conducted by a bank clerk (OECD, 1989, p. vi).

Magnetic-stripe cards have been able to offer the dual function of paper-based and paper-less transactions. This is important because it has enabled the cardholder the ability not only to withdraw or transfer cash but also to use ‘plastic money’ with the same card. For instance, in Australia the St George Bank Freedom MultiAccess Visa magnetic-stripe card (with hologram) allows the cardholder to visit ATM machines to withdraw cash using a PIN and also to purchase goods and services by credit using the cardholder’s signature. International credit card corporations like American Express (AMEX), Bank Americard, Cartasi and Diners Club which are offering credit-based financial services are still using magnetic-stripe cards with embossed writing and signature though they have signaled their intention to migrate cards over time. While this type of system is obviously convenient for the cardholder, questions are continually being raised about the vulnerability of the cards to fraud and theft. More recently in Australia, credit card companies are linking PINs to cardholder accounts to eliminate the possibility of fraudsters giving false signatures at point of sale.

 

Are Magnetic-stripe Cards Outdated Technology?

While most banks and financial institutions still utilize magnetic-stripe on their customer FTCs, particularly in the U.S., all of the banks in France are reaping the benefits of smart card. “All bankcards in France have a chip imbedded in them... When a French cardholder makes a purchase, the transaction is processed at the point of service using the chip and not the magnetic stripe” (Ayer & McKenna, 1997, p. 50). The Dutch have followed the example of the French. Each of the French chip cards carry a payment application known as B0’. “Dutch banks are poised to become the first in the world to introduce computer smart cards on a nationwide scale this year, eventually giving 15 million people the possibility of living without cash” (van Grinsven, 1996, p. 32).

Smart cards have always been a dormant threat to magnetic-stripe but in most countries it has taken until the year 2000 for noticeable migration from the magnetic-stripe card to the smart card to happen. It took almost 40 years to distribute plastic payment cards widely; it will probably take another 10 years before consumers worldwide are comfortable with the multiapplication smart card. Even though the card is a more secure technology enabling the reduction of fraud, many consumers are concerned with the card’s potential uses. It is the information centralization to one unique ID per person that consumers find uncomfortable. Some banks have already issued multiple application cards but consumers still fear security breaches.

Many banks have conducted feasibility studies on smart cards, either by doing secondary research or conducting pilot studies. They are presently, albeit seamless to the consumer, considering a transition between auto-ID devices. Customers are being supplied with hybrid cards until the migration from magnetic-stripe to smart cards is complete. In the former case, major banks across the world have begun marketing the smart card concept to consumers. In Australia for instance in 1997, the ANZ bank advertised the change from magnetic-stripe to smart card in full-page advertisements. One of these announcements is worth noting in full- a magnetic-stripe bankcard appears on the left page and a VISA card (with IC) on the right:

“October 1974. There it was in your letterbox. Whether you wanted it or not. A Bankcard. They all looked the same and their new owners likewise, were all treated the same. You were told where to use it and how much you could spend. All that changed. At ANZ it changed faster than most. To the point where you can now enjoy ANZ cards that not only provide credit… Cards that are aligned to your telecommunications company, your airline, and many other major companies you do business with on a daily basis. What next? Well, we’re currently at the forefront of smart card technology. Cards that use a microchip to record details of transactions and the balance on the card. Now won’t that be a nice change?” (The Australian, 1997, pp. 6-7).

Globally and throughout the 1990s banks conducted widespread smart card trials. In the U.S., Citibank and Chase Manhattan conducted a trial in 1997 covering New York City and some 50000 consumers. In 1993, National Westminster Bank and Midland Bank teamed up to trial the Mondex card in Swindon, including 40000 consumers. In the same year, the three largest credit card giants, Europay, MasterCard and Visa, implemented a global standard generally known as the EMV specification for smart card credit cards as they considered future migration paths (D.S. Gold, 1999). VISA was the first of the trio to distribute smart cards to their customers. American Express has also made inroads to developing EMV standard credit services. As Ayer and McKenna from VISA International reported (1997, p. 49), the EMV specification is truly global. It allows for the same terminal to accept a variety of payment cards. The aim is to expand the usefulness of payment cards to be able to do much more with them. In France there are even migrations occurring from smart bank cards developed in the 1980s to newer smart cards that adhere to the EMV standard and are based on the MULTOS operating system. Clearly this has been an unsettling period for banks and merchants as the costs to upgrade or replace existing ATM, EFTPOS, electronic cash registers, self-service fuel dispensers and other such terminals to make them smart card-ready are very high. Some have therefore chosen to remain with the magnetic-stripe technology for the interim and may well suffer for it later. In 2000, “Visa USA estimated it would cost $11.1 billion US to convert to smart cards in the United States alone, with $7 billion of that cost borne by merchants” (Blank, 2007).

 

From Electronic Purse to a Cashless Society

The first well-known electronic purse trial was conducted in Denmark, Noestved in 1992. The prepaid card system was called Danmønt A/S. The integrated circuit card (ICC) was used for the payment of small amount transactions such as at vending machines, payphones and transportation. By 1993 the card was rolled out to several large cities, and terminals were located at payphones, parking meters, kiosks and railway. In 1996, there were over 600,000 cards in circulation in 50 Danish cities. The next step for Danmønt was to introduce more sophisticated SVCs that could be used for bigger transactions that require more security. Danmønt’s strategy is to heighten consumer awareness and acceptance (PBS, 1998; Kaplan, 1996, pp. 150-152; Ferrari, 1998, pp. 196-197). In Portugal the SIBS (Sociedade Interbancaria de Servicos) have introduced the Multibanco electronic purse, yet another hybrid card incorporating a microprocessor for purse applications and magnetic-stripe for credit facilities. Close to 7000 smart card terminals have been introduced, the majority are off-line and about one-third can read both magnetic-stripe and smart card technology.

Two years after the Danmønt card was introduced, the Mondex card made its debut in the UK. “Enter electronic cash. The idea of digital money is simple enough: instead of storing value on paper, find a way to wrap it in a string of digits that’s more portable” (Ramo, 1998, p. 50). It is interesting to note that both Danmønt and Mondex were initiatives of large banks and telephone companies, although the two cards differ in principle. While Danmønt was designed for the payment of small transactions, Mondex was designed for the replacement of cash altogether. Mondex is also designed to leave an ‘untraceable’ audit trail. Since its inception in 1993, Mondex International (now a subsidiary of MasterCard International), has rapidly begun to roll-out trials all over the world. Mondex is being marketed as convenient for consumers and merchants. Some of its differentiators from ATM magnetic-stripe cards include: access to electronic money via public or private telephones, its ability to carry up to 5 currencies, an electronic wallet which allows card-to-card transactions, lock-code functions and instant statements. In the English town of Swindon, Godin writes (1995, p. 84), “...customers at the local McDonald’s buy Big Macs without touching a bank note; pub crawlers at Bass Taverns keep the taps running without tapping their wallets; and grocery shoppers pay for their provisions without currency changing hands. Citizens of Swindon... are participating in a pilot project testing Mondex, a smart card for dispensing digital cash.”

In 1994, Mondex was heralded as having the potential to become a global payment system and banks rushed to become a franchisee of the company. Mondex International has been hailed as the “evangelist” of the smart card world (Mitchell, 1996b, p. 52). More recently Mastercard International has reached an agreement to assume full ownership of Mondex International (Mei, 2001, p. 10). In Asia, HongKong Shanghai Bank along with Hang Seng Bank are serving Hong Kong, China, Singapore, Taiwan, Philippines and other surrounding countries with Mondex cards. Chase Manhattan and Wells Fargo along with the Royal Bank of Canada and the Canadian Imperial Bank of Commerce (CIBC) are trialing Mondex in the U.S. and Canada respectively. The Australian banks, National Australia Bank (NAB), Westpac, ANZ and Commonwealth Bank have paid ten million Australian dollars for their right to issue Mondex smart cards to consumers (Moreira, 1997, p. 45). Clearly, there is a movement away from the traditional magnetic-stripe FTC and a move towards both the electronic purse and electronic cash. The latter, of course, meaning a world without paper money- a cashless society. However, Mondex officials are still cautious about predicting the demise of cash completely. “They see digital money as an alternative to cash, another option among many options for consumers. Mondex has estimated that e-cash will carve out 30 percent of the payments market” (Godin, 1995, p. 97).

DigiCash is another company that is focused on delivering smart card solutions. The company established by David Chaum, a cryptography expert, is part of the consortium of firms that is involved in developing the electronic-wallet for the CAFE project (Conditional Access for Europe). A trial is already underway in the European Commission in Brussels. Other companies which are making their mark in the digital cash arena include: CyberCash, First Virtual, Michigan National, BankOne, CheckFree, CommerceNet, NetCash, Smart Cash, Telequip and NetMarket. These companies have developed solutions for purchasing goods and services over the Internet and conducting money transfers using electronic cash (Brands, 1995; Godin, 1995; and Essinger, 1999, ch. 10). Other well-known solutions include the Proton cash card (Proton, 1999) from Banksys in Belgium that is closely linked to American Express, and the Visa Cash card which is being tested by Visa International. Other schemes worth noting, which are trialling types of electronic purses include: Transcard, Quicklink & MasterCard (Australia), BalkanCard (Bulgaria), EltCard (Estonia), Avant (Finland), SEPT (France), Chip Knip (Holland), Eximsmart (Indonesia), LINK (Lebanon), Interpay (Netherlands), Bankaxept (Norway), SIBS (Portugal), NETS & CashCard (Singapore), UEPS (South Africa), SEMP (Spain), POSTCARD (Switzerland), FISC (Taiwan), VISA SVC (USA). This signifies a truly global reach.

According to Hendry (2007, pp. 144-162) the drawbacks of electronic purse schemes such as the Danish Danmønt, the Portuguese PMB, VisaCash and Mondex were three fold. Transaction times were usually felt to be slower taking up to several seconds, and a separate transaction was required for loading the card which was inconvenient for the user. In addition, there were problems with the cost of the schemes which were highly customized and proprietary in nature. When the Internet became a plausible avenue to making payments, either from a fixed or mobile device, electronic purse schemes became less popular as a longer term solution.

 

Biometrics and Beyond- Why carry cards at all?

“Automatic teller machines that identify users just by looking at them are expected to make PIN numbers and ATM cards obsolete” (Johnson, 1996, p. 11). Several systems have been developed by U.S. companies using iris identification. The Sensar Corporation, have already installed IrisIdent units in parts of North America and Asia. Citibank liked the idea so much, that it prematurely invested $US3 million into Sensar back in 1997. Nationwide Building Society, Britain’s largest mortgage lender is also trialing Sensar’s product in Britain, using NCR-built ATMs (Brown, 1998, p. 52). Oki Electric, a Japanese ATM manufacturer has agreed to buy at least $US35 million in Sensar products within 5 years (Fernandez, 1997, p.13). It is significant to note that even if biometric ATMs are phased in, that most banks will still continue to issue customers with some type of card device which will store the individual’s biometric. Diebold Incorporated have developed a multimodal biometric system for making transactions that incorporates both face and voice recognition. Using face recognition software by Visionics and voice-verification from Keyware Technologies, the face and voice must match an image and voice sample in a database for a customer to make a transaction (Belsie, 1997, p. 1; S. Gold, 1999). Even as far back as 1992 an Australian company, Bio Recognition, developed FingerScan for ATM transactions (Gora, 1992, p. 3). Biometric systems do seem to remove the need for remembering passwords and account numbers or carrying several cards with expiration dates etc, but they do require each customer to willingly provide a biometric (Wahab, Tan & Heng, 1999; Essick, 1998). The up-front cost of installing a biometric system is still not viable for most companies.

Biometrics is also more complex than solutions like RFID transponders. Recently, the advantages of transponders with respect to animal identification have been highlighted by print media. Some advocates of the technology say, if chip implants work for animals then they should also work for people. A number of respected scientists see it as a gradual progression to better efficiency and security. Others nervously acknowledge that mass trials are already technologically feasible. One of the earliest references to a type of auto-ID device that would herald in a cashless society was recorded in The New Westralian Banker, an official publication of the Australian Bank Employees Union. The article (Devereux, 1984, p. 5) was titled “1984 IS HERE!” and highlights a new system that supposedly does not require a bankcard or credit card or check or cash. “This is the crux of an experiment begun in Sweden starting March, 1983. 6,000 people have agreed to take part in this experiment. Each person involved has received a special mark (shot on to the relevant area with a special, painless ray gun) and is now marked for life (it doesn’t come off.) The mark is registered in a computer and will register in banks or wherever those marked decide to shop. The shopkeeper simply runs an electronic pen over the mark and it instantly sends that person’s number to a computer center from where all information of their transactions is sent to their bank. No money needs to be touched.”

The technology depicted suggests that some kind of human bar code trial occurred in Sweden. The technology did exist in 1984 to run this trial; however we have not been able to verify the authenticity of the content of the article. Whether Devereux had a wry sense of humor or the article content is true, still makes one wonder where the technology could be headed. In making reference to electronic cash, a Time Magazine reporter commented, “Your daughter can store the money any way she wants- on her laptop, on a debit card, even (in the not too distant future) on a chip implant under her skin” (Ramo, 1998, p.51). U.K. Professor Kevin Warwick, the first man to be implanted with a chip, has also said: “[i]n five years’ time, we will be able to do chip with all sorts of information on them. They could be used for money transfers [figure 5], medical records, passports, driving licenses, and loyalty cards. And if they are implanted they are impossible to steal. The potential is enormous” (Dennis, 1998, p. 2).

     

Case 2: Magnetic-stripe Cards in Transportation

Electronic Ticketing

Electronic ticketing systems based on magnetic-stripe technology are now widespread. Most tickets issued for a variety of transportation are made of a thin cardboard containing a magnetic-stripe down one side. They are known as ‘prepayment cards’. While these tickets are highly negotiable, consumers seem to be relatively unconcerned with loss or theft of a ticket. The cost to manufacture and purchase a ticket is relatively low compared to other card types. The movement away from traditional cardboard-only tickets only raised the price of a fare by a few cents and increased revenue manifold. In the U.S. the push toward transit fare automation began in 1972 when BART (Bay Area Rapid Transit) in the San Francisco Bay area was introduced. The process is as follows: “[t]ickets are dispensed by machines in stations that accept coins and bills. Ticket value is recorded on the mag stripe. When a rider enters the system the turnstile read-write unit records the place and time of entry. Upon exit, the turnstile computes and subtracts the price of the trip based on length of trip, and in some systems, the time of day” (Holmstrom, 1996, p. 1).

One of the successes of the introduction of magnetic-stripe ticketing is that it has allowed for the operation of a unified and standard metropolitan transport system. In Sydney, Australia, the State Rail Authority, the State Transit Authority and Ferry Authority have standardized their magnetic-stripe ticketing system. The Washington transit system also uses a similar set-up (Harrop, 1989, p. 342). Weekly or daily tickets can be purchased with ease and used for different types of transport (Figure 6). Consumers who purchase pre-paid tickets for multiple journeys usually receive price discounts (Todd, 1990). The short-comings of the ticket include that they are disposable (i.e. paper waste) and the ability to check whether an individual has purchased the right trip for their destination requires human intervention.

When standards for magnetic-stripe were being developed the International Air Transport Industry ensured that Track 2 was dedicated solely to air travel. Before any domestic or international flight, the traveler is issued with a boarding pass. Without this pass he or she cannot board the airplane even if their passport has been stamped by immigration. A boarding pass contains flight and seating information, the traveler’s name and flight class in the front and a magnetic stripe at the back. If a traveler has luggage to check-in bar code labels are attached to the bags so that they can be read later and routed to the correct destination (LaMoreaux, 1995, pp. 12-14). Today integrated RFID tags are used for baggage handling in many international airports, such as Hong Kong.

 

Loyalty Card Schemes

One of the biggest boosts to the magnetic-stripe card industry was the introduction of loyalty cards attached to air transportation especially. The idea has been around since the late 1980s but it picked up momentum in the late 1990s with frequent flyer card programs linked up with hotel chains and rental car companies. As far back as in 1987, the Airplus Company (initially backed by the top 13 European airlines) launched its loyalty card. It was one of the first companies to offer such a service but it found it very difficult to continue in the short-term as projected card targets were continually not met. The card was initially misunderstood by observers as a type of credit card but David Huemer (the CEO at the time) clearly stated that the service the card provided was the purchase of business travel for the frequent traveler. By 1988 Airplus was forced to change its strategy. The company restructured and successfully entered into the co-brand market directly featured on a host of Airplus-linked family cards like Austrian Airlines. Similarly in 1989, the Alitalia airline was offering a twenty per cent discount on full-fare domestic flights in Italy for Alicard cardholders. “Alicard, which is personalized and carries a magnetic stripe (the stripe is inactive and for ‘image’ purposes only), is being produced by a Rome-based subsidiary... Air industry observers consider Alitalia’s foray into the plastic card business part of an overall attempt to build itself an image as an innovator and improve its level of service” (Card World, 1990, p. 44).

The new loyalty card market is booming in that more and more consumers are subscribing to programs. Cross (1996, pp. 30-34) discusses how intelligent shoppers can benefit from loyalty programs. See the agreement between Mondex and beenz.com for loyalty points (D. Jones, 2000). Another example is the Australian loyalty card program called Ezy Rewards offers points for shopping at the Woolworths retailer, banking with the Commonwealth Bank, flying with Qantas, visiting particular entertainment venues and booking particular holiday packages. Under the guise of Club Miles, Frequent-Flyer, Fly-buys, Air Miles, The Travel Club, Reward Card, Premier Points, Executive Club and other so-named programs, consumers are rewarded for their loyalty by discounted or free flights, upgrades to flight class or airline lounges or hotel rooms etc. Companies from all types of industries are enjoying the co-branding concept, especially airlines that have teamed with large hotel chains, credit card corporations and telecommunications operators. What is important to highlight, however, is that the cost of these programs to airlines, hotels, and card companies is high and the return questionable. “The current process is inconvenient for the consumer, costly for the travel company to administer, and a nightmare for a corporate travel and finance department to manage” (Wesley & Wilkey, 1997, p. 201). In some cases, travel companies have abandoned loyalty programs altogether.

 

Are Smart Cards the Smart Choice for Contactless Ticketing?

At Airports and Checkpoints

Magnetic-stripe tickets have been successful in increasing commuter throughput at peak hour periods but many operators are concerned with the increasing means to counterfeit this media (Dinning, 1997, p. 186). For this reason, smart cards have been introduced to many transit systems all over the world. Since the Schengen Treaty, Amsterdam’s Schiphol airport has introduced a 100 million guilder smart card system for members of eight other European states that have agreed to scrap identity checks. “The plastic cards… allow for free movement for travelers through a special gate without having to show passports or ID cards… there are no photographs of travelers, passport numbers or any other safeguards in the card’s microchip… The treaty will provide free passage of citizens through France, the Netherlands, Germany, Spain, Portugal, Belgium, Luxemburg, Italy and Greece” (European, 1993, p. 3). More recently Iceland’s Keflavik International Airport upgraded its CCTV (closed circuit television) system with facial recognition technology to guard against terrorism, since its inception into the European Schengen Agreement (Lockie, 2001).

 

For Metropolitan Bus, Rail and Ferry Services

Among the most advanced is that established in Hong Kong. The consortium Creative Star has integrated the ticketing system for trains, buses, taxis, trams and ferries. The Octopus Card (Kwok, 2001, p. A4) is used to collect payment for taxi fares and other transport services (Wallis, 2001, p. B5). Consumers are charged a small levy for using the card to offset overall costs. This is how Creative Star as the service provider makes money and how merchants can recover their costs for buying specialized readers (Chan, 2001, p. 6). The contactless card allows commuters to pass through turnstiles without having to insert it in a reader. The consumer has the choice between a personalized and non-personalized card (Chau & Poon, 2003).

In the U.K., Transys began to develop the Oyster Card for London Transport (LT) in the 1990s. It was proposed that (Jones, 1998, p. 4): “[a]utomatic gating will be extended to all the London Underground stations and existing automatic gates will be upgraded to read smart cards. Electronic ticketing machines will be introduced in all buses operating in London. Transys will also take over the operation of London Transport’s Pass Agent ticket retailing network operated confectioners, newsagents and tobacconists and collect revenue from them. Some 2,300 retail outlets will have the equipment for issuing smart cards.” Today we know this scheme as the Oyster Card (London Transport, 2008). An Oyster card can store up to £90 of credit, which can on bus, Tube, trams, DLR, London Overground and some National Rail services in London.

 The Washington Metropolitan Area Transit Authority (WMATA) trialed contactless smart cards in 1995. The ‘Go Card’ as it was named, could also be used to pay for commuter parking. German Autobahns used the chip-ticket system from about the mid-1990s (Wenter, 1994, pp. 50-54). The Tapei City government implemented a Mass Rapid Transport (MRT) system using contactless smart cards for payment on buses, the subway and a number of car parks. The MAPS concept called for the ability to pay for all transit purchases from bus fairs to parking fees and tolls (Cunningham, 1993, pp. 021-025). Additionally, smart transit cards have been used in agreement with universities and other applications.

The smart card is not only convenient for the consumer but provides a wealth of knowledge for operators in terms of resource allocation and transport network optimization (Blythe, 1996; Blythe & Holland 1998). For the advantages and disadvantages of smart card fare collection media refer to Okine and Shen (1995, pp. 524-525). Zlatinov (2001, pp. 35-36) reported on the next generation of transit cards. Readers linked to an information system can gather important statistical data that can assist with planning present and future transport services. For example, an operator has the ability to count the number of passengers that use particular bus, train and ferry routes at particular times of the day.

 

Road Tolling Applications

In Singapore, this idea has been taken one step further with the fully operational ERP (Electronic Road Pricing) system and contact-based electronic purse ‘CashCard’ (LTA, 2008). Drivers do not only go through toll gates without stopping but information collected allows operators to locate congested areas at peak traffic times, plan for new roads or redirect traffic through other routes (Figure 7). The RFID-based system even has the capability to charge drivers according to the route they have taken, to ensure a smooth flow of traffic (Kristoffy, 1999). Drivers who do not wish to pay higher levies may use non-direct routes which take longer to get them to their destination. For an overview of RFID toll applications refer to Gerdeman (1995, ch. XI). This type of system has enormous implications for congested and polluted cities such as Athens in Greece. In London in the United Kingdom instead of RFID a network of camera sites monitors every entrance and exit to the Congestion Charging Zone (CCZ). High quality digital images are taken of vehicles through a process called Automatic Number Plate Recognition (ANPR) which reads and records each number plate and charges vehicle registrations accordingly.

In understanding the flow of traffic, new bus routes could be setup to encourage people to take public transport instead of their own car. The terms ‘smart city’, ‘smart vehicles’, ‘smart roads’ are beginning to surface in transport and telematics. Komanecky & Claus (1991), and Gerdeman (1995, ch. XII) refer to this type of RFID application as an Intelligent Vehicle Highway System (IVHS). Choi et al. (1995) discuss a real-time moving automotive vehicle identification system (AVIS) that uses bar codes at toll gates to measure city traffic. In the Italian city of Turin, the public transport company ordered a Confident RFID system (TagMaster AB) for its 900 buses, 300 trams and drivers. “[T]he ID tags in the system will also make it possible to get information about mileage, fuel consumption and service interval status of the vehicles” (M. Marsh, 1998, p. 1).

 

Boarding Passes and the Airline Industry

In October 1995, at the Passenger Services Conference, a smart card subcommittee was established to develop an airline industry smart card standard. Problems envisaged with electronic ticketing, namely how to identify a passenger quickly without a paper boarding pass, led to the formation of the subcommittee. In Australia QANTAS allows for ‘e-check ins’ for domestic flights. A traveler is required to use his/her credit card at a check-in kiosk at the airport and a boarding pass is provided after the consumer enters their itinerary details. Flight times, seat changes and baggage check-in are all automated through this process. Delta Airlines, Lufthansa and Air France are now using IATA standard smart cards. The results of the Smart Card Subcommittee were IATA resolution 791 and ATA resolution 20.204- ‘Specifications for Airline Industry Integrated Circuit Cards (ICC)’. The resolution made effective in 1997, means that cards are interoperable at gates which have upgraded their read/write hardware. It is expected that most of the airline cards will be co-branded cards. Credit card companies like Visa, MasterCard and American Express showed immediate interest. For a list of airlines that provide an e-ticket services refer to the IATA web site (IATA, 1999). Delta Airlines have issued smart cards to frequent flyers between New York, Boston and Washington.[iii] The contactless chip card is swiped by the passenger at the boarding gate for authorization to board the plane. The card not only acts as the ticket but serves the other functions of a Frequent Flyer Card and credit card.

Lufthansa have already issued hundreds of thousands of smart cards to its frequent flyers and Senator cardholders. Known as the ChipCard, the card is used on all German domestic flights as well as from London and Paris. The card is truly a multiapplication card, as it can be used for making telephone calls in Germany, as a credit card, and Air Travel Card, a ‘Miles and More’ frequent flyer card, a membership card for airport lounges, and a boarding authority for passengers. Different from the Delta Airlines frequent flyer card, the ChipCard is both contact and contactless. When boarding the passenger does not need to insert the card in a reader but simply walk past the RF reader near the gate. Air France also records the passenger itinerary on the ATB Pectab Gemplus smart card.

Just as magnetic-stripe cards can be stolen, so can smart cards. For that reason, it is possible that an unauthorized person may be allowed to travel accidentally or by fraudulent intent. After the terrorist attacks of September 11, 2001, and numerous other foiled attempts to down passenger airliners in the UK and US, numerous governments have either investigated or implemented biometric schemes or electronic Passports known as ePassports. Some authorities around the world have even integrated smart cards with biometrics (Halpin, 1999). As the traveler passes through immigration, he/she must insert a card into a reader at the first gate. The information stored on the card is read and verified. Different airports around the world are using different human characteristics, varying from fingerprints, hand geometry or a combination of both. The sample taken is then matched with a record in the database and the image on the card. If there is an exact match, the passenger is allowed to travel. Such a system is being promoted by IATA and is already in use in Australia, Belgium, Canada, France, Germany, Hong Kong, Netherlands, Switzerland and Taiwan and the U.S.

 

CONCLUSION

Magnetic-stripe cards are now considered a mature auto-ID technique, a catalyst for the highly complex physical and logical infrastructural interconnectivity that exists in the banking sector today. While the technology itself has not undergone revolutionary changes to its make-up, simple incremental innovations have been introduced in a bid to minimize fraudulent activities, especially where credit cards are concerned (Berghel, 2007). The predicted demise of the magnetic-stripe card in the mid-to-late 1980s did not eventuate. Cost and first-to-market principles seem to have overridden any attempt for the smart card to overtake the magnetic-stripe card in market share, despite its superiority in terms of security and functionality. While magnetic-stripe card fraud continues to be a global problem for credit card companies especially, the transition to another card technology is riddled with obstacles. Namely, transitioning requires a change in physical infrastructure, a shift in consumer mindset, agreement in card standardization focused on security and interoperability, all of which seem too difficult to institute. For now at least, the industry seems complacent, willing to live with the multi-billion dollar problem of fraud rather than to make radical changes. Outside the financial sector, magnetic-stripe cards have prospered in terms of their utility, effectiveness and versatility. They have acted primarily to verify a cardholder’s identity, linking an embossed number or barcode also present on the card to specific applications. While we can lay claim to the fact that we are now living in a relatively cash-less society, today’s wallets and purses are still bulging, only now bulging with strips of plastic, rather than strips of reinforced paper.

 

REFERENCES

Aconite. (2006). Mag-stripe's the problem. Card Technology Today, July/August, 11-12.

Allard, T. (1995, 28 October). Get ready to kiss your cash goodbye. The Sydney Morning Herald, pp. 1, 44.

Allard, T. (1997, 10 April). Smart cards the key to a cashless society of future. The Sydney Morning Herald, p. 1.

ASTEC. (1986). Towards a Cashless Society? A report to the Prime Minister. A.C.T: Australian Government Publishing Service.

AT&T Universal MasterCard. AT&T universal card services.   Retrieved 20 November 1996, from http://public.att.com/ucs/card/card.html

Australian. (1981, 4 September). The cashless society. The Australian.

Ayer, K., & McKenna, J. (1997). Worldwide developments and player motivations. In C. A. Allen & W. J. Barr (Eds.), Smart Cards: Seizing Strategic Business Opportunities (pp. 44-56). New York: McGraw-Hill.

Bank Systems. (1997). Move to chip technology still a ways off. Bank Systems & Technology, 34(6), 21.

Barr, W. J. (1997). Shifting boundaries. In C. A. Allen & W. J. Barr (Eds.), Smart Cards: Seizing Strategic Business Opportunities (pp. 57-78). New York,: McGraw-Hill.

Batterson, R. (2002). MasterCard International tests Magneprint. Washington University in St Louis: News & Information, from http://news-info.wustl.edu/tips/2002/business-law/indeck.html

Belsie, L. (1997). Coming soon: ATMs that Recognise your Eyes. pp. 1-2.

Bequai, A. (1980). America’s cashless society: the problem of crime in the electronic society. Journal of Media and Law Practice(1), 154-166.

Berghel, H. (2007). Credit Card Forensics. Communications of the ACM, 50(12).

Blank, A. (2007). Millions of Cardholders Can’t be Wrong. Arthur Blank & Co Online   Retrieved 28 November 2008, from http://www.arthurblank.com/article_details.asp?ID=4

Blythe, P. (1996). Global view of transport applications. Smart Card News, 1-7.

Blythe, P. T. (1991). The use of transponder technology in road traffic control. Paper presented at the Eighth International Conference on Automotive Electronics.

Blythe, P. T., & Holland, R. (1998). Integrated ticketing smart cards in transport. Paper presented at the IEE Colloquium: Using ITS in Public Transport and in Emergency Services

Bowne, A. (1984). Westpac leads the race to a cashless society. -Electronic funds transfer point of sale. Business Review Weekly, 17-23 March.

Brands, S. (1995). Electronic cash on the Internet. Paper presented at the IEEE Proceedings of the Symposium on Network and Distributed System Security.

Bright, R. (1988). Smart Cards: principles, practice, applications. New York: John Wiley & Sons.

Brooks, A. (1995). Cashless’ future in the cards with UK and Canadian pilots. Computing Canada, 21, 33, 36.

Brown, S. F. (1998, Feb 16). Robots don’t blink. Time Magazine, 50-52.

Browne, F. X., & Cronin, D. (1996). Payment technologies, financial innovation, and laissez-faire banking. Cato Journal, 15(1), 101-116.

Campbell, D. C. (Ed.). (1994). Data Transmission and Privacy. Canada: Martinus Nijhoff Publishers.

Card World (Ed.). (1990). ITALY- Slowed by cultural resistance. Surrey.

Central Banks. (1989). Payment Systems: in eleven develop countries. Bank Administration Institute United States.

Chan, F. (2001, 11 January). Octopus extends tentacles to taxis. South China Morning Post, p. 6.

Chau, P. Y. K., & Poon, S. (2003). Octopus: An E-Cash Payment System Success Story. Communications of the ACM, 46(9), 129-133.

Choi, M.-Y. (1995). Real-time moving automotive vehicle identification (AVIS). Proceedings of the Intelligent Vehicles Symposium, 241-246.

Clarke, R. (1987). Just Another Piece of Plastic for your Wallet: The 'Australia Card' Scheme Retrieved 4 December 2008, from http://www.anu.edu/people/Roger.Clarke/DV/OzCard.html

Clarke, R. (1991). The Tax File Number Scheme: A Case Study of Political Assurances and Function Creep.   Retrieved 4 December 2008, from http://www.anu.edu/people/Roger.Clarke/DV/PaperTFN.html

Cohen, J. (1994). Automatic Identification and Data Collection Systems. London: McGraw-Hill Book Company.

Collier, I., & Hill, J. (1987, 24 September). Privacy lawyer’s shock claim: I.D. card not dead. The Sun, p. 1.

Colton, K. W., & Kraemer, L. (1980). Computers and banking: electronic funds transfer systems and public policy. New York: Plenum Press.

Commonwealth Department of Health. (1987). Towards Fairness and Equity: the Australia Card program: Australian Government Publishing Service, Canberra.

Computergram. (1999). Late-running cashless society dependent on transport. Computergram International.

Conolly, C. (1995). Smart Cards: big brother’s little helpers. Sydney.

Cooper, L. (1999). A run on Sterling- personal finance on the move. Paper presented at the The Third International Symposium on Wearable Computers.

Cornford, P. (1995, 25 March 1995). $100m sting forecast as gangs plan Olympic credit fraud blitz. The Sydney Morning Herald.

Cowen, Z. (1972). The Private Man: the Boyer lectures 1969. Sydney: Australian Broadcasting Commission.

Cox, R. J. (1997). Hold onto your wallet! Information Technology & People, 11(4), 28-31.

Crosby, L. (1994). Electronic leash: the implantable bio-chip is already here. Is Big Brother just around the corner? Tuscon [AZ] Weekly, 11(14).

Cross, R. (1996). Smart cards for the intelligent shopper. Direct Marketing, 58(12), 30-34.

Cumming, F. (1986, August). ID card’s impact on fraud under fire. Daily Telegraph.

Cunningham, R. F. (1993). Smart card applications in integrates transit fare, parking fee and automated toll payment systems- the MAPS concept. Paper presented at the Telesystems Conference Commercial Applications and Dual-Use Technology 93CH3318-3.

Davies, S. (1992). Big Brother: Australia’s growing web of surveillance. Australia: Simon and Schuster.

Davies, S. (1996). Monitor: extinguishing privacy on the information superhighway. Sydney: PAN Macmillan.

Davies, S. G. (1993, 22 March 1997). Campaigns of opposition to ID card schemes. Privacy International, from http://www.privacy.org/pi/activities/idcard/campaigns.html

Davies, S. G. (1996). Identity cards: Frequently asked questions. Privacy International, from http://www.privacy.org/pi/activities/idcard/idcard_faq.html

Dawes, P. (1986, 21 November). ID Card: one number will reveal all. Sydney Morning Herald.

de Bruyne, P. (1990). New technologies in credit card authentication. Paper presented at the IEEE International Carnahan Conference on Security Technology.

Dean, W. (1984, 15 February). Cashless, paperless defenceless? The Sydney Morning Herald, p. 9.

Dennis, S. (1998). UK professor implants chip, turns himself into Cyborg. Newsbytes, from http://www.newsbytes.com/pubNews/110782.html

Devereux, M. (1984). 1984 IS HERE. The New Westralian Banker, 4(2), 5.

Dinning, M. (1997). Transportation. In C. A. Allen & W. J. Barr (Eds.), Smart Cards: Seizing Strategic Business Opportunities (pp. 177-198). New York: McGraw-Hill.

Donnelly, M. (1986, 22 June). Big brother- it is closer than you think. The Sunday Telegraph.

Eaton, J. W. (1986). Card-carrying Americans: privacy, security, and the national ID card debate. New Jersey: Rowman & Littlefield Publishers.

Economist. (1995). On a card and a prayer. Economist, 334(7900), 60.

Egner, F. E. (1991). The Electronic Future of Banking: succeeding in the new electronic age for tomorrow’s financial institutions. Illinois: Financial Sourcebooks.

Eltron. Plastic card printing technology. from http://www.eltron.com/Support/a-faq_card.htm

Essick, K. (1998). Biometrics, e-cash to gain ground in ‘98, Gartner says. InfoWorld Electric, 1-2.

Essinger, J. (1999). The Virtual Banking Revolution: the customer, the bank and the future. London: International Thomson Business Press.

European. (1993). Airport card proves the passport to freedom. The European, 3.

Evans, D. (1987, 12 August). Everything you wanted to know about the Australia Card… but were afraid to ask. The Daily Mirror.

FDIC. (2008). 6500 - FDIC Consumer Protection: PART 205—ELECTRONIC FUND TRANSFERS (REGULATION E). FDIC Law, Regulations, Related Acts   Retrieved 28 November 2008, from http://www.fdic.gov/regulations/laws/rules/6500-3100.html

Federal Bureau of Consumer Affairs. (1995). A Cashless Society? Electronic banking and the consumer. In Federal Bureau of Consumer Affairs (Ed.). Canberra: Australian Government Publishing Service.

Federal Department of Communications and Justice. (1974). Privacy and Computers. In F. D. o. C. a. Justice (Ed.): Information Canada  Ottawa.

Fernandez, B. (1997, 15 April). Bank keeps eye on iris technology. The Australian.

Ferrari, J., Mackinnon, R., Poh, S., & Yatawara, L. (1998). Smart Cards: a case study: Research Triangle Park.

Fewster, A. (1986, October). ID card: $20,000 penalty for non-compliance. Telegraph Mirror.

Financial. (1995). AT&T backs cashless society. Financial Technology International Bulletin, 12(6), 6.

Fisher, R. L. (1996). The future of money in the information age. New Payments Technology   Retrieved 4 April 1997, from http://www.cato.org/moneyconf/14mc-10.html

Freeze, C. (2000, 21 July). Keep your credit card in sight: detective. The Globe and Mail, p. A5.

Gerdeman, J. D. (1995). Radio Frequency Identification Application 2000: a guide to understanding and using radio frequency identification. North Carolina: Research Triangle Consultants.

Geva, B. (2006). Recent International Developments in the Law of Negotiable Instruments and Payment and Settlement Systems. Texas International Law Journal, 42, 685-726.

Glynn, A. J. (1987, 18 September). Poor, dumb and forced to join the herd. The Sun, p. 17.

Godin, S. (1995). Presenting Digital Cash. Indiana: sams.net publishing.

Gold, D. S. (1999, April 6). Global e-purse specification revealed. Newsbytes.

Gold, S. (1999, 13 April ). Diebold launches iris recognition ATM banking. Newsbytes.

Gora, B. (1992, 17 May). Fingerprint plan to beat ATM cheats. The Telegraph Mirror.

Graham, G. (1996, 20 August). You can bank on the Internet- for growth. The Australian, p. 4.

Greenfield, P. (1996). London prepares to get smart. Professional Engineering, 9(12), 20.

Greenleaf, G. (1988). Lessons from the Australia Card -- deux ex machina? The Computer Law and Security Report, 3(6), 6.

Halpin, J. (1999). Bio-Identity, Computer Shopper (Vol. 19, pp. 390).

Harmelink, M. D. (1993). Smart trucking in Ontario. Paper presented at the IEEE Vehicle Navigation & Information Systems Conference.

Harris, S. (1994, 22 May). Credit card fraud set to explode, say police. Sunday Telegraph.

Harrop, P. (1992). The electronic purse prepayment cards. IEE Review, 38(6), 227-231.

Helm, L. (1995). Cashless society gets closer with plans for electronic currency. Los Angeles Times, p. D4.

Hendrickson, R. (1972). The Cashless Society. New York: Dodd, Mead and Company.

Hendry, M. (2007). Multi-application Smart Cards: Technology and Applications. Cambridge: Cambridge University Press.

Hogarth, M. (1987, 30 August). Big Brother rules when your number’s up. Times on Sunday, p. 4.

Holland, N. (2004). Through the Looking Glass. Smart Card News   Retrieved 4 December 2008, from http://www.smartcard.co.uk/articles/through_the_looking_glass_nh.htm

Holmstrom, F. R. (1996). Tech brief: smart fare payment systems for public transit (No. DTS-38).

Hurry, K. (1987, 10 July). I am very angry. The Daily Telegraph.

Husemann, D. (1999). The smart card: don't leave home without it. IEEE Concurrency, 7(2), 24-27.

IATA. Airline industry smart card developments. IATA, from http://www.iata.org/smartcard/

IATA. (1998). Passenger Services Conference. from http://www.iata.org/smartcard/

IATA. (1999, 19 April). Airline industry ET developments. from http://www.iata.org/eticket/eticket.htm

ID-TECH. (27 November 2001). About Magnetic Stripe Technology: ID-TECH’s Guide to Magnetic Encoding on Cards. from http://www.idt-net.com/magnetic/index.cfm

IPC. (2001). International Plastic Cards. 2003, from http://www.ipccards.com/developments/developments_main.htm

Johnson, L. (1996, 16 June). Iris ATM only a blink away. The Sunday Telegraph.

Johnstone, B. (1998, 3 May). Really smart card. Forbes, 198.

Joint Select Committee. (1986). Report of the Joint Select Committee on an Australia Card: Australian Government Publishing Service Canberra.

Jones, B. (1987a, 6 September). Australia Card: secret plan to push ID on you. The Sun-Herald, p. 1.

Jones, B. (1987b, 6 September). Hawke sets date for ID card laws. The Sun-Herald, p. 2.

Jones, D. (1998). Electronic Commerce in Government. Card Technology Today, 10(2), 13-16.

Jones, D. (2000). Mondex cards serve up beenz.com loyalty points. Ctt, 11(6), 4-5.

Kaplan, J. M. (1996). Smart Cards: the global information passport- managing a successful smart card program. London: International Thomson Computer Press.

Keir, M. (1986). On the way to a cashless society. Technological Change: impact of information technology, 79-88.

Keir, M. (1987). Issues for a Cashless Society. Retrieved. from.

Kirkmann, P. (1987). Electronic Funds Transfer. USA: Library Cataloguing in Publication Data.

Komanecky, M. R., & Claus, D. M. (1991, 20-23 October). IVHS applications of smart cards. Paper presented at the Vehicle Navigation and Information Systems Conference.

Korala, A., & Basham, P. (1999). The Self-Service Revolution: Harnessing the Power of Kiosks and ATMS. In J. Keyes (Ed.), Banking Technology Handbook (pp. 6-1- 6-7). London: CRC Press.

Kosmos. (1987, 17 September (in Greek)). Identity card: number or Big Brother? O Kosmos, pp. 20-21.

Kristoffy, A. (1999). IEE driver information systems. Paper presented at the Telematics Conference.

Kwok, A. (2001, 11 January). Octopus card users face having to pay taxi tip. Hong Kong iMail, p. A4.

LaMoreaux, R. D. (1998). Barcodes and Other Automatic Identification Systems. New York: Pira International.

Lasky, H. (1984). The cashless society: reality or myth? -Argument for the continued use of cash. Law Institute Journal, 58(10), 1206-1207.

Lockie, M. (2001). New AfB sets its sights on international status, Biometric Technology Today (July/August ed., Vol. 9, pp. 1,12).

London Transport. (2008). Transport for London: Oyster Online.   Retrieved 28 November 2008, from https://oyster.tfl.gov.uk/oyster/entry.do

Louderback, P. D. (1980). Status of EFT: an assessment of services and a review of EFT in the fifty states. In K. W. Colton & L. Kraemer (Eds.), Computers and banking: electronic funds transfer systems and public policy (pp. 39-52). New York: Plenum Press.

LTA. (2008). Electronic Road Pricing: How it works? Land Transport Authority   Retrieved 28 November 2008, from http://www.lta.gov.sg/motoring_matters/index_motoring_erp.htm

Madgwick, D., & Smythe, T. (1974). The Invasion of Privacy. Oxford: Pitman Publishing.

Magbar. (2000). ID Tech. from http://www.idt-net.com/products/mag_stripe/magbar.cfm

Magneprint. (1999). MISC. 2003, from http://www.magneprint.earth.wustl.edu/maneprint/

Manchester, D. (1997). Smart cards: key to cashless economy? Futurist, 31(1), 29-32.

Marsh, M. (1998). Is it possible to scan a supermarket trolley using RFID? Transponder News, pp. 1-5.

Marsh, M. (1998). Tagmaster AB - Electronic access system makes parking operations simpler and more profitable. Transponder News, 1-2.

Martin, B. (1997). Challenging Bureaucratic Elites. Wollongong: Schweik Action.

Martin, S. E. (1995). Bits, Bytes and Big Brother: federal information control in technological age. Westport: Praeger.

Mee, C. D., & Daniel, E. D. (1996). Magnetic Recording Technology. New York: McGraw-Hill Professional.

Mei, L. Y. (2001). Mastercard, the ruler of Mondex. Cards Now Asia(July/August), 10.

Mercury Security Corp. ANSI specification for encoding ABA track 2 data. from http://www.mercury-security.com/ansi.htm

Middleton, G. (1998). Researchers encode faces on mag-stripe cards. TechWeb   Retrieved 4 December 2002, from http://www.techweb.com/wire/story/TWB19980907S0009

MIS. (1993). Big Brotherdom has benefits. MIS( December/January), 80.

Mitchell, R. (1996a). Beyond the basics of ATMs. Credit Card Management, 9(4), 57-62.

Mitchell, R. (1996b). The evangelist of the smart card world. Credit Card Management, 9(5), 52.

Moore, P. (1996, 17 September). Banks launch a money highway. The Australian, p. 41.

Moreira, P. (1997, 18 February). Mondex speeds up its cash card launch. The Australian, p. 45.

Muhammad, T. K. (1996). Toward a cashless society. Black Enterprise, 26(11), 58.

Mullen, D., & Sheppard, J. (1998). Magnetic stripe cards: giving ‘credit’ to everyone. Automatic I.D. News, 1-3.

Murphy, P. A. (1996). Does plastic still have a great future? Credit Card Management, 9(3), 80-90.

Newton, J. (1995). Reducing ‘plastic’ counterfeiting. European Convention on Security and Detection, 408, 198-201.

Nickel, L. (1999). Why use magnetic-stripe cards? Mercury Security Corp: OEA Hardware for Access Control, 1-2.

NSW Combined Community Legal Centres Group. (1988). A National Identification System for Australia. Kensington: Communications Law Centre.

O’Sullivan, O. (1997). From France, a glimpse of things to come. ABA Banking Journal, 89(3), 57-62.

OECD. (1989). Electronic Funds Transfer: plastic cards and the consumer. Paris: OECD.

Okine, N. O., & Shen, L. D. (1995). Security issues of emerging smart cards fare collection application in mass transit. Paper presented at the IEEE Conference on Vehicle Navigation and Information Systems.

Parliament of the Commonwealth of Australia. (1988). Feasibility of a National ID Scheme: the Tax File Number: Australian Government Publishing Service, Canberra.

PBS. (1998). Danmoent. from http://www.pbs.dk/pbs_uk/www.danmoent.dk/

Perkins, K. (1987, 18 September). ID Card- What you say. The Sun, p. 16.

Plastag. (1998). Products. from http://www.plastag.com/products.html

Polding, L. (1996). Credit card fraud- the good news. Credit Control, 17(5), 23-25.

Pope, N. G. (1990). The cashless services system. British Telecommunications Engineering, 9(July), 112-117.

Privacy Commissioner. (1997). Information papers no. 3: community attitudes to privacy.

Privacy Committee of NSW. (1995). Smart Cards: Big Brother’s Little Helpers. 66(August).

Proton. (1999). Proton Word. from http://www.protonworld.com

Radu, C. (2002). Implementing Electronic Card Payment Systems. New York: Artech House.

Ramo, J. C. (1998, 27 April). The big bank theory and what it says about the future of money. Time, 46-55.

Ransom, A. (1986, 5 December). The ID card is a fraud on the people. The Sydney Morning Herald.

Read, R. J. (1989). EFTPOS: electronic funds transfer at point of sale. Electronics and Communication Engineering Journal, 1(6), 263-270.

Reistad, D. L. (1979). Everything with electronic chips: but how close are we to the cashless society? Asia Finance, 5.

Revell, J. R. S. (1983). Banking and Electronic Fund Transfers. Paris: OECD.

Ross, D. (2003). Back on the cards [ID cards]. IEE Review, 49(11), 22-23.

Rothfeder, J. (1995). Invasion of privacy. PC World, 13(11), 152-162.

Scott, M. D. (1994). United States. In R. Campbell (Ed.), Data transmission and privacy (pp. 491-507). Canada: Martinus Nijhoff Publishers.

Smith, E. (1989). The Australia Card: the story of its defeat. Australia: Macmillan.

Smith, M. T. (1998). Smart cards: integrating for portable complexity. Computer, 31(8), 110-112, 115

Smith, R. (2002, 17 November). Gang to increase robberies on ATMs. The Sunday Telegraph, p. 3.

Smith, S. (1995). Welfare’s big brother. Computer Weekly, 40-41.

Stewart, C. (1999). IEE driver information systems. Paper presented at the Telematics Conference.

Stix, G. (1994). Dr. Big Brother. Scientific American(February).

Stroud, J. (1998). Magnetic print foils counterfeiters technology may put halt to credit card theft (pp. 1-2): 1998 Post-Dispatch Archives.

Sun, M. (2002, 18 December). E-tags on slow road to change. The Daily Telegraph.

Svigals, J. (1987). Smart Cards: the new bank cards. New York: Macmillan Publishing Company.

SWIFT. (2008). Company Information. SWIFT   Retrieved 28 November 2008, from http://www.swift.com/index.cfm?item_id=68432

Thompson, A. A. (1997). Big brother in Britain Today. New York: Joseph.

Todd, K. (1990, 15-16 October). The introduction and performance of the “Faresaver” smart card electronic bus ticketing system. Paper presented at the Proceedings of the AIC Conference Smart Card technology: applications for the 1990’s, Sydney.

Tren, R. (1995). Trends in the Cards Industry. Andersen Consulting, 1-99.

Tucker, G. (1992). Information Privacy Law in Australia. Melbourne: Longman Cheshire.

Tyler, G. (1995). The cashless revolution. Management Services, 39(6), 26-27.

van Grinsven, L. (1996, 8 October). It’s on the cards: Dutch will be first to get smart. The Australian, p. 32.

Vartanian, T. P. (1997). A cashless world. Credit Union Management, 20(2), 14-15.

Vincent, N. (1995, 26 August). Big brother is selling you. The Daily Telegraph.

VISA International. (1995). Australia First in Line for Cashless Society. Sydney: Visa International Press Release.

Wacks, R. (1993). Privacy (Vol. vol. 1 & 2). Sydney: Dartmouth.

Wahab, A., Tan, E. C., & Heng, S. M. (1999). Biometrics electronic purse. IEEE TENCON: Proceedings from the Region 10 Conference, 2, 958-961.

Walker, F. (1987, 6 September). The Australia card debate: a day in your life with an ID card. The Sun-Herald, pp. 10-11.

Wallis, K. ( 2001, 9 January). Tram fleet to adopt Octopus smart card. Hong Kong iMail, p. B5.

Walsh, K.-A. (1987, 24 September). I.D. card out. The Daily Telegraph, p. 1.

Washington University in St. Louis. The magnetics and information science center – MISC.   Retrieved 4 December 2002, from http://www.misc.ee.wustl.edu/misc_intro.html

Watson, F. (2001). Overcoming global terror. Biometric Technology Today, 9(6), 1.

Watson, R. (2002, 8 December 2002). Detectives seize ATM theft device. The Sunday Telegraph, p. 2.

Watts, D. (1997, 13 May). Inadequate privacy laws open door to data abuse. The Australian, p. 42.

Weinstein, S. B. (1984). Smart credit cards: the answer to cashless shopping. EEE Spectrum, 21(2), 43-49.

Wenter, P. (1994). Automatic fee collection on German autobahns- the ChipTicket system. Paper presented at the IEE, Seventh International Conference on ‘Road Traffic Monitoring and Control’.

Wesley, R., & Wilke, C. (1997). Travel and Entertainment. In C. A. Allen & W. J. Barr (Eds.), Smart Cards: Seizing Strategic Business Opportunities (pp. 199-208). New York: McGraw-Hill.

Will, I. (1983). The Big Brother Society. London: Harrap Limited.

Woods, W. (1995). Cashless society becomes reality. Fortune, 131, 24.

Wright, D., & Burton, R. (1999). Leicester environmental road tolling scheme (LERTS). EEE Seminar, Electronic Tolling and Congestion Charging, 4/1-4/3.

Yan, G., Paradi, J. C., & Bhargava, S. (1997). Banking on the Internet and its applications. Paper presented at the IEEE Proceedings of the Thirtieth Hawaii International Conference on System Sciences.

Young, J. B. (1978). Privacy. Toronto: John Wiley and Sons.

Zimmerman, T. (2001, August 25-29). Travel card: airport self-check in using a wireless PDA. Paper presented at the IEEE Intelligent Transportation Systems Conference Proceedings.

Zlatinov, I. (2001). The next generation of transit cards. Cards Now Asia(July/August), 35-36.

Zoreda, J. L., & Oton, J. M. (1994). Smart Cards. Boston: Artech House.

[i] Jones (1987a) writes on the secret Australian government plan to push ID on citizens; Walker (1987) a feature article on the Australia Card debate; Evans (1987) highlights just how invasive the Card would become interlinking all facets of life; Collier & Hill (1987) present the power of the government to introduce the ID card; Walsh (1987) on the demise of the card; Perkins (1987); Fewster (1986) on the potential ID card non-compliance penalties; Cumming (1986) on the declining support for Australia’s proposed national ID card; Glynn (1987); Dawes’ (1986) letter to the editor discussing how one number would reveal all; Ransom’s (1986) letter to the editor alleging that the ID card is a fraud on the people; and Hurry’s (1987) advertisement about the hidden clauses of the proposed Australia Card, in the interest of the community. Apart from all the media press, the government also published a number of reports on the topic of an Australia Card, for instance, Commonwealth Department of Health (1987) and Joint Select Committee (1986). A relevant research paper by Graham (1990) is on bureaucratic politics and the Australia Card as well as a NSW Combined Community Legal Centres Group (1988) submission to the Senate on a national identification system for Australia. For a short summary of the bureaucratic issues with the Australia Card see Martin et al. (1997, pp. 27-30). For an American perspective on the national ID card debate see Eaton (1986). While an Australian citizen card did not make an appearance, a tax file number (TFN) eventually did in its place (Clarke 1991). See Hogarth (1997, p. 4); Parliament of the Commonwealth of Australia (1988) on the feasibility of a national ID scheme (i.e. the TFN); Davies (1992, ch. 3) on the government versus the people; and Clarke (1993) on why people are scared of the public sector. The media added fuel to the debate by reporting on cases that were related to social security fraud and stolen identities which caused some consumer groups to lobby against the idea of a card altogether. Yet what most consumer groups did not realize is that they were really arguing against an identity number and not the card itself. While an Australian citizen card did not make an appearance, a tax file number (TFN) eventually did in its place.

[ii] For a variety of definitions on the term ‘cashless society’, see Hendrickson (1972), Reistad (1979), Bequai (1980), Australian (1981), Bowne (1984), Dean (1984), Lasky (1984), Weinstein (1984), ASTEC (1986), Keir (1986, 1987), Pope (1990), Brooks (1995), Helm (1995), Federal Bureau of Consumer Affairs (1995), Financial (1995), MasterCard International (1995), Tyler (1995), VISA International (1995), Woods (1995), Allard (1995; 1997), Muhammad (1996), Manchester (1997), Vartanian (1997), Computergram (1999).

[iii] See Economist (1995) for the notion of “ticketless” air travel using smart card media. It should be noted that articles written before the recent spate of terrorist attacks are a little naïve in terms of how air travel can be made more convenient without the traveler having to go through so many individual checkpoints to board a plane. Compare Economist (1995) with Watson (2001b) who writes: “September’s attacks added a new dimension to airline security.”




Innovative Auto-ID and LBS - Chapter Five Barcode: The Pioneer Auto-ID Technology

Chapter V - Barcode: The Pioneer Auto-ID Technology

 

BARCODE TECHNOLOGY

Historical Overview

Of all the auto-ID technologies in the global market today, barcode is the most widely used. In 1994, Cohen (p. 55) wrote “...barcode technology is clearly at the forefront of automatic identification systems and is likely to stay there for a long time.” It is estimated by GS1, that there are over 5 billion barcode reads each day. Despite complementary and supplementary technologies entering the barcode space, Cohen’s statement still holds true. Palmer (p. 9) agreed in 1995, that “barcode ha[d] become the dominant automatic identification technology”. Ames (1990, p. G-1) defines the barcode as: “an automatic identification technology that encodes information into an array of adjacent varying width parallel rectangular bars and spaces.”

The technology’s popularity can be attributed to its application in retail, specifically in the identification and tracking of consumer goods. Before the barcode, only manual identification techniques existed. Handwritten labels or carbon-copied paper were attached or stuck to ‘things’ needing identification. In 1932 the first study on the automation of supermarket checkout counters was conducted by Wallace Flint. Subsequently in 1934 a patent was filed presenting barcode-type concepts (Palmer, 1995, p. 11) by Kermode and his colleagues. The patent described the use of four parallel lines as a means to identify different objects.

In 1959 a group of railroad research and development (R&D) managers (including GTE Applied Research Lab representatives) met in Boston to solve some of the rail industry’s freight problems. By 1962 Sylvania (along with GTE) had designed a system which was implemented in 1967 using color barcode technology (Collins & Whipple, 1994, p. 8). In 1968, concentrated efforts began to develop a standard for supermarket point-of-sale which culminated in the RCA developing a bull’s eye symbol to be operated in the Kroger store in Cincinnati in 1972 (Palmer, 1995, p. 12). Until then, barcodes in retail were only used for order picking at distribution centers (Collins & Whipple, 1994, p. 10). But it was not the bull’s eye barcode that would dominate but the Universal Product Code (UPC) standard. The first UPC barcode to cross the scanner was on a packet of Wrigley’s chewing gum at Marsh’s supermarket in Ohio in June 1974 (Brown, 1997, p. 5). Within two years the vast majority of retail items in the United States carried a UPC.

 

Barcode System

Barcode technology increased in popularity throughout the 1980s as computing power and memory became more affordable, and consumer acceptance increased. This enabled programs and peripheral devices (complementary innovations) to be built to support barcodes for the identification and capture of data. A barcode can only work within a systems environment. Barcode labels in themselves are useless without peripheral equipment. The components required in a barcode system include: a barcode label (encoded with a symbology), a scanner, a decoder, a computer with a database, and a printer. Additional components include software, monitors, and networks which are used to complement most systems (Jesse & Rosenbaum, 2000). Simply put, a scanner reads the label using a given symbology, a decoder then converts this signal into a digital form so that a computer can perform its functions.

 

The Importance of Symbologies

When examining the technical features of the barcode it is important to understand symbologies, also known as configurations. There are many different types of symbologies that can be used to implement barcodes, each with its distinct characteristics. New symbologies are still being introduced today. Cohen (1994, p. 55) explains a symbology is a language with its own rules and syntax that can be translated into ASCII code.

Common to all symbologies is that the barcode is made up of a series of dark and light contiguous bars (Collins & Whipple, 1994, pp. 20-24). Each barcode differs based on the width of the bars. Of particular importance is the width of the narrowest bar which is called the ‘X dimension’ (usually measured in millimeters) and the number of bar widths. Essentially, this defines the character width- the amount of bars needed to encode data. When the barcode is read by a device called a scanner, light is illuminated onto the bars. This pattern of black and white spaces is then reflected (like an OFF/ON series) and decoded using an algorithm. This special pattern equates to an identification number but can be implemented using any specification. For instance, the major linear barcode symbologies include: Interleaved 2 of 5, Code 39 (also known as code 3-of-9), EAN 13, U.P.C. 8 and Code 128. Major two-dimensional symbologies, known also as area symbologies, include Data Matrix, MaxiCode, and PDF417.

Interleaved 2 of 5 is based on a numeric character set only. Two characters are paired together using bars. The structure of the barcode is made up of a start quiet zone, start pattern, data, stop pattern and trail quiet zone. According to Palmer (1995, p. 29) it is mainly used in the distribution industry. Code 39 is based on a full alphabet, full numeric and special character set. It consists of a series of symbol characters represented by five bars and four spaces. Each character is separated by an intercharacter gap. This symbology was widely used in non-retail applications. The barcode is made up of light and dark bars representing 1s and 0s. The structure of the barcodes includes three guard bars (start, centre and stop), and left and right data. The barcodes can be read in an omni-directional fashion as well as bi-directional. Allotted article numbers are only unique identification numbers in a standard format and do not classify goods by product type. Like the Interleaved 2 of 5 symbology, EAN identification is exclusively numerical. The structure of the EAN and U.P.C. includes (i) the prefix number that is an organization number that has been preset by EAN, and (ii) the item identification that is a number that is given to the product by the country-specific numbering organization. The U.P.C. relevant only to the U.S. and Canada does not use the prefix codes as EAN does but denotes the prefix by 0, 6, or 7.

  According to Palmer (1995, p. 37), Code 128 was increasingly adopted throughout the 1990s because it was a highly-dense alphanumeric symbology that allowed for variable length and multiple element widths. With the introduction of the Data Matrix symbology even more information could be packed onto a square block. Since the symbology is scalable it is possible to fit hundreds of thousands of characters on a block. Data Matrix used to be a proprietary technology until it became public in 1994. As opposed to the light and dark bars of the EAN symbology, MaxiCode is a matrix code which is made up of a series of square dots, an array of 866 interlocking hexagons. On each 3cm by 3cm square block, about 100 ASCII characters can be held. It was developed by the United Parcel Service for automatic identification of packages. Like the MaxiCode symbology, PDF417 is stacked. The symbology consists of 17 modules each containing 4 bars and spaces. The structure allows for between 1000 and 2000 characters per symbol. Collins and Whipple (1994, p. 41) suggest a maximum of 50 characters when using linear symbologies.

The 2D barcode configuration has increased the physical data limitations of the linear configurations. Users are now able to store larger quantities of information on barcodes with many company-defined fields. Contrarily, linear barcodes should never extend to more than 20 characters as they become difficult to read by scanners. Other linear and 2D barcode symbologies include: Plessey Code, Matrix 2 of 5, Nixdorf Code, Delta Distance A, Codabar, Codablock, Code 1, Code 16K, Code 11, Code 39, Code 49, Code 93, Code 128, DataGlyphs, Datastrip Code, InterCode, MSI Code, Snowflake Code USD-5, UnisCode, Vericode, ArrayTag, Dotcode.

 

Choosing a Symbology

Each symbology has benefits and limitations. It is important for the adopter of barcode technology to know which symbologies are suitable to their particular industry. Standards associations and manufacturers can also help with a best-fit recommendation (Grieco et al., 1989, pp. 43-45). Considerations may include: what character sets are required by the company, what the required level of accuracy of the symbology should be, whether the symbology allows for the creation and printing of a label (in terms of density), and whether the symbology has specifications that make it intolerant to particular circumstances.

Sometimes there may also be pressure by industry groups for users to conform to certain symbologies. As Cohen (1994, p. 99f) points out, there are some bodies that have created industrial barcode standards such as: ODETTE (Organization for Data Exchange by Tele Transmission in Europe) that adopted Code 39; IATA (International Air Transport Authority) that adopted Interleaved 2 of 5; HIBCC (Health Industry Business Communication Council) that adopted Code 39 as well as Code 128; and LOGMARS (Logistic Applications of Automated Marking and Reading Symbols) that has also adopted Code 39. It should be noted that even if a symbology is created for a particular industry group, it does not mean it is highly sophisticated. For example, Codabar developed in 1972 is used today in libraries, blood banks and certain parcel express applications although it is not considered a sophisticated symbology, despite that it has served some industry groups well for decades (Collins and Whipple, 1994, p. 28).

 

About Scanners

The barcode scanner, also known as a reader, takes that which has been encoded in a symbology and converts it to a digital format to be read by software on a computer or software resident on the scanner itself. The reader uses an electro-optical system as a type of transducer so that it can analyze the optical symbol using the reader’s processing electronics (Palmer, 1995, p. 79). The electro-optical system both illumines the symbol and determines how much light has been reflected once a symbol is read. The analog voltage coming out from the electro-optical system is then converted to digital format by the analog-to-digital (A/D) converter and outputted to a processor. According to LaMoreaux (1998, p. 144) eight basic functions are performed by the scanner: “(1) shine light on the barcode; (2) collect the reflected light, convert it into plus and minus electricity; (3) process the signal; (4) analyze the relative width of the light and dark areas; (5) compare the signal from the barcode symbol to the symbology standards in memory; (6) if it corresponds to a known symbology, continue; (7) decode the barcode; (8) transmit the information as usable for the rest of the system.”

There are different ways you can categorize scanner types. One way is by separating the types based on readers that require human intervention and those that do not. Attended barcode scanners include input devices like lightpens, wand scanners or hand-held laser guns. These scanners can be further categorized into those that require the scanner’s physical contact with the barcode label, and those that do not (i.e. non-contact). Some practice is required by attendees using handheld, fixed beam contact devices. These scanners, also known as charge-coupled devices (CCD), are pixel readers with very little depth of field capability. Common errors in reading a barcode include the operator scanning the barcode label too slowly, or the operator stopping or starting the scan outside the quiet zones. Handheld fixed beam noncontact devices require the attendee to manually provide the scanning motion and are typically used for soft or irregular surfaces. Handheld, moving beam scanners, also known as laser scanners are usually found at supermarket stores and are more expensive than wands. They can scan at more than a thousand times per second, and require little operator training. They are preferred because they are non-contact, they have a greater range of distance and depth of field, and are rugged able to be used in harsh environments (figure 1).

Conveyor barcode scanners, which do not require human intervention at the point of scanning can be divided into orientation-dependent laser scanners and omnidirectional laser scanners. These scanners are used in automated material handling systems and dominate manufacturing floors in an attempt to speed the flow of goods, decrease the amount of inventory stored and increase industrial productivity. High speed conveyors are used in concert with diverters, packaging lines and transfer machines (Palmer, 1995, p. 117). Orientation-dependent scanners require the symbol orientation to be precisely fixed in a given application whereas omni-directional scanners do not. Omni-directional scanners are growing in sophistication, and while they are more expensive, are advantageous especially for parcels which come in different shapes and sizes, from different countries, and have to be sorted quickly. There are also vision-based scanners which can belong to either category above. The vision-based scanners are currently being used to read 2D symbologies to overcome some of the problems associated with using omnidirectional laser scanning technology. Advances in digital signal processing (DSP) chips, high resolution imagers, and pattern recognition software have made it possible to read 2D stacked symbologies and 2D matrix symbologies with even the smallest of aspect ratios.

 

Printer Types and Labels

Choosing printer technology is similar in a way to choosing a symbology, it is heavily dependent on the application context. Barcode printers broadly fall into two classifications: off-site and on-site printing. Basically, labels are printed on the site they will be used, or they are printed off-site where production is done separate to a location where they will be applied. Off-site printing is usually for large volumes of barcode labels either with the same symbols or sequenced. With on-site printing, the data encoded in each symbol is different and is usually entered manually for small counts of items, or electronically by an attached computer, if the batch is larger. On-site printing techniques are especially good for applications where the user cannot predict in advance their label printing requirements.                                                                                                                                   

LaMoreaux (1995, p. 170) identifies no less than 11 different types of printing systems including: electrostatic for the printing of high-speed large labels, impact for high-quality printing which is dedicated to one code, dot matrix which is ideal for multi-part forms and infinite variable formats, thermal printers which are quiet and inexpensive, thermal transferwhich has a high-quality print and is permanent, ink jet which is fast and silent but which suffers from low corrugated quality, ink jet (hot melt) which has excellent quality and high density, laser etch on things which will print on most surfaces but is expensive, laser toner on labels which is fast and has superior quality, letterpresses/flexo which are cheap but labor intensive, and hotstamp which allows for multi-color prints. In 2007, linear imaging was surpassing laser scanning as the preferred scan engine for its performance and durability.

The group of off-site printers which consist of the letterpress, offset lithography, flexography, rotogravure, and the inking wheel are all known as wet ink techniques. The more money that is spent for the purchase of an on-site printer, the better the quality of the barcode label, and the greater its readability and lifetime. Since the mid-90s, the range of printers for bar coding has increased as the size of the printers has decreased. There are now a number of powerful barcode labeling programs granting businesses the functionality to create customized labels (figure 2). For example, BarTender is considered the leading Windows barcode labeling program which is developed by Seagull Scientific. The quality of the label is dependent upon the quality of materials used, among which are paper, vinyl, mylar, and acetate. The quality of the printer cartridges, ribbons, toners is also important, as is how the labels are stuck onto items by hand or using applicators.

 

Communications

Local area networks (LANs) are a key part of any automatic identification system, whether they are wireline or wireless. Increasingly, data communications are not being done using the traditional model linking the labeling and reading equipment with the data processing resource using cable. Instead radio frequency data capture (RFDC) is being used taking advantage of the electromagnetic spectrum. The RF-based data collection network has many advantages over the wireline network, the greatest of which are the use of portable terminals. However, small-to-medium sized companies who prefer the wireless environment must invest in a network which employs a base station unit which controls remote units and large sized companies might use multiple base stations which is driven by a single network controller to ensure complete coverage.

 

Incremental Innovations

Of the significant incremental innovations to barcode technology has been bar coding small sized objects and the reading of different symbologies using a single hardware device. In 1996 the Uniform Code Council (UCC) and EAN (European Article Number) International recognized the need for a symbology that could be applied to small-sized products such as microchips and health care products. The UCC and EAN Symbol Technical Advisory Committee (STAC) identified a solution that was able to incorporate the benefits of both linear (1D) and 2D barcodes. The symbol class is called Composite Symbology (CS), and the family of barcodes is called GS1 DataBar (formerly known as Reduced Space Symbology (RSS)). GS1 DataBar provides “product identification for hard-to-mark items like fresh foods and can carry information such as supplier identification, lot numbers, and expiration dates. This new technology also creates the opportunity for solutions supporting product authentication and traceability, product quality and effectiveness, variable measure product identification, and couponing” GS1, 2008). It has been heralded as the new generation of barcodes because it allows for the co-existence of symbologies already in use (Moore & Albright, 1998, pp. 24-25). The biggest technical breakthrough (conceived prior to the 1990s) was autodiscrimination. This is the ability for a barcode system to read more than one symbology by automatically detecting which symbology has been used and converting the data to a relevant locally-used symbology using look-up tables. This not only allows the use of several different types of symbologies by different companies but has enormous implications for users trading their goods across geographic markets.

 

Barcode Limitations

A technical drawback of the barcode itself is that it cannot be updated. Once a barcode is printed, it is the identifier for life. In many applications this is not presented as a problem, however it does make updating the database where data is stored a maintenance nightmare. Unlike other auto-ID technologies that can be reprogrammed, a barcode database once set up is difficult to change; it is easier in some instances to re-label products. It should also be noted that a label’s print quality can decline with age, depending on the quality of the material used for the label, the number of times the label has been scanned, environmental conditions and packaging material. “[I]t is possible (especially with marginal quality barcodes) for the barcode read today… not to be read by the same reader tomorrow” (Cohen, 1994, p. 93). Verification, also known as quality assurance, is required during the production process to ensure that barcodes are made without defects. Problems that can be encountered include: undersized quiet zones, underburn/ overburn, voids, ribbon wrinkling, short or long barcodes, transparent or translucent backgrounds, missing information which is human-readable, symbol size or font is incorrect, spread or overlays, location on packaging, and roughness and spots. Another limitation of the technology is that it is insecure. Anyone with the right scanner can read a barcode and decode it effortlessly.

 

THE BARCODE INNOVATION SYSTEM

Committees, Subcommittees and Councils

As LaMoreaux (1998, p. 51) points out, “[n]o invention comes in a flash. Each is built on many minds sharing ideas and working towards the same goals.” At first, the auto-ID industry had very few innovators, most of who were involved in barcode development. It was around 1970 that product coding started to be noticed by retail and manufacturing companies, especially in the U.S. Until that time, individual innovators in small firms were attempting to offer solutions to companies in isolation. These solutions were dissimilar because they were based on proprietary solutions. At the time the retail industry especially feared that barcode might cause more problems than it would solve through incompatible check-out systems and the implementation of a number of different product coding schemes (Brown, 1997, p. 39).

Firms had valuable ideas regarding the direction of barcode but were not able to share these with each other as there was no common body linking everyone together. This eventually led to the urgent formation of the Ad Hoc Committee in 1970. The committee was made up of ten chief executive officers. Five would come from grocery manufacturers and another five from distributor associations. Trade associations collectively posed five questions to this committee. These included (Brown, 1997, pp. 42f): “(1) is a standard industry product code worthwhile even if it not feasible to devise a standard symbol? (2) If so, what should that code be? (3) How can widespread acceptance of the industry standard be obtained? (4) How shall the code be managed? (5) Should there be a standard symbol representing the code, and if so what should it be?” As can be seen, these questions were all concerned with the barcode technology itself, not about such things as end-user acceptance. This is characteristic of a technology in its early adoption phase. The technology must work properly and must make sense economically before it can enjoy widespread adoption. In this manner, progress is connected to technology itself, “vorsprung durch Technik” [[p]rogress through technology].

In 1971 the Symbol Selection Subcommittee was formed, aided by the Ad Hoc Committee. The Committee was made up of young, intense and brilliant individuals who were committed to the cause. Meetings were “electric as idea fed upon idea” (Brown, 1997, p. 58). Many skilful people committed large amounts of time to the committee while holding full-time positions during the day. The Symbol Committee enthusiastically sought help from anyone that was willing and so attracted a wider group of players who brought with them a great number of diverse issues, many of which were not technical in nature. The focus was now on how to get barcode successfully to market. Key tasks included to: “(1) Develop alternate agreements to license and/or put selected symbol in public domain; (2) Visit key equipment companies; (3) Initiate and coordinate special studies; (4) Contact other affected groups, e.g., printer… manufacturers; (5) Develop test parameters and formats; (6) Develop environment guidelines; (7) Interview and decide on special consultants; (8) Develop press releases” (Brown, 1997, pp. 61f).

This was an important point in the history of barcode because the Committee encouraged firm-to-firm and firm-to-agency interaction. For the first time, industry stakeholders could voice their concerns about the proposed standard. Representatives from companies could also share their visions about the technology and potential applications. This kind of information exchange was fruitful in that it encouraged participatory behavior by stakeholders, giving the Committee the ability to address critical issues in a timely manner. For instance, food wholesaler Jewel, voiced their concerns through formal letters to the Committee. In one such letter to the Symbol Committee the company president listed seven main concerns about the work, including, whether the standard defined in 1971 would soon become obsolete, that the ten-digit code would not stand the test of time and that the lack of compatibility with other codes would be a major problem. Jewel believed that technological innovation was inevitably a continual process and that it was up to the Ad Hoc Committee to make decisions on key issues (Brown, 1997, p. 84).

Determined to complete its mission the Symbol Committee finished its two-year investigation in 1973 announcing a suitable standard- the UPC (Universal Product Code) was officially born. A spin-off of the Symbol Committee was the formation of the Symbol Technical Advisory Committee (STAC) and later the Universal Product Code Council (UPCC). Seeing the invaluable work done by the UPCC, other standards-setting organizations were also subsequently formed such as EAN (Electronic Article Numbering) and AIM (Automatic Identification Manufacturers). It is through these well-known organizations, councils and committees that international standards are set via ISO (International Standards Organization) today. While barcode enjoyed steady growth after the mid 1970s, it was only when mass merchants like KMart and Wal-Mart committed to U.P.C. scanning that adoption boomed. This is when barcode started to become noticeable to the general public.

 

Public Policy: Labor Unions and the Consumer Response

The primary aim of the barcode was to improve the efficiency and productivity of the checkout process- it was oriented towards savings for business. Increased consumer convenience was a by-product but not something that preoccupied the attention of the Ad Hoc or Symbol Committees in the U.S. Very early on in the development of barcode, labor unions and consumer activist groups joined forces to oppose the new technology. In 1998 Lamoreaux (pp. 17-19) wrote that the “…fears of barcodes, today, are more psychological and economic. People are afraid they will be cheated… or that they will be used for spying. Trade unions still fight barcoding if they perceive that it will negatively affect members’ jobs”.

First and foremost, any level of automation at the check out counter equated to job losses. Labor unions were quick to highlight the inevitabilities and journalists were quick to report on them. Second, consumers were very skeptical about the removal of price tags on supermarket store items. Historically, consumers were used to purchasing goods with a price tag on the item itself. At the check-out counter, a sales assistant would then key in the price of the item and the consumer would pay the amount. The introduction of barcodes changed the way people shopped. Many shoppers had never seen electronic devices at that time, so the scanner at the check-out was treated apprehensively. The light emitting from the scanner, and the beeps heard when an item was entered contributed to some of the customer feeling. A lot of doubt initially crept in regarding the accuracy of the new technology. Brown (1997, p. 128) described the deep mistrust consumers held of business: “[f]rom their perspective, of course industry wanted to remove prices from items: using computer technology would enable prices to be manipulated without fear of detection”. It was difficult for many consumers to understand how a bar with black and white lines imprinted on products could equate to a cost for the good they were purchasing or a decrease in queuing time. While the barcode did act to increase productivity levels, some consumers could argue that they are still queuing up at large supermarkets for the same amount of time, as less staff is hired offset by the productivity gains (figure 3). Also, the need for a single item to be scanned, like a packet of chewing gum, is debatable. It would be faster to pay for the item and leave.

Political games eventuated from the polemical situation between consumer activists and the Committee. Members of the Public Policy Committee (for barcode) even ended up at state legislatures and finally succumbed to the demands of consumers by putting forward several proposals for itemized pricing as well as the establishment of by-laws. Accuracy issues related to barcode in the United States were finally put to rest in 1996 when the Federal Trade Commission (FTC) published its findings on the impacts of barcodes on pricing. The FTC report revealed that on average most supermarkets will undercharge rather than overcharge when an error has occurred in the price: “[c]heckout scanners result in fewer errors than manual entry of prices at the checkout” (Reeves, 1996, p. 41).

By the late 1970s politicians had grown weary of the debate and abandoned it altogether. The Public Policy Committee ceased to exist in 1977 but served a crucial role in the early stages of barcode development as a mechanism to encourage interaction between various stakeholders. Yet this was not the end of public policy issues related to barcode. By the 1990s, labor unions and other independent bodies were now pointing to serious injuries suffered by employees who had to repetitively scan products for long periods of time with awkward equipment and heavy supermarket store items. Repetitive strain injury (RSI) received a lot of media attention and affected employees sought compensation.

The U.P.C. also received attention from religious groups who saw the bar coding of products as a movement towards the fulfillment of prophecies in the Book of Revelation (Hristodoulou, 1994). There are still groups, especially some monastic communities who refuse to purchase goods that are marked with the barcode. This would surely limit their ability to survive on anything, save subsistence farming practices. Members of these groups link the U.P.C. with the infamous “number of the beast” (666). A plethora of web sites have noted the uncanny coincidence between the number of the beast “666” (Revelation 13:18) and the left (101), centre (01010) and right (101) border codes of the U.P.C. equating to “6, 6, 6”. Some of the more prominent end-time web sites that discuss the U.P.C. include: Ministries (1995), An Apocalyptic Warning (2003), Greater Things (2003), BibleTruthOnline (2006). At first the sites focused on barcode technology, now they have grown to encompass a plethora of auto-ID technologies, especially biometrics and chip implants.

More recently, the work of Katherine Albrecht offers an educated response to the normally “fundamentalist” positions of the websites. Albrecht similarly believes that those who said bar code labels and Social Security numbers were the mark of the beast were not completely wrong. She considers these technologies as precursors to radio frequency identification (RFID) and steps towards a totalitarian regime (Albrecht & McIntyre, 2005; 2006). In an interview with Baard (2006) for Wired she states: “[a]ll of these technologies are of concern… I’d like to think I’d be speaking out against them, too, if I was around at the time they were introduced.”

 

Barcode Fever Spreads in Supply Chains

As more and more distributors, suppliers and retailers implemented barcode solutions, the word spread about the significant gains offset by the technology. It caused a ripple effect in company supply chains especially. As a result, a greater number of customer inquiries were made to technology providers who were only too willing to answer queries from prospective customers.  With each new request for information (RFI), technology providers could understand the needs of customers better and feed this knowledge back into the development process. The future was thus being molded by the learning gained from each successive customer engagement. The evolution of barcode innovations became an interactive experience. As the awareness grew that barcode could be used not only for product coding but for literally thousands of other applications, barcode suppliers became inundated with requests and the rate of barcode-related patents increased substantially. For a representative list of relevant patents in the U.S. beginning in 1995, see Palmer (1995, pp. 361-369). Auto-ID firms, therefore, no longer solely relied on their own knowledge production but also on the interaction between the various players in the industry such as issuers of barcode cards, merchants and consumers for valuable feedback. Cooperatives and alliances began to emerge to support and promote activities for auto-ID product innovation such as AIM. Among numerous other associations and forums, AIM assisted to catapult barcode and other auto-ID technologies into the fore.

 

Clusters of Knowledge and a Growing Infrastructure

Formal knowledge generated and documented by councils, standards bodies, patent offices, universities and R&D programs became of growing importance, especially to new barcode company entrants who relied on existing infrastructure to start their operations. Associations like AIM Global provided support by publishing important documents and specifications for members. In addition, a great deal of explicit knowledge continues to be produced by students and staff doing research at universities on behalf of private enterprise or government who funded their work. In July 2002, TEKLYNX donated fifteen thousand dollars worth of software (CODESOFT) to the University of Ohio and another fourteen universities for education research purposes across North and South America. Among the prominent research hubs in this field, are the Centre for Auto-ID at Ohio University, the Auto-ID Centre at MIT, the Automatic Data Capture Laboratory at the University of Pittsburgh, the NCTU Automatic Information Processing Lab in Taiwan, InsightU.org- an on-line university, the Information Management Institute (IMI), the Automatic Identification and Data Capture Program at Purdue University and the Robert W. Rylander Corporation that has numerous collaborative projects with universities throughout the U.S. It should be noted that many of these universities specialize in a variety of auto-ID technology.

University researchers have the opportunity to exchange information with private enterprise via auto-ID conferences, trade publications and industry associations. Knowledge distribution in this environment has been among the most useful. Both manufacturers and VARs (Value Added Resellers) are able to exhibit their product innovations and attract interested customers to view a range of possible solutions. Valuable feedback is often gained from such events. The proceedings of these conferences are usually published. What all these stakeholders understand is that communication about barcode technology and its future direction is paramount to its continued success. Universities are also excellent locations to store archival information as they have public libraries and other specialized facilities. At Stony Brook State University in New York an automatic identification and data capture industry archive was launched in October 2002. The AIDC 100 Archive at Stony Brook University includes “documents, financial reports, conference proceedings, market studies, periodicals, books and prototype hardware… AIDC 100 is an organization founded in 1997 by industry leaders… the vision of the leaders was to create an intellectual gathering place for those business professionals who have made significant contributions… AIDC archive is constantly growing” (Media Relations, 2002).

 

Setting Standards

Today each individual barcode application requires numerous standards considerations. Before a barcode can be used, a symbology for the product innovation must be chosen along with the rules for information content, the barcode label, where the label is to be placed, the electronic data interchange (EDI) standard and verification standard. “[I]n some industries not only does the barcode label need to meet the required quality in terms of printing standards, but the data conveyed by the barcode also has to conform to a required structure” (Cohen, J., 1994, p. 100; see also Palmer, 1995, pp. 159-174). Even the way barcode information is collected using data terminal equipment (DTE), transmitted over a network and stored in a relational database is standardized (Collins & Whipple, 1994, ch. 5-7).

Barcode standards have also been established by voluntary committees which over time have assisted in convincing other companies in the same industry to follow similar practices. Some standards-setting organizations like UCC/EAN are heavily oriented towards offering specific solutions to retail and have in some respect ignored the needs of non-retail members who are not commodity oriented (Moore, 1998, p. 6). Depending on the barcode aspect to be standardized the process can be as simple as an employee presenting their findings to their immediate manager or as complex as multiple presentations to AIM International by technology providers, proceeding to global standardization through ISO. According to Bert Moore (1998, p. 3), former director of AIM technical communications, it already takes an average of one to two years to create a standard which is pan-national. At the international level it takes at least 50 per cent longer to accomplish anything.

 

UCC and EAN

Standards differ in type and importance. LaMoreaux (1998, pp. 213-214) distinguishes between major, mid-level, industry, company and lower level barcode standards. Examples of each can be found in Table 1. Perhaps the most influential standards in the world today are industry-specific. Two examples of this in the retail industry are the U.P.C. and EAN. The U.P.C., a subset of EAN, is used to identify supermarket goods. First a manufacturer’s number must be obtained to ensure uniqueness between say one can of pet food and another from a different manufacturer. Second each product is allotted a number. When combined, manufacturer number and product number uniquely represent a particular product. In the case of EAN-13, the above-mentioned U.P.C. numbers apply, plus an additional first two digits which identify the country of origin in which the manufacturer’s number was allocated. EAN has now been implemented in over 70 countries worldwide. Although they seem to have struck a reasonable alliance, “[t]he growing use of UCC-EAN standards across industries and borders continues to test the relationship between the two organizations” (Brown, 1997, p. 201). Overall, the aims of barcode standards bodies as outlined by J. Cohen (1994, p. 99) include: “(1) multiple use of a single symbology by a number of different users in the same industry; (2) reduce the amount of research needed by any single user to implement a barcode system; (3) encourage the development of standardized data collection systems within any one industry; and (4) meet the majority of needs of all users within any one user group or industry.”

 

Electronic Data Interchange (EDI)

The gradual industry movement has been towards the tracking of products throughout the enterprise (e.g. Enterprise Resource Planning, ERP) and the supply chain (SCM). The eventual goal is to implement true EDI using barcode technology to take advantage of value added services (VAS) over the company extranet. TRADANET, the UK data network formed in 1982 is based on specific standards now able to offer EDI to international companies. “Joining forces are the Article Numbering Association (ANA), the standards authority for bar coding and electronic data interchange (EDI) and the Electronic Commerce Association (ECA), which offers guidance and solutions to businesses seeking to take up paperless trading” (Jones ed., 1998, p. 13). However, not all industries want to conform to a single major barcode standard. While EDI has matured within the UCC there are quite a few historical issues which have caused friction between EDI leaders and UPC pioneers. Brown (1997, p. 173) believes that “time… will bring new understanding and cooperation” between the two groups as has been witnessed today.

In a move that could have a major impact on the global barcode market, the UCC and NATO (North Atlantic Treaty Organization) are believed to have been working together to reach a consensus on shipment identification codes in the form of the SSCC-18 (Serialized Shipping Container Code) standard. This caused a ripple effect which took place throughout NATOs supply chain. From NATO supplier companies to other government agencies it has been predicted that “every industry segment would, of necessity, adopt UCC/EAN coding and marking” (Moore, 1998, p. 6). This would place immense pressure on barcode suppliers specializing in custom symbologies to conform to a potential super-standard. It should be noted however, that organizations like NATO and government agencies like the United States Department of Defense (DOD), have very different bargaining power than other members of the open market.

 

The Rise of GS1

In 2005 EAN International changed its name to GS1, being the global office for more than one hundred member organizations in the world. The Uniform Code Council (UCC) responsible for numbering in the US and managing the EAN.UCC system, soon after also changed its name, to GS1 US. It only made sense that the two organizations come together, given they were responsible for the world’s supply chain standards across multiple sectors. In addition, GS1 Canada was formed when the Electronic Commerce Council of Canada (ECCC) got on board as well. GS1’s main activity is the development of the GS1 System, a family of standards designed for the improvement of supply chain practices globally. The GS1 System has four arms: barcodes, eCom, GDSN (Global Data Synchronization Network) and EPCglobal (Electronic Product Code global, linked to radio-frequency identification). GS1’s mission for barcodes is to enable businesses to respond to the challenges of the global supply chain by increasing their efficiency and helping them to maximize profitability. The new DataBar is smaller than its predecessor barcode but it can store a lot more information (GS1, 2008).

 

Legal Aspects

Barcode developers once placed symbologies in the public domain, granting access to whoever needed them, at no cost. As Palmer (1995, p. 243) recollects early on there was a spirit of openness, even between competitors who often assisted one another in an effort to get their products to work with new symbologies. Early developers could see the long-term benefit for all concerned of such cooperation. Today, that same spirit of openness does not exist. Barcode is a mature technology and there are a lot more players in the global market than there used to be, all vying for a share of the profits. By patenting barcode inventions manufacturers have realized that as well as protecting their intellectual property (IP) rights, they can also collect money via royalties from license agreements and other contracts.

 

The Public Domain vs Over-Patenting

One criticism of recent behavior has been the incidence of over-patenting, especially by barcode manufacturers. Some inventors are taking advantage of the patent process in some countries and even patenting ideas that are intuitively obvious. According to Palmer (1995, p. 241) these instances have been counter-productive to the real spirit of innovation and ultimately end-users end up paying for the costs, and technical progress in some areas of development is stifled as a result. For instance, in 2000, Hutchison reported that PSC and Symbol Technologies were embroiled in yet another patent-infringement suit over a portable barcode scanner named the Grocer e-Scan. The reporter noted that the two companies had a history of litigation.

 Patents in the field of barcode are usually related to symbologies, hardware or applications. It is important for all stakeholders to be aware of what is happening in the industry because they do not want to find themselves having to pay large amounts of money to inventors who are mostly concerned with royalty revenues than solutions. Formal challenges have been launched against a variety of committees, other manufacturers, and even end-users in the past. In some of the more prominent barcode-related legal battles, can be included Walter Kaslow’s coupon validation system (1976), Ilhan Bilgutay’s challenge on the UPC symbol (1985) and IAMPO’s UPC definition (1992).

 

BARCODE APPLICATIONS

Overview

Supply Chain Management

Over the years barcodes have been applied to many different applications. For an extensive list of uses of barcodes and a diverse range of case studies see LaMoreaux (1995, pp. 10-11; 22-50), Palmer (1995, pp. 225-239; 2007), Grieco et al. (1989, pp. 135-168) and Collins and Whipple (1994, pp. 187-251) who cover barcode solutions for inventory control systems, retail, and tracking. The biggest adopter of barcode technology is the retail industry. Via the retail industry alone, the barcode had permeated a global population in just a short period of time. It can be credited as being the first sector to establish symbologies for product marking. The first symbology to be widely adopted was the UPC. However, European interest in the UPC led to the adoption of the EAN symbology in 1976. Today there exist several different versions of UPC and EAN, each with its own characteristics. The changes in the check-out process did not go unnoticed. It changed the way consumers bought goods and the way employees worked. It also had a major impact on how businesses functioned and related to one another, i.e. supplier-customer relations. In terms of barcode developments, the 1990s have been characterized by an attempt to evolve standards and encourage uniformity. This has been particularly important in the area of supply chain management (SCM).

 

Enterprise Resource Planning

Another application of barcode is in manufacturing where it has acted to increase productivity levels significantly. Specific part types can now be identified automatically. The label is used in the sorting and tracking of parts until the finished product is completed and dispatched, using various checkpoints throughout assembly (Wamba, Lefebvre & Lefebvre, 2006). This work-in-process innovation also acts as an order entry system and quality control measure. In shipping, delivery errors have been reduced because of barcode labels on individual packaging items, resulting in goods getting to their correct destinations on time. Such practices are saving large companies millions of dollars annually. Barcode systems can also transmit order information and other data using electronic data interchange (EDI). This allows for international operations worldwide to be linked together. Executives can now receive timely and accurate sales and inventory data and have an ability to exercise a just-in-time (JIT) strategy in their operations (Johnston & Lee, 1997). Highly automated systems have reduced labor costs and increased productivity. Quick response (QR) and direct store delivery (DSD) have lead to better customer relations that have helped companies achieve a competitive edge (figure 4). Expensive goods are also asset-tagged with barcodes to reduce the incidence of theft, shoplifting or illegal imitation.

 

Other Applications

The versatile nature of barcode to be imprinted on just about any type of surface meant that its application on plastic cards or paper forms was inevitable (figure 5). Acting as an automatic identifier for low-risk applications barcode is renowned for being an effective solution. In 1994, Cohen (p. 63) believed that barcode had the highest accuracy amongst auto-ID technologies: “…barcode technology is seen today as the most reliable of all auto-ID technologies, that is, the one with the lowest substitution error rate.” This statement has to be taken in context. It is now commonplace to find libraries issuing cards with barcodes to borrowers, as are school administrations to their students and staff. In fact, a student’s absenteeism or individual class attendance can also be monitored. In the workplace, attendance hours can be logged using barcode to indicate an employee’s hours of work. Barcode access control cards can grant privileges to employees who are authorized to use work facilities. Tracking people is also possible using wearable tags with the barcode imprinted on the tag. Barcodes can also be used for crowd control, particularly for highly publicized events where large numbers of people are expected. And barcodes they have long been used for baggage handling and collection at airports throughout the world (figure 6).

Other applications include bar coding every publication using the International Standard Book Number (ISBN), direct mailing systems that insert barcodes on forms or brochures to keep track of information gathered in order to perform target marketing. Invoices sent out can also be barcoded for tracking goods sent and used in the returns or damaged items process. In the health industry hospital patients can be identified by barcodes that are securely attached to them via a plastic bracelet. Laboratory samples are also labeled with barcodes for tracking purposes (figure 7). In agriculture barcodes are used in the process of cattle breeding as well. The barcode today continues to be the standard auto-ID technique of choice. The infrastructure for barcode is well-established, the technology is well-understood, and it is relatively cheap to implement and operate. Post the year 2000, new applications of barcode are continually being invented, as is demonstrated by its potential to even be used as a tracking instrument for even the smallest of insects.

 

Case 1: Barcodes in Manufacturing

The greatest impact that barcodes have made in the retail sector has been in the production process and distribution of goods. Two examples of this can be found in Bobson, a Japanese-based manufacturer of casual apparel and R. M. Palmer, a US-based leading confectionary manufacturer. Both manufacturers have been able to achieve quick response (QR) because of the barcode. “Stage one is exemplified by the use of U.P.C., EDI for purchase orders and invoices and, lastly, the UCC/EAN-128 shipping label standard for container marking” (McInerney, 1998, p. 33). Bobson has the capacity to cater for up to 60000 apparel items on a daily basis and has over 1300 customers. Using the Interleaved 2 of 5 symbology, products are organized into barcoded collapsible totes that have a unique identification. Placed on an automated conveyer belt barcodes are scanned updating Bobson’s inventory file. Orders are then sorted by destination automatically using a cross-belt sorter. The automated system eliminates sales losses and allows Bobson “...to compete effectively against lower cost apparel from overseas” (Automatic ID, 1998b, p. 31). Suppliers of goods, like R. M. Palmer, have also had to meet customer compliance demands. The candy producer created its own automated labeling system: “[it] has moved from stenciling cartons to ordering preprinted labels to hand-applying pressure-sensitive labels printed on site” (Automatic ID, 1998a, p. 30). Today Palmer has the capability to produce a different label for each of its customers utilizing Code 128 barcodes. It additionally produces Interleaved 2 of 5 barcodes for internal purposes and UPC for preprinted labels. Similar to Bobson, Palmer places cartons on conveyors that must pass through barcode laser scanners. The equipment scans the barcode labels after they are applied, ensuring quality control and that a customer order was satisfied receiving the correct Code 128 barcode (Automatic ID, 1998a, pp. 31f).

Similar to the Japanese-based manufacturer Bobson discussed in the previous section, an auto-ID system is also in place at Calvin Klein’s Italian European Jeans warehouse. This particular warehouse is responsible for the distribution of Calvin Klein sportswear for all its outlets outside North America. It is estimated that the 12000 square meter storage area handles more than 10 million items per year. As Beale (1998, p. 1) reported: “...Calvin Klein receives finished goods (jeans, shirts, sweatshirts, hats, and tennis shirts) from its subcontractors and readies them for shipment to retailers. Each day, between 30000 and 40000 individual garments (roughly 2000 to 2500 pallets) are transported through the facility.” There is one noticeable difference between the Bobson warehouse and that of Calvin Klein. The latter heavily relies on radio-frequency data communication (RFDC) technology, not only barcode. Like Calvin Klein, the Alto Group in Australia, Panasonic Logistics in England and Toyota in the U.S. have incorporated barcodes and RF/DC technology into their operations.

In the case of the Alto Group which holds an inventory of 100000 line items valued at 5.5 million dollars with 4000 different lines of parts, warehouse personnel also use Janus 2020 handheld terminals to receive data and instructions using wireless means via the management system called STOCK*MAN. Incoming inventory is barcode labeled and STOCK*MAN provides putaway instructions by a RF transmission. Order processing is also simplified when an item is picked and scanned the inventory is updated in real-time. Alto Parts claims it has increased its parts putaway by 300 per cent and its parts delivery rate by 150 per cent. Additionally 50 per cent less stock is held in the warehouse which has freed up finances. In the case of the Panasonic Logistics, the distribution arm of Panasonic an automatic data capture (ADC) facility has been built at the Northampton center. With 80000 different product lines and 23000 pallet locations the plant is significantly bigger than the Alto Parts of Australia but works on the same principles. It uses about 50 radio terminals for picking, almost one for each of its employees. The ADC system is so efficient that the work force at the center was envisaged to be reduced by 25 per cent in 1999.

 

RFID: Complementary or Replacement Technology?

The Toyota case differs significantly from the former cases. Instead of using barcode, the automotive manufacturer chose a fully-fledged radio-frequency identification (RFID) system instead. Whereas the previous three cases integrated barcodes and RFID into one system, Toyota has opted to use RFID in place of barcode. The manufacturer is probably using the most advanced methods in its plant to implement JIT and EDI (J. Cohen, 1994, ch. 14). The facility produces more than 550000 engines and 475000 vehicles annually. The old system could not ensure that the right trailers went to the right dock at the right time. The new system using TIRIS passive RFID tags from Texas Instruments has eliminated delays and mistakes that total into the hundreds of thousands of dollars. Each of the 200 trailers is tagged permanently. Prior to the truck’s arrival at the gate, the management system receives information about the trailer’s contents and arrival times via EDI. A gate antenna is used to read the tag as it arrives and departs checking it against the appropriate database that contains the trailer number, gate number, date and time of arrival.

While the mass introduction of RFID tags was still a number of years away at the turn of the millennium, primarily due to cost, some companies decided to migrate part or all of their operations to take advantage of RF functionality. The launch of TROLLEYPONDER RFID by Trolley Scan, a South African-based company, caused much debate over the future of barcodes in the late 1990s. It is not surprising that the managing director and inventor, Mike Marsh has touted the RFID technology as a replacement for the barcode marking of products. Marsh is convinced that this is the way of the future and is currently forming agreements with commercial partners globally. While some observers believe that the technology is only useful for niche markets, Trolleyponder is heavily targeting the retail market, particularly supermarket chains and their suppliers. The technology has the potential to be used for everything from manufacturing, warehousing and logistics with the added benefits of Electronic Article Surveillance (EAS) and putaway. Trolley Scan has also initiated a Development Users Group, an informal collection of about 60 companies and organizations that would like to contribute or be informed of Trolleyponder developments. It is envisaged that RFID may be ultimately used in retail for customer self-service check-out such as in the system developed by University of New South Wales called BRANDERS Point of Sale. The Metro conglomerate, the sixth largest retailer in the world, opened one of the first fully-fledged RFID-enabled future stores in Rheinberg, Germany, in 2003 (Kanellos, 2003) which among smart shelves and antitheft systems had self-checkout lanes.

Kroger’s supermarket in Louisville started trialling the U-Scan Express system in 1997. The trials were reportedly so successful that the company considered rolling out the PSC and Optimal Robotics technology to more stores. In this instance customers approached an aisle passage that had a restricted exit. Upon scanning all their goods the customer then made an EFTPOS transaction to pay for the items purchased and received a receipt. Upon EFTPOS authorization, the trolley was allowed to go through and a secure EAS system was used to assure the retailer that nothing had been accidentally left unpaid or deliberately stolen. If such a system was to be introduced widely, the impact on workers and customers would be huge; the former from a mass reduction in staffing requirements and the latter from a shift in responsibility at the check-out. Yet it is also currently possible for consumers not even to have to visit a supermarket but transmit their requirements from home (Abass, 1996; and LaPlante, 1999). While Internet grocery shopping can be a little tedious, Hutchison (2000) shows how the Grocer e-Scan portable handheld barcode scanner device could save customers time and trouble. Grayson (1998) reviews an all-in-one barcode scanner, microwave, and television, developed by NCR’s Knowledge Labs. One can use the microwave to cook, conveniently watch television while preparing food, and after dinner use the barcode scanner to order new grocery items.

Case 2: Barcodes in Education

The versatility of barcode has seen the device proliferate in the education sector. Primary, secondary and tertiary educational institutions are using the barcode on a plastic card, replacing traditional cardboard cards. The card systems are commonly known as campus cards. “The all-campus card- now finding its way onto an increasing number of college campuses- can provide access to everything from elevators, doors and garages, to vending machines, library books, and clothing at the campus store” (Facilities Design, 1997, p. 20). In Australia, Knox Grammar School, Beverly Hills Girls’ High School, and the University of Wollongong are just three institutions that have introduced barcode cards. Typically campus cards at schools and universities operate in a closed systems environment. That is, they are only useful within the bounds of the campus of a single institution.

In 1996, Knox Grammar issued 1400 students and staff with Knox Cards. Each Knox card is “...complete with barcode, date of birth, photo and magnetic strip” (Knox Grammar, 1996, p. 43). The Knox Card was originally introduced for the library so that each title catalogued could be tracked. It could also serve the purpose of giving each student a unique identifier and automatically monitoring overdue books, library fines or limits of books being borrowed. The card showed the way for Knox to become a micro-cashless society. Students and staff could use the card for photocopying in the library and for other future purchases such as textbooks and stationery or school uniforms (Knox Grammar, 1996, p. 43). While Knox Grammar students use the barcode card primarily as a borrowing device in the library, Beverly Hills Girls’ High School use it to record attendance, “[i]nstead of teachers marking rolls, students swipe a barcoded card through a machine” (Raethel, 1997, p. 1). Teachers can then check to see whether all pupils are present or not via a printout. The 20000 dollar system has increased attendance from 85 per to 95 per cent in only one year and reduced both absenteeism and truancy. While there has been some criticism of the school for introducing an electronic monitoring system, many other schools have planned to trial or install such a system. The card also helps to know where students are when they have free periods during the day. Although obviously these types of systems are not foolproof given students could swipe cards for one another secretly.

The Old Dominion University (ODU) also trialed such a system (Walzer, 1996) to ensure attendance at lectures in a bid to reduce the failure rate of first year students, who are generally under the misconception that they can get through a course without attending the majority of classes. Alamo Community College District (ACCD) also monitored student interactions using barcode ID cards (Madaras, 1993). At the University of Wollongong, student identification cards were introduced in 1994. The barcodes on the student ID are primarily used for borrowing purposes in the library. The unique barcode ID number also grants student access to the University’s Student Online Kiosk (SOLs) where individuals can enroll in subjects, download their assessment results and receive important messages, among other things. The University of Wollongong campus card also comes equipped with a photograph which acts as proof of identity, particularly useful during examinations when hundreds of students are present in large halls. The magnetic strip on the card is predominantly for access to computer laboratories (Carroll, 1994, p. 8). The image of each student is stored in a database for the instance that a card needs to be replaced, or so instructors can put an ID number to a face in an online teaching environment.

 

Smart Card or Hybrid Card: More Flexible and Secure

Barcode cards have been the most popular cost-effective identification solution for educational institutions. Magnetic-stripes have been complimentary to the plastic cards, sometimes serving little or no purpose at all. In those cases where the magnetic-stripe is utilized however, it is likely related to stored value (i.e. money) or some other application requiring a higher level of security than the barcode can offer. Due to their student population, colleges and universities have often looked to adopt other auto-ID solutions such as smart cards and biometric devices. In addition, at tertiary institutions more money is transacted per student for higher education fees, text books, stationary, photocopying, printing and the purchase of food. Coupled with the monetary aspect is that of student identification for examinations, attendance to classes, resource borrowing allowances and access to computer rooms. The cards could also be used to store student results etc. Table 2 shows how smart cards were introduced into institutions prior to 2003.

Some of the campus schemes include hybrid cards while others rely only on the smart card technology (Omar & Djuhari, 2004). The University of Michigan smart card scheme, known as M-Card, is in the former category. Faced with making a significant investment in equipment in 1995 to provide a single card with multi-functionality, smart card was chosen over barcode and magnetic-stripe cards as the ultimate solution that would keep pace with future innovation. In the short term the new smart card scheme was integrated into the legacy systems but eventually everything on the card was migrated to smart card. Smith and Cunningham (1997, pp. 228-229) describe this evolution. “The situation at the university was typical. They had several “legacy” or existing systems using different card technologies such as barcode and magnetic stripe. Their approach was to use existing systems when feasible, and to implement new services with smart cards. This was achieved by including OCR, barcode, and magnetic-stripe on the student identity card as well as the integrated chip. Over time, all services are likely to be migrated to the chip.” By 1999 there were more than 94000 active M-cards that could be used at 56 merchants, 340 cash points with 23 available reload devices. “While it is primarily used as a photo ID, the M-Card may also be used for banking purposes, making small purchases from participating merchants, library services, and secure entrances to buildings.” The M-Card went beyond a closed campus system implementation.

Cards developed in the 1980s were more likely to be used on-campus rather than off-campus. Today universities are establishing partnerships and alliances with banks, health insurance companies and telephone operators allowing students and staff to use their card in an open system with commercial supplier agreements. Leading the way in campus smart card innovation is a group at the Florida State University (FSU) which is developing a card that can act as more than just a prepaid card. The team located at the Card Application Technology Center on campus at FSU, includes such sponsor companies as MCI, V-One, Debitek, PTI and Gemplus (now Gemalto). Gemplus had a large piece of the education market. The company’s cards were also used at the University Jannus Pannonius, the University of Medicine of Pécs and the University of Aix-Marseille (France) to name a few. The scheme has developed a multipurpose card that can handle money transfers, payment for stationary, text books, laundry, public transport, food and vending. In Australia, the incumbent telephone operator Telstra is funding a smart card scheme for the University of Adelaide, TAFE NSW (Lidcombe) and the Australian Defense Force Academy (ADFA). The single card is being heralded as a replacement for the older student ID photo card, barcode library card and magnetic-stripe photocopy card (Creed, 1999). The Vice Chancellor of the University of Adelaide believes the scheme will reduce costs associated with the annual issue of cards and will benefit students by offering them loyalty discounts for phone calls and other services. More recently an ID card for school children was launched in Australia supported by the Victorian government. The card contains personal information and emergency contact details.

 

Barcodes Today

For some time it seemed that the much touted radio-frequency identification tag would displace the barcode (McCathie & Michael, 2005). This has not eventuated as yet, despite the forecasts. Instead the barcode is making a resurgence in a range of application areas. Not only have institutes spent more time on incremental barcode innovations, but the barcode has now been coupled with other mobile commerce devices to offer solutions to even high security applications. The 2D barcode has been among the most successful innovations (Editor, 2005; Chu, Yang & Cheng, 2007). Coupled with devices like the mobile phone (Gao, Prakash, & Jagatesan, 2007), scanners, cameras and biometrics, the 2D barcode is now providing solutions for secure drivers licenses (Hagman, Hendrickson, & Whitty, 2003), voting applications (Adida & Rivest, 2006), and even automated storage and retrieval systems (Sriram et al., 1996). The barcode is “piggybacking” on the success of other well-diffused technologies (Chu, Yang, & Chen, 2007; Kato & Tan, 2005; Ohbuchi, Hanaizumi, & Hock, 2004). Given it already has such a widespread reach in retail, global companies are still taking advantage of industry-wide economies of scale.

 

Applications for Mobile Commerce

As the number of consumers who are equipped with more sophisticated mobile phones increases rapidly, the potential for launching mobile commerce applications also increases. Not only are newer phones today Internet-enabled but they are also equipped with Bluetooth capabilities, in-built cameras, and global positioning system (GPS) chipsets. Of relevance in this chapter is how the camera phone will be used in the not-to-distant future by consumers to access information about retail products, simply by taking a picture of a 2D barcode on an item. In actual fact, consumers will soon be using their phones to ‘scan’ barcodes to request information to be pulled to their mobile phones or handsets such as: information related to allergens, ingredients and nutritional facts; service prices, recipes, access to coupon offers; and other packaging-related information (Horwood, 2008a). The consumer, is thus becoming an operator, an attendee, but using their own relatively inexpensive device to read a barcode. The initiative was begun by GS1 Mobile Com in June 2007, and has now gathered momentum with other players also getting involved (CTIA, 2008). Currently the recommendation by the GS1 Mobile Com group is that only approved standards (e.g. ISO or GS1 that are royalty-free) and specified barcodes be used (e.g. GS1 EAN/UPC, 2D and QR code) for testing and implementing applications (Horwood, 2008b, p. 1). CTIA (2008) describe that a mobile commerce transaction using the camera phone and barcode can take place in only three simple steps: (1) the consumer scans the 2D bar code and makes a decision to connect or not to connect to associated data; (2) scan information is sent to a clearing house for processing; and (3) information is sent to the consumer’s handset and a target action is launched. Integrating this mobile commerce capability with location services, will mean that manufacturers and retailers will gain additional knowledge about their customers, even information related to the whereabouts of the customer making the purchase.

 

CONCLUSION

Looking back at the major innovations of the 20th century, the unassuming barcode may not obviously rank as one of the technologies that revolutionized the way we live and work but on second glance its impact has been significant to every facet of our life. One could argue that originally it was the conception of the identification number itself, that was fundamentally responsible for the rapid changes that followed after computerization, but it was the barcode that applied to an industry, was able to really harness the power of computerization, and more specifically the importance of serialization to people and products. It was the aspect of automated data capture that convinced enterprises all over the world to invest in this technology. Automated data capture was appealing for more than the benefits of production savings and the like; it was about processing large amounts of data in a short time and organizing things in a way that would advance operational processes. Today most consumers do not even notice barcodes on supermarket store items, unless the attendee at the checkout is having trouble scanning the item, or a barcode label has fallen off the packaging and we hear the words “price check for granny smith apples” over the loudspeaker. If we can talk of e-business in the context of supply chains, we have the barcode to thank for it.

 

REFERENCES

Abass, K. (1996). The grocery supply chain: manufacturers, retailers and technology. IEE Colloquium on Next Generation Manufacturing, pp. 6/1-6/4.

Adida, B., & Rivest, R. L. (2006). Scratch & vote: self-contained paper-based cryptographic voting Paper presented at the Proceedings of the 5th ACM workshop on Privacy in electronic society.

Albrecht, K., & McIntyre, L. (2005). SPYCHIPS: How Major Corporations and Government Plan to Track your Every Move with RFID. United States: Nelson

Albrecht, K., & McIntyre, L. (2006). The Spychips Threat: Why Christians Should Resist RFID and Electronic Surveillance. United States: Nelson.

Ames, R. (Ed.). (1990). Perspectives on Radio Frequency Identification: what is it, where is it going, should I be involved? New York: Van Nostrand Reinhold.

An Apocalyptic Warning. 666soon, from http://www.666soon.com

Automatic ID. (1998a). Candy maker tastes sweet success. Automatic I.D. News Asia(March/April), 29-32.

Automatic ID. (1998b). High-speed retail distribution centre ensures Quick Response for Bobson. Automatic I.D. News Asia (May/June), 30-31.

Baard, M. (2006). RFID: Sign of the (End) Times? Wired   Retrieved 5 March 2007, from http://www.wired.com/science/discoveries/news/2006/06/70308

Beale, S. (1998). Calvin Klein’s warehouse is designed for success. ID Systems: The European Source for Auto ID, 1-4.

BibleTruthOnline. (2006). Bible Truth Online.  

Brown, S. A. (1997). Revolution at the Checkout Counter: the explosion of the bar code. London: Harvard University Press.

Carroll, R. (1994). New ID cards. Tertangala.

Chu, C.-H., Yang, D.-N., & Chen, M.-S. (2007). Image stabilization for 2D barcode in handheld devices Proceedings of the 15th international conference on Multimedia

Cohen, J. (1994). Automatic Identification and Data Collection Systems. London: McGraw-Hill Book Company.

Collins, D. J., & Whipple, N. N. (1994). Using Bar Code- Why It’s Taking Over. Massachusetts: Data Capture Institute.

Creed, A. (1999). Australian students issued reloadable smart cards. Newsbytes.

CTIA. (9 September 2008). Camera-Phone Based Barcode Scanning. CTIA- The Wireless Association   Retrieved 26 September 2008, from http://files.ctia.org/pdf/WhitePaper_CTIA_WIC_CodeScan_9_08.pdf

Editor. (2005). The 2D data matrix barcode. Computing & Control Engineering Journal, 16(6), 39.

Elliot, J. (1999). The one-card trick multi-application smart card e-commerce prototypes. Computing & Control Engineering Journal(June), 121-128.

Facilities Design. (1997). All-campus cards open many doors. Facilities Design & Management, 16(2), 20.

Gao, J. Z., Prakash, L., & Jagatesan, R. (2007, 24-27 July). Understanding 2D-BarCode Technology and Applications in M-Commerce - Design and Implementation of A 2D Barcode Processing Solution. Paper presented at the 31st Annual International Computer Software and Applications Conference.

Grayson, I. (1998, 29 September). NCR cooks up a non-PC. The Australian, p. 37.

Greater Things. (2003). Modern Parables for the Lord's People. from http://www.greaterthings.com/

Grieco, P. L., Gozzo, M. W., & Long, C. J. (1989). Behind Bars: bar coding principles and applications. Florida: PT Publications.

GS1. (2008). GS1 DataBar. GS1 Bar Codes Retrieved 28 September 2008, from http://www.gs1.org/productssolutions/barcodes/databar/

Hagman, J., Hendrickson, A., & Whitty, A. (2003). What's in a barcode? informed consent and machine scannable driver licenses CHI '03 extended abstracts on Human factors in computing systems.

Horwood, J. (2008a). Can Mobile Phones Read Barcodes?   Retrieved 26 September 2008, from http://www.gs1.org/docs/media_centre/gs1_pr_110908_mobile_com_barcodes.pdf

Horwood, J. (2008b). GS1 Mobile Com Group recommends barcodes for mobile applications to promote early development, piloting and standardization.   Retrieved 26 September 2008, from http://www.gs1.org/docs/mobile/GS1_Mobile_Com_Barcodes_Position_Paper.pdf

Hristodoulou, M. H. (1994). In the last days. In Geron Paisios (pp. 181-192). Mount Athos, Greece, (in Greek).

Hutchison, K. (2000, 1 June). Handheld bar-code scanners pitched as e-tailing savior. The Globe and Mail.

Jesse, R., & Rosenbaum, O. (2000). Barcode: Theorie, Lexikon, Software. Germany: Verlag Technik.

Johnston, R. B., & Lee, R. P. W. (1997). The role of electronic commerce technologies in Just-in-Time replenishment. Paper presented at the IEE Proceedings of the Thirtieth Hawaii International Conference System Sciences.

Jones, D. (1998). Electronic Commerce in Government. Card Technology Today, 10(2), 13-16.

Kanellos, M. (23 April 2003). Intel, SAP shop 'store of the future'. CNET News   Retrieved 25 April 2003, from http://news.cnet.com/Intel%2C-SAP-shop-store-of-the-future/2100-1006_3-998038.html?tag=mncol;txt

Kaplan, J. M. (1996). Smart Cards: the global information passport- managing a successful smart card program. London: International Thomson Computer Press.

Kato, H., & Tan, K. T. (2005, 15-17 November). 2D barcodes for mobile phones. Paper presented at the 2nd International Conference on Mobile Technology, Applications and Systems.

Knox Grammar. (1996, 23 July). Students swipe away cash. The Daily Telegraph, p. 43.

LaMoreaux, R. D. (1998). Barcodes and Other Automatic Identification Systems. New York: Pira International.

LaPlante, A. (1999). The battle for the fridge; the food industry is looking to hook up your home to the supply chain, Computerworld (pp. 52).

Madaras, W. (1993). Live data student information kiosk built using EDA/SQL.Information Builder News (IBN)(Fall/Winter), 14-16.

Marsh, M. (1998). BRANDERS point of sale system developed by University of New South Wales, Australia.   Retrieved 4 December 1998, from http://rapidttp.co.za/transponder/presre29.html

McCathie, L., & Michael, K. (2005, 3-5 October). Is it the end of barcodes in supply chain management? Paper presented at the Collaborative Electronic Commerce, Talca, Chile.

McInerney, J. (1998). Real companies are saving real money with quick response. Automatic I.D. News Asia, pp. 32-35.

Media Relations. (2002). Stony Brook University inaugurates automatic identification and data capture industry archive. Stony Brook NEWS, pp. 1-3.

Meyers, R. B. (2000). The ten commandments of bar coding. Frontline Solutions(August), A-5- A-22.

Ministries. (1995). Dial-the-Truth Ministries. from http://www.av1611.org/

Moore, B. (1998). Developments in bar code readers. Automatic I.D. News Asia(March/April), 35-38.

Moore, B., & Albright, B. (1998). EAN/UCC create new item marking symbologies.Automatic I.D. News Asia(August/September), 24-25.

Ohbuchi, E., Hanaizumi, H., & Hock, L. A. (2004, 18-20 November). Barcode readers using the camera device in mobile phones. Paper presented at the 2004 International Conference on Cyberworlds.

Omar, S., & Djuhari, H. (2004, 31 May-2 June). Multi-purpose student card system using smart card technology. Paper presented at the Proceedings of the Fifth International Conference on Information Technology Based Higher Education and Training.

Palmer, R. C. (1995). The Bar Code Book- Reading, Printing and Specification of Bar Code Symbols. New Hampshire: Helmers Publishing Inc.

Raethel, S. (1997). Late? The micro-chip won’t be pleased. The Sydney Morning Herald.

Reeves, T. (1996, 29 October). The checkout checks out okay. The Australian, p. 41.

Sharp, K. R. (1998). Selecting inventory control (pp. 1-3): ID Systems: The European Source for Auto ID.

Smith, M., & Cunningham, D. (1997). Education. In C. A. Allen & W. J. Barr (Eds.), Smart Cards: Seizing Strategic Business Opportunities (pp. 224-233). New York: McGraw-Hill.

Sriram, T., Vishwanatha Rao, K., Biswas, S., & Ahmed, B. (1996, 5-10 August).Applications of barcode technology in automated storage and retrieval systems. Paper presented at the 22nd International Conference on Industrial Electronics, Control, and Instrumentation.

Thompson, A. R. (1996). Campus card. Security Management, 40(5), 19-20.

Walzer, P. (1996). ODU planning to test scanner to keep tabs on class attendance. V.P.

Wamba, S. F., Lefebvre, L. A., & Lefebvre, E. (2006). Enabling intelligent B-to-B eCommerce supply chain management using RFID and the EPC network: a case study in the retail industry. Paper presented at the Proceedings of the 8th international conference on Electronic commerce: The new e-commerce: innovations for conquering current barriers, obstacles and limitations to conducting successful business on the internet.

Yang, C.-H. (1999). On the design of campus-wide multi-purpose smartcard systems.Paper presented at the IEEE 33rd Annual 1999 International Carnahan Conference on Security Technology.