Card, mobile credential, payment and security
Physical security workhorse begins giving way to contactless as price cuts and multi-technology readers eliminate hurdles
By Chris Corum, Executive Editor, AVISIAN Publishing
You can do more – and you can do it more securely – with contactless than you can with proximity. Few would argue with this statement, yet each year proximity technology continues to outsell contactless in the North American security markets. But new products, attractive pricing, and better market education are turning this tide, making contactless the technology of choice for many professionals charged with securing their physical and logical enterprise.
Contactless technologies use the 13.56 MHz frequency to communicate data between the card and reader while proximity technology uses the lower 125 KHz frequency. Contactless can enable read-write and processing capabilities that become increasingly important as additional applications are desired. Proximity cards are traditionally a read-only technology, where a simple identification number is encoded to the card prior to issuance and that data remains static for life. It is this difference that opens up the possibility for a more robust utilization of the contactless card.
According to Erik Larsen, Product Manager of Identity Solutions for Lenel Systems International, smart card technology enables a host of opportunities. “Post-issuance ID number changes and additions, electronic purse and cashless payment functions, biometric storage and authentication, network access and security, and more,” he explains are all made possible.
The processing capabilities of contactless technologies enable the card to ‘participate’ in the security process, authenticating itself to the reader and protecting its owner’s data until it has verified that the reader is legitimate. “On-board processing also secures key components of biometric identification, cashless transactions, and a wide range of other applications,” adds Mr. Larsen.
So why does prox still dominate in some markets?
With all these inherent advantages of contactless, why do so many security officers and card system managers still opt for proximity solutions? Until now, there have been a number of legitimate reasons for such a decision, though many suggest this is changing.
Price
There has been the issue of price. “Originally it was cost of cards and readers,” says Mr. Larsen, “but those have been addressed.” In fact, in one well-publicized promotion, HID Corp. began offering its contactless cards and readers for the same end-user pricing as its prox offering. According to HID’s product manager for High Frequency Products, Jack Bubany, “the cost for contactless smart cards and readers is comparable with prox and we are working hard to get this word out to the North American market.”
Infrastructure
So if the technology is superior and the price is comparable, what else could be the holdup? As is often the case with new technologies, legacy infrastructure has been a major deterrent for many buyers. The cost and disruption involved with changing out card readers throughout a facility and re-badging the cardholder population has delayed or dismissed many potential migrations during recent years. Says Mr. Larsen, “customers that have a current system in place want to know what is the cost for reissuance and when will the ROI make sense.”
With prior generation equipment, the answer to this question was often met with dismay. But multi-technology readers capable of communicating with both contactless and prox technology are changing the landscape.
Many of the leading security companies are now offering a multi-technology reader. It can significantly ease a transition from prox to contactless by eliminating the need for a mass re-badging effort. New employee cards, replacement cards, and those with need for added security or functionality can be issued the contactless card beginning day one, while other cards are phased in over time or simply allowed to churn via the normal cycle of employee and card turnover.
“Even if a company has not made a conscious decision toward a particular contactless smart technology it’s only a matter of time before someone from the IT department asks the security group about their smart card plan,” says Jon Menzel, President and CEO of reader manufacturer XceedID. “If a company has been purchasing Multi-tech readers over time (and used them as simple prox readers) then they will have already invested a substantial amount toward the smart card upgrade without allocating special funds to do so. This greatly reduces the follow on investment to move all cards and readers to contactless technology.”
But these multi-technology readers are proving to have an important role beyond just a transition-enabler. “Your entire population may not need to go (contactless) smart cards,” explains Mr. Larsen, “or they may not need to go on a first phase deployment. Look at a multi-technology reader for the common areas where both populations need access and then use the 13.56 only at the secure doors.”
“Many large companies are content with their current card populations but have disparate technologies in multiple locations (i.e. HID prox in New York, GE/Casi prox in Los Angeles, and Mifare in London),” explains Mr. Menzel. “… Multi-technology readers function with all of these cards simultaneously saving significant investment dollars required to transition to one card.”
In the past, HID helped clients address the migration from prox to contactless with cards that combined the two technologies, but a new reader provides another alternative. Says Mr. Bubany, “some may see the card as the best migration point and some may see the reader. It depends on the client’s specific environment and needs.”
Education
With the obstacles of price and infrastructure seemingly all but eliminated, what else could delay the move to contactless technology? According to Mr. Larsen, the final hurdle is market education. It seems that while the vendor community has made the transition relatively painless, the buzz has not yet caught up. Say Mr. Larsen, “the general population is thinking it is still too expensive.” Additionally there remains a distinct level of confusion as to the capabilities of contactless technology.
But the end user is not the only community in need of education. “The security reseller and integrator segments need thorough education to ensure they can best help their customers,” adds Mr. Larsen.
Any salesperson will tell you that it is generally easier to sell something you have sold before and know well. This existing comfort level with proximity technology is perhaps the last major hurdle to increased market presence for 13.56 MHz. “The key customer-facing component of this industry is the integrator layer,” says Mr. Menzel, “and they must buy-in to both the benefits of contactless technology and see a reward for selling it over other solutions.”
“At HID we conduct workshops in major cities,” says Mr. Bubany, “one for dealers and one for end users to help them understand what smart card technology offers them. The goal is to give them a level of comfort so that they can feel safe selling the newer technology to clients or implementing it in their organization.”
Next steps
Many suppliers of security components are actively working with resellers and integrators to educate them of the new environment surrounding contactless. As these programs disseminate the information on improved technology, comparable pricing, and stronger security, it seems likely that North America will trend toward contactless technologies … joining the rest of the world’s security markets.
In the next installment of our physical security corner, we will continue this examination of contactless and proximity technologies. Part two of this article focuses on issuance, contrasting the challenges and opportunities that the divergent technologies present to the issuing organization.
By Chris Corum, Executive Editor, AVISIAN Publications
A newly-issued patent covering the movement of funds between accounts via the web is hitting close to home with campus card systems. No surprise as the patent was originally conceived to cover these transfers from a bank account to a campus card account.
In November 2005, United States Patent 6,963,857 was issued to JSA Technologies, a familiar name in campus card circles. JSA has been supplying value transfer solutions to colleges and universities since the late 90s. The technology enables web-revalue of campus card declining balance and other accounts.
“We had a working product late 1998,” says Jon Gear, Vice President of JSA, “and the patent was filed in 1999.“ More than six years elapsed between initial application and final approval, a timeframe that is not uncommon in the patent application process.
“It covers the transfer of funds between networks via the Internet,” says Mr. Gear. He stresses that the patent in no way impacts typical bank to bank transactions as these utilize a common financial processing network. It is when transfers occur from this traditional financial processing network into another network that the patent’s coverage seems to begin.
The opening salvo
In recent weeks, letters were sent from JSA to a number of companies and institutions that have developed systems that, according to Mr. Gear, may infringe on the patent. He adds, “we have not told any institution or organization that they are infringing. All we have done to date is (begin) to notify the market that we have this patent.”
Though the actual number of letters was not provided, it was suggested that there was between 10 and 20 parties notified. Campuses using systems supplied by vendors were not contacted, as the vendor would be the point of contact in these instances. “Schools only received the letter if they had a homegrown system,” said Mr. Gear.
What was the purpose of the letter? The intent can be found in the first line of the press release issued March 16, 2006, “Recently JSA Technologies contacted numerous private companies and several institutions of higher education regarding the licensing of a patent invented and commercialized by our company.“
JSA is seeking to license its patented technology. “We don’t want to shut anybody down,” says Mr. Gear, “if you are happy with what you are doing, we don’t want to stop you from doing it. We will just talk about licensing.“
When asked about the fees sought, Mr. Gear told CR80News that they were not yet determined. “It is premature to know what kind of fees would be expected and they will likely be determined on a case-by-case basis. The license fee will probably be negligible in the grand scheme of things.”
According to a company press release issued March 16, 2006, campuses with homegrown systems were contacted because, “we want to grant them licenses to our patent so they may continue their operations.” When asked by CR80News if campuses with in-house solutions developed for their own use prior to the issuance of the patent will be charged license fees, JSA officials stated that they would need a license if they developed the system after 1998 when the patent was filed.
That JSA is seeking license fees should come as no surprise nor should it be met with scorn. The fabric of an entrepreneurial and capitalist society requires protection of intellectual property. The patent is a hard-earned acknowledgement and legal proclamation of intellectual property. And patents are also not cheap. According to the release, JSA has “spent considerable time and resources developing and commercializing its patented software.”
Implications beyond campus cards
Reading the text of the patent, it seems likely that the reach may extend well beyond campus cards. Other financial systems that operate outside of the traditional banking network, but rely on it for revaluing or replenishment, may well be impacted.
Would gift cards architectures that operate within standalone or closed loop networks yet enable web-based value transfers from bank or card accounts be viewed as infringing? What about peer-to-peer payment networks like Paypal that rely on value transfers from bank accounts to fund their online payment service?
Mr. Gear said it was not something he was prepared to comment on suggesting only that, “we would have to have discussions to determine the extent to which these things may apply.”
Dissecting the patent into layman’s terms
We have done our best to translate the morass of ‘patent-speak’ into language that the average non-attorney can understand. The following translation is for the abstract of the JSA patent.
Actual language: The present invention is directed to methods of, and systems for, allowing an account participant to add value via a wide-area network to a first account from a second account. A first account server coupled to a wide-area network supports the first account. In a preferred embodiment the wide-area-network-accessible value transfer station (VTS) includes a central processing unit for executing instructions, and a memory unit. The memory unit includes an operating system, software for receiving from a participant via the network a) second account identification information, and b) a value that the participant desires to transfer to the first account from the second account, second account verification software for receiving the second account identification number from said receiving software and for verifying that the second account authorizes the transfer of the specified value, and value transfer software for receiving a value from the receiving software, for receiving a verification from the verification software, and for transferring the specified value to the first account from the second account if the verification is received. The wide-area-network-accessible VTS further includes conductive interconnects connecting the central processing unit and the memory unit to allow portions of the wide-area-network-accessible value transfer station to communicate and to allow the central processing unit to execute the software in the memory unit.
Translation: The patent is for a system that enables an account holder to transfer funds (or value) from one account to another account via the Internet (or wide area network). The first account operates on a specific network. A value transfer station (VTS) is a computer or similar device with connectivity to that network. The VTS runs software to accept (for the account holder) a second account number and a dollar (or value) amount to be transferred into the first account. The software also (1) verifies that the second account authorizes the transfer (e.g. that sufficient funds or credit are available), (2) receives the electronic transfer of the funds, and (3) adds that value into the second account. The VTS’ CPU and memory are connected such that the CPU can execute the software contained in the memory.
Text of the press release issued by JSA on March 16, 2006:
Recently JSA Technologies contacted numerous private companies and several institutions of higher education regarding the licensing of a patent invented and commercialized by our company. Since that time there has been much debate about the implications of the patent. It is my hope that this communication will address these issues and clarify our intentions regarding the enforcement of the patent.
JSA has been in business since 1998 and has spent considerable time and resources developing and commercializing its patented software. The patent was obtained to protect the business and intellectual property rights of JSA Technologies. Without the patent, companies with greater capital resources could use our invention for their financial gain and attempt to drive JSA Technologies out of business. That is why we sent communications to college and universities who have developed solutions that may infringe upon the patent. We want to grant them licenses to our patent so they may continue their operations.
JSA Technologies was founded on the principal that colleges and universities should be given the opportunity to choose their own path. No one company should be able to dictate what solution is used to satisfy a business objective. We spoke with many institutions frustrated with the limited offerings from their card system provider and developed our unique WebVTS™, StudentLink™ and MerchantLink™ products to address their needs.
We champion the concept of unique solutions and custom designs. That is why it is so important that everyone know our intentions regarding the patent. If JSA cannot meet the business requirements of a given college or university, we do not want to prohibit the institution from finding a solution that does. If, however, the solution uses our patented technology, we will request an appropriate licensing agreement.
We want you to choose JSA Technologies based on the quality of our product and not because we have a patent.
I encourage you to contact JSA if you have any questions or concerns about our patent.
David Johnson
President/CEO
JSA Technologies
(877) 572-8324 x2200
[email protected]
Additional resources:
To visit JSA online, click here.
To read the full text of the patent online, click here.
By Andy Williams, Contributing Editor, AVISIAN Publishing
Shackled by an outdated card program and its proprietary operating system, Nova Southeastern University (NSU) went looking for something bigger and better and, more importantly, a campus card that would enable the university to keep pace with technology.
With its 27,000 students, NSU, located in Fort Lauderdale, Florida, is the largest independent higher education institution in the southeast and the seventh largest in the U.S. Founded in 1964, the not-for-profit university has branch campuses in Miami and Dania Beach, with the Dania location housing the Oceanographic Institute, and what NSU calls “student educational centers” in Tampa, Orlando, Miami, West Palm Beach, and Jacksonville, Florida, Las Vegas, Nevada, the Bahamas, Jamaica, and Puerto Rico.
John K. Brueck, Jr., Nova’s director of Campus Card Services, said it was a “pretty elementary decision” to seek a new card program. “We were handcuffed with our current program. We can’t develop new applications or get new equipment because it’s a proprietary operating system, and it was getting more and more expensive to operate.”
Nova’s current campus card would not have appeared to “outdated” to many observers. It was a smart card with a 1k and 4k chip as well as proximity capability and a magnetic stripe. The system offers physical access to buildings and parking lots on campus, acts as a library card, and functions for a host of payments. “Through the smart chip in a contact environment, users can pay at POS stations, use copiers, pay for print, laundry and vending,” said Mr. Brueck.
Replacing the existing smart card system in pursuit of better functionality
But administrators felt constrained by the current system as they found it impossible to add functionality. In addition, they have several different cards –five in all – that are utilized for different functions. That was another reason the college needed change. Administrators wanted a single card – a true one card system.
He said the university “wanted to offer our students superior service. We needed to have a partner that could develop new applications and new opportunities, something that would ease the student experience and positively affect the way students move about campus. It made sense, then, to move to a larger card system that would offer more functionality.”
The college tasked Siemens Corporation, to start exploring what was available and what would work. “Siemens was already established providing infrastructure on our campus,” said Mr. Brueck. That included the college’s security system, including access control and cameras.
“We looked at various vendors based on where we wanted to go with our card program. Siemens identified SmartCentric Technologies International Ltd. as the best fit and reached agreement with the company to provide the smart card system.”
SmartCentric Technologies, based in Ireland, has successfully installed campus card programs, based on its SmartCity system, at about 15 universities, mostly in the U.S., including schools in Orlando and Tallahassee, Florida. SmartCity is a multi-application smart card-based system that includes stored value, loyalty, gift cards, logical access, physical access, biometrics, car parking and ticketing.
“Nova wanted a system that would give them the flexibility to grow their programs,” said SmartCentric’s CEO, Kieran Timmins. “They’re not just buying for today, but tomorrow.”
The partners – Siemens and SmartCentric – also had to take into consideration the university’s “complex requirements,” said Mr. Timmins. “Nova has very diverse campuses … the main one in Fort Lauderdale, one in the Carribean, etc.”
We are working very closely with Siemens,” said Mr. Timmins. “Siemens is on the ground doing project management, requirements analysis, and working with Nova to make sure the networks … the technical architecture is in place.”
Big plans for the new system
Every student – whether at the main campus, in the Bahamas, or in Orlando – receives a student ID card from NSU. However, it depends on what’s available at the specific campus as to what else the card can be used for, said Mr. Brueck.
“The ultimate goal is to take the applications on our south Florida campus, such as pay for print, and grow the applications, where prudent, to extend them to our other campuses,” Mr. Brueck added. “There might not be a need for a meal plan at Las Vegas but you might have web revalue. One of the other things is to have the ability to grow our program outside North America, to be able to do business in different currencies at the cash value stations. For example, the cash revalue stations in Jamaica would accept Jamaican dollars. If we open a campus in Europe, it would accept euros.”
This parallels with what Mr. Timmins says is “the concept behind SmartCity … not every card holder has to have the same profile or even the same size card. In the old days of smart cards, everyone had the same card. Now we can select very precisely who will need what.”
The SmartCity One Card., utilizes both contact and contactless technologies, Nova’s phase one applications will include student, faculty, and staff ID cards; cashless purchases at POS, vending machines, pay for print, meal plans; a web-based card revalue and card holder portal; and access control. The access control portion will incorporate both physical and logical applications and will use biometrics where needed.
The biometric portions, said Mr. Timmins, will be match-on-card. “When you do biometric authentication, you’re authenticating against the card, not a database.”
Mr. Timmins said the new system is planned for early 2007. “There is a significant amount of work that needs to be done, not the least of which is support for the Siemens Card operating system.” Siemens will be supplying the chip and the card, he added, “with SmartCentric supplying the software.”
The card will be a combi-card with prox and an embedded 64 k contact chip from Siemens on the card. “Biometrics (for physical access) can go on either the contact or contactless portion. The contactless portion of the card will support prox technology so the existing investment in prox readers will be maintained,” he added. “We’ll be taking out existing readers on laundry and vending and replacing with our own readers. In the initial phase we’re aiming to replace what they have today: vending, laundry, POS, pay for print.
Moving to the future
Web-based revalue will allow cardholders to look at the value on the card and where it was used. There are also plans for logical access, but I’m not sure which phase this will fit into. Next will be e-ticketing and off-campus use. Digital certificates (the ability to digitally sign documents) is also on the list of possibilities.”
“We want to go with single sign on and digital certificates, but whether we move in that direction or not, we’re currently evaluating,” added Mr. Brueck. The card-based digital certificate program would primarily be used at the university’s health care center.
As to moving off campus, it will come, but not right away. “We know we’re going off campus,” said Mr. Brueck. “There’s a lot of interest from retail food establishments with what we’re doing and students want to be able to pay for services off campus. Web revalue will help with that functionality.” That’s one of the reasons the college is planning to place up to four purses on the card.
In the e-ticketing phase, NSU cardholders will be able to pay for event tickets over the Internet and load the ticket to their NSU card, making entry to NSU’s University Center (opening in August) easier on the patron, said Mr. Timmins.
The initial rollout will be 30,000 cards. “We’re going through workshops with them at the moment to determine what will be in phases 1, 2, 3, etc.”
“We’re looking at doing what’s right,” said Mr. Brueck. “We’re taking baby steps. We’re being methodical and not growing beyond our britches too quickly. We feel very comfortable with Siemens and SmartCentric. We look at this as a partnership but also as a family because we’re going to be working very closely with them.”
Additional resources:
To visit the NSU card program on the web, click here.
To visit SmartCentric on the web, click here.
A Colorado-based manufacturer of contactless security readers has significantly strengthened its market position with a major announcement in the physical security space. XCeedID’s multi-technology readers - capable of reading prox plus an array of contactless card flavors (e.g. Mifare, DESFire, iCLASS, my-d) - have been selected by Lenel for private-labeling.
Lenel Privately-Labels XceedID Multi-Tech Readers
GOLDEN, COLORADO – February 9, 2006 – XceedID Corp. recently entered into a private-label OEM agreement with Lenel Systems International, the leading provider of software and integrated security management systems. XceedID Corporation’s innovative line of ISO-X™ Multi-Technology readers will now be available under the Lenel brand as the Lenel OpenCard™ Reader series.
XceedID and Lenel worked together to customize the versatile ISO-X Multi-Technology reader for use with the Lenel OnGuard® security platform, creating a unit with unprecedented functionality. Using OnGuard OpenCard™, Lenel’s smart card encoded information standard, the Lenel OpenCard Readers support HID® proximity, GE/CASI® ProxLite®, my-d®, MIFARE®, MIFARE DESFire®, HID iCLASS™, XceedID ISO-X and other technologies. The devices can read proximity numbers, smart card serial numbers and the data application areas of contactless smart cards.
“XceedID is pleased to be working closely with Lenel to deliver innovative reader solutions to the market. We expect our threaded partnership with Lenel to grow with current and future products and we anticipate that our combined offering will be a significant value-add for the Lenel customer base.” said John Menzel, XceedID President and CEO.
“Lenel is very pleased to now offer flexible, competitively-priced readers that support multiple card technologies with an open standard,” said Erik Larsen, Product Manager of Identity Solutions for Lenel Systems International. “The Lenel OpenCard Reader series provides a viable solution for customers who are transitioning from one card technology to a newer standard, or for those who require multiple card technologies in a complex access control environment.”
The Lenel OpenCard Reader series includes a mullion-mount reader, a mid-range reader and a mid-range reader with a keypad.
About Lenel
Lenel Systems International, Inc. is a global leader in the development and delivery of scalable, integrated systems for the commercial security market, with more than 12,600 system implementations in 75 countries. Lenel is headquartered in Rochester, New York, with sales and support coverage in all major world markets. Lenel is a subsidiary of UTC Fire & Security, which is a business unit of United Technologies Corporation (NYSE:UTX). More information about Lenel and its products can be found on the company’s web site at www.lenel.com.
By David Wyld, Contributing Editor, AVISIAN Publications
When visitors step up to the gates of the four Disney World theme parks, the Magic Kingdom, Epcot, Animal Kingdom, or the MGM Studios, they will encounter something unexpected and largely foreign to them. Disney has embarked on a program to use an established biometric technology – finger geometry – to secure its valuable passes. Ostensibly, this new security is for the benefit of the pass owner. However, it is also being implemented to secure Disney’s pricing structure and marketing strategy. It has not come without controversy – and at least a bit of confusion.
What is Finger Geometry?
Hand geometry has been aptly described as “the ‘granddaddy’ of all biometric technology devices.” It is essentially based on the fact that virtually every individual’s hand is shaped differently than another individual’s hand, and over the course of time, the shape of the person’s hand does not significantly change. Operationally, finger or hand scanning systems capture the physical, geometric characteristics of an individual’s hand – with most systems having the capacity to do so in less than a second. From these measurements, a profile or “template” is constructed which will be used to compare against subsequent readings by the user. Finger and hand geometry are considered somewhat interchangeable terms. However, hand geometry evaluates the person’s entire hand form as a biometric identifier, while finger geometry looks only at a subset of the five fingers to form the identifier. In either case, such geometry does not entail the taking of a person’s fingerprints. In a recent study, the National Academies of Science of Science found that while a person’s finger geometry is indeed far less distinctive than his/her fingerprints, hand or figure biometrics is indeed suitable as an identifier for a wide variety of circumstances, where one in a thousand uniqueness is sufficient.
Finger geometry has been used successfully since its commercial introduction in 1975, when it was brought to Wall Street for security purposes by the investment firm of Shearson Hamill. Over the years, it has been utilized to provide secure access and verify one’s identity in a wide variety of settings, including:
Probably the widest use of finger or hand scanning is in the corporate realm, where such scanning is used in complement with employee badges, passes, and ID cards to prevent payroll fraud, a seemingly intransigent problem which has been estimated to cost employers in the U.S. alone hundreds of millions of dollars each year. While other forms of biometrics may be growing more rapidly, there is still substantial growth potential for hand and finger scanning, In fact, according to Biometrics Info, hand geometry revenues have been forecast to reach $97.4 million in 2007, which represents an almost 400% growth in the market since 2002.
Giving Disney Your Fingers
Disney has moved over the past decade to use automatic identification in various forms. In 1996, the company moved away from a hard plastic laminated pass for all holders of multiday or annual passes, which contained both a bar code identifier and a photo of the passholder. In its place, Disney began issuing mylar paper passes. These new passes had no photo identifier, and indeed, contained only minimal visual evidence of ownership, basically only the guest’s name and the expiration date of the pass. Beginning in June 2005, all Walt Disney World parks began using finger scanning at its park entrances to complement the security measures embedded in its mylar passes. When a Disney guest presents his pass at the turnstile, he is asked to insert the pass into a reader, and after doing so, to make a “peace sign” with his index and middle fingers and insert those fingers into a scanning area. During the scan, a camera takes a picture of several points on each person’s index and middle fingers and assigns a numerical value to the image. The scan – which is accomplished in less than a second – measures the length and width of the individual’s two fingers and the spread distance between the digits. Once the scan is taken – and all adults are required to do so - the pass is returned to the guest.
For a number of years now, Disney’s marketing approach has been to shrewdly push the sale of multi-day and annual passes to its theme parks that comprise the Disney World complex (Disney passes are not interchangeable between its parks in Anaheim, California and Orlando, Florida). The pricing structure at Disney World’s is transparently meant to encourage its visitors to buy passes for longer stays at its Orlando properties. In fact, the daily price of a Disney park visit drops significantly as longer-lasting park passes are purchased – by half at the 7-day mark and by almost two-thirds at the ten day market. To put it quite simply, Disney makes about $200 more by selling five separate two-day tickets than by selling a single ten-day pass. So, to protect its revenue stream, Disney does not allow its annual or multi-day passes to be shared or transferred. They don’t want people to buy a ten-day pass, use it for two days, and then resell the pass to a buyer to use the remaining days.
Not only do longer stays mean that families visiting Disney World will have more opportunities to spend more money on food and beverages, souvenirs and trinkets, and other experiences, such as breakfast with Cinderella, while on Disney property. Perhaps even more importantly, the passes serve to “lock-in” guests to focus their Orlando visits on Disney parks, rather than spending their time – and money – at the competitor’s parks and other entertainment experiences available in this burgeoning family resort area.
A mixed reaction
From Disney’s perspective, the ticket tag is a necessary security measure that does not violate its customers’ privacy. According to Disney spokeswoman Kim Prunty, contrary to some reports, “We’re not keeping a database of fingerprints.” In fact, the company does not maintain a permanent database of scans, as the information is purged from its systems after the individual’s pass expires. Disney has also not disclosed the vendor for its biometric system.
However, Disney’s move to finger scanning has generated some degree of controversy since its implementation. Since Disney defines an “adult” park guest as being 10 or older, many minors are being subjected to finger scanning. Leading privacy groups have also attacked Disney’s move. The American Civil Liberties Union recently called the addition of biometric technology “a step in the wrong direction.” EPIC – the Electronic Privacy Information Center – recently issued a blistering attack on Disney for its use of finger scanning. It called the practice a “a gross violation of privacy rights,” as there is little notice given to consumers as to why their biometric information is being collected, how it will be used, and the protection afforded to the data. EPIC also criticized Disney’s move based on the legal principle known as “the proportionality test,” which can be encapsulized as whether the amount and type of information being collected equals the level of security being sought? To date however, there have been no lawsuits filed against Disney over its use of finger scanning technology.
Surprisingly, both at ticket sales’ locations and at the actual park entry points, Disney has not seen fit to post information on exactly what is being done when the park patrons are asked to make the peace sign and insert their digits into the reading machine. Most patrons – and even some public interest groups and media covering the developments at Disney - have assumed that the company is fingerprinting park visitors and matching the passholder’s print to the pass – and perhaps even other databases, such as criminal records, sex offender registries, and terror watch lists. This has led some industry observers to criticize Disney for having a corporate communications problem in not explaining the “why’s” for the use of the technology to its patrons, while others have seen fit to call upon Disney to find creative ways to leverage the technology - and the data it collects – beyond gate security to provide better in-park customer experiences for its guests.
Good technology often makes good business sense
What is certain is that we will see more such applications of finger geometry in the future, as Disney is by no means alone in exploring how this established technology in the theme park industry. Indeed, according to a report from The Orlando Sentinel, several of the company’s principal competitors are looking to implement similar pass protection technology to their valuable tickets and passes in 2006, including:
From the perspective of Dennis Speigel, President of International Theme Park Services in Cincinnati, such biometric scanning may be a necessary tool for the entire theme park industry. He recently observed that: “Tickets are very expensive for these facilities. If you can hand them off, it costs the parks money. The introduction (of this type of solution) will be used more broadly in the industry in the future.”
For now, the introduction of finger scanning seems to present Disney with an operational challenge to get visitors used to the new requirement. The reaction of Simon Henson, who visited Disney while on vacation, is common. As Mr. Henson put it: “Overall it’s good. But it seems to make the queues longer. No one seems to put their fingers in all the way on the first try.”
About the author:
David C. Wyld ([email protected]) is the Maurin Professor of Management and Director of the Strategic e-Commerce/e-Government Initiative at Southeastern Louisiana University.
Higher cost and lower market demand slows the adoption of PVC’s biodegradable rival … for now
By Marisa Torrieri, Contributing Editor
It sounds corny to some, but the latest card en route to consumers’ wallets promises the same durability of traditional petroleum-based (PVC) cards without using up one of Earth’s most valuable and dwindling resources … oil.
A new card made from processed corn got a big push when card manufacturer Arthur Blank & Co. (ABCO) announced last month it is ready to roll out millions of the regurgitated stalks for environmentally conscious retailers – whether they’re producing gift cards or highly secure access control or ID cards.
Called “CornCard USA” by Arthur Blank & Co., the card itself can be composted, incinerated and mechanically recycled in industrial facilities. This new corn-based card can be used in the same applications as the more traditional petroleum-based counterparts. The CornCard USA may be printed with most of the special inks and panels Arthur Blank offers, and with a number of security measures (i.e., specialized inks only visible with infrared and black light readers, or Guilloche printing).
While CornCard still reportedly costs nearly 10 percent more than PVC, Arthur Blank’s new rollout isn’t the only indication that these cards should be taken seriously. Major corporations such as Microsoft and Wal-Mart have said they are seeking renewable resource alternatives to traditional packaging, notes Jake Jacobs, vice president of sales for Arthur Blank & Co.
“Unlike petroleum-based cards, corn-based cards can be mechanically recycled, composted (this takes several years) and won’t release toxins when burned,” says Mr. Jacobs. “Creating the resin from corn also produces much less harmful gas than producing plastic from petroleum. On a small scale, this isn’t as big a deal, but when you consider Arthur Blank & Co. used 8 million pounds of raw materials last year for gift cards alone, you can clearly see the environmental benefits of using corn-based cards.”
You can’t eat them, but you can swipe them: Cards look, feel the same as PVC
Processing corn cards involves several steps, explains Todd Niemuth, marketing manager for Spartech Corporation, the “plastic sheet extruder” company that makes CornCard USA Sheets for Arthur Blank & Co. Spartech competes with PVC sheet extruders, using the process of fermentation, followed by polymerization.
The process of corn polymerization, the first step in making corn cards, is similar for both corn- and oil-based plastics, explains Mr. Niemuth, who notes that the process is just as complex for both corn and oil plastic. Conducted by NatureWorks for Spartech and ultimately, for Arthur Blank & Co., the process involves turning raw materials into tiny pellets.
First, the corn is planted, harvested, then sent to a milling plant where starch is separated and isolated from other components. The starch is converted to sugar. Then, through a fermentation process much like making wine or whiskey, micro organisms convert the sugar into a lactic acid, which ignites the biological process of polymerization. The polymer, or plastic, is formed into pellets that are sold to Spartech.
“The most environmentally significant difference is that PVC is derived from oil, something that takes millions of years to regenerate, while PLA is derived from corn, a plant that grows in roughly 100 days,” Mr. Niemuth says.
Then, the sheet extruder takes the pellets and mixes its own proprietary blend of chemical additives to give the corn-spawned plastic better strength, before flattening it into thin sheets that look like a thick sheet of paper.
“You can get 60 cards out of one sheet of plastic,” Mr. Niemuth says.
After the sheet extruder turns the pellets into sheets, they are then shipped to Arthur Blank & Co., which adds its own, top-secret binding formula to the sheets before churning out the corn cards. The formula, developed by ABCO, is necessary to prevent problems such as ink bleeds and cards that curl at the edges. The formula is a result of several years of trial and error, as bad printing and imperfect cards were an industry-wide problem for years, Mr. Jacobs says.
What will turn corn into a corporate cashpot?
If the cost of oil continues to rise, it won’t be long before both card manufacturers and retailers start following Arthur Blank’s lead by investing in alternative resources.
But for now, the biggest challenge to adoption is that retailers are not demanding the CornCard, say a number of Arthur Blank’s manufacturing competitors.
Versatile Card Technology (VCT), for instance, makes a huge range of cards for a variety of industries, but according to a source, the company won’t consider making CornCards without customer demand.
“They’re really expensive,” says a VCT spokesman. “It’s more client-driven,” and clients are interested in “highest print quality at lowest price.” PVC cards are industry standard and CR80 cards cost 10 cents apiece, the spokesman notes.
Should environmentally conscious vendor such as Whole Foods Market want to order one million corn cards, however, VCT would jump on the chance to make them, the spokesman adds. Until then, “PVC’s a very rugged, durable material,” the VCT spokesman says.
But Mr. Niemuth believes that all of the leading card manufacturers are definitely keeping plans to manufacture corn cards. While the cost of corn remains stable, oil prices continue to skyrocket. When the price of making CornCard USA becomes more competitive, manufacturers will become even more accommodating.
“I think it’s safe to say every non-secure card manufacturer in the top 10 has asked us for trial material, and has it or will get it soon,” Mr. Niemuth says. “That doesn’t necessarily mean they have demand, but there’s a tremendous amount of interest.”
Additional resources:
To visit Arthur Blank & Co. on the web, click here.
To visit Spartech Corporation on the web, click here.
To visit Natureworks PLA on the web, click here.
Debitek, a card reader/device manufacturer and stored value solution provider, has been acquired from its prior owner Ingenico by Heartland Payment Systems. Debitek is well-known in the “closed system” card market with more than 20-years experience providing mag stripe and smart card payment solutions to college campuses, corporate sites, gaming/entertainment venues, and correctional facilities.
Heartland Payment Systems Acquires Debitek
Acquisition Provides Prepaid and Stored Value Solutions Platform in Rapidly Expanding Small-Dollar Transactions Market
PRINCETON, N.J., Feb. 13 /PRNewswire-FirstCall/ – Heartland Payment Systems, Inc. (NYSE:HPY), one of the nation’s largest providers of merchant acquiring services, today announced it has acquired Debitek, a leader in prepaid and stored value solutions. Debitek immediately provides Heartland with a proven platform in the stored value and prepaid market, particularly with respect to small-dollar payment applications.
Robert Carr, Chairman and CEO of Heartland Payment Systems, Inc., said, “Debitek is a leader in the prepaid and stored value solutions industry with arguably the most successfully deployed technology of its kind in the United States. A prepaid and stored value solution is also an ideal platform to capitalize on the growth opportunities of small-dollar transactions, which is a large and rapidly emerging electronic payment solutions market. Debitek’s substantial installed base utilizing their proprietary software provides a solid foundation for penetrating this market. We are excited about the opportunity to broaden our product offering while also entering the new markets already served by Debitek solutions.”
Debitek, headquartered in Chattanooga, Tennessee, has an established client base utilizing approximately 130,000 payment devices, and an experienced and dedicated management team. The Company has a proven, reliable solution to transfer value to either Mag stripe or Chip (“Smart”) cards. Among its many applications, Debitek provides its cashless solution to numerous university and business campuses across the country - including the Universities of Florida and Minnesota, Northwestern University, and BMW, Coca- Cola and Morgan Stanley - as well as the entire Federal penitentiary system.
Larry Hauser, Vice President and General Manager of Debitek, said, “We are pleased to be joining with Heartland Payment Systems. With Heartland’s extensive resources and nationwide infrastructure, we can accelerate growth within our established markets as well as broaden our reach into new markets. We also envision numerous synergistic opportunities to leverage our prepaid and stored value technology with Heartland’s payroll and transaction processing leadership.”
Financial terms of the transaction, which was structured as a stock purchase, were not announced. Heartland believes the transaction will not have a material impact on earnings in the near term.
About Heartland:
Heartland Payment Systems, Inc. (HPS), a NYSE company trading under the symbol HPY, delivers credit/debit card processing and payroll solutions to over 110,000 small to medium-sized merchants throughout the United States. HPS also provides additional services to its merchants such as gift and loyalty card programs, paper check authorization, and sells and rents point-of-sale devices and supplies.
With over 1,000 national sales professionals, HPS builds long-term business relationships in local sales territories providing merchants with enhanced technology tools that assist them in more effectively operating their businesses.
Heartland commenced operations in 1997, and since 2000 has grown at a compound annual rate of more than 30% to become the seventh largest merchant processor in the United States and fifteenth largest merchant processor in the world.
Helping college students who are on their own for the very first time can be a rewarding experience for employees of a bank’s on-campus branch. Students may never have had a bank account before and it may be their first experience with a payment card as well. True, they could deal with an online bank or work with their bank back home or across town, but many find there is no substitute for sitting across the desk from a real live human being at a brick and mortar bank on campus.
“Students just starting on campus, know very little about managing their own finances,” said Whitney Bright, vice president, Campus Banking, for U.S. Bank. “That’s why face-to-face interaction is important.”
Even simple banking tasks that most of us take for granted, such as opening accounts, making deposits, using the ATM, may be Greek to students, particularly incoming freshmen. Learning the basics, “students seem to be appreciative of this,” said Ms. Bright.
This level of comfort and education is perhaps the single most important benefit that an on-campus branch can offer.
But other benefits of on-campus branch banks have nothing to do with students. “(A branch can give) parents peace of mind, knowing their students have a bank on campus they can visit anytime,” said Ms. Bright. “There might be a brick and mortar bank a mile away, but that bank has to deal with so many other things … an on-campus branch is dealing just with students.”
Understanding the campus market
The most important factor when locating a branch on campus is understanding the campus market. A college branch bank is dealing with a unique niche with operational needs.
“The student market is unique so employees (should be) different for the campus branch,” added Ms. Bright. But it goes much deeper than simply hiring the right employees to work with students. Financial education, product offerings, pricing, even hours of operation may need to be adjusted to most effectively serve a campus market.
“We (U.S. Bank) conduct financial wellness seminars for students,” said Ms. Bright. They learn how to open and, more importantly, run their checking accounts. That includes balancing their checkbook each month, reading bank statements, things that most of us take for granted. “We teach students how not to get into trouble with their credit and ATM cards,” she adds.
With more and more financial functions being tied to campus cards today, knowing how to manage and care for personal financial wellbeing takes on even greater importance–for both students and their parents. An on-campus branch can be a key tool in this lifelong lesson.
For the second time in less than a year, access control and card provider IDenticard (and sister company IDenticam) has new ownership. Last year, the Pennsylvania company was acquired by GE and today it was announced that Brady Corp. is the new owner. Brady’s other personal identification companies include TEMPbadge, Stopware and J.A.M. Plastics in the U.S., and BIGBadge in the U.K and France.
Brady Corporation Acquires Security Identification Maker GE IDenticard Systems, Inc.
MILWAUKEE, Feb. 9 /PRNewswire-FirstCall/ – Brady Corporation (NYSE:BRC) , a world leader in identification solutions, today announced that it has acquired GE IDenticard Systems, Inc. based in Lancaster, Penn., and its Canadian affiliate IDenticam located in Markham, Ontario. Terms of the transaction were not disclosed.
IDenticard, founded in 1970, is a market leader in personal identification, access control and consumable identification badges. Known as an innovator in security card technology, its products include identification card systems that combine biometrics, digital imaging and other technologies to positively identify people and prevent identification card counterfeiting; and access control systems that restrict entry into buildings using multiple card-reader technologies. IDenticam offers integrated photo identification solutions, printers, supplies, accessories and visitor management solutions.
The companies, with 120 employees in the U.S. and 36 in Canada, have over 30,000 customers in healthcare, education, government and manufacturing. They had combined 2005 sales of about $33 million (U.S.). IDenticard and IDenticam were acquired by GE in March 2005 as part of its acquisition of Edwards Systems Technology.
“With an increased importance on safety and security around the world, the need for effective personal identification has never been greater. IDenticard’s proprietary products and advanced technologies in this area make them a terrific addition to Brady’s personal identification brands including TEMPbadge, Stopware and J.A.M. Plastics in the U.S., and BIGBadge in the U.K and France,” said Tom Felmer, Brady vice president - Direct Marketing Americas. “The acquisition of IDenticard and IDenticam further strengthens our position in the personal identification market and establishes Brady as a leader in card access security badges. We expect this acquisition to play a key role in our global personal identification product strategy.”
“We’re very excited to be joining the Brady team,” said IDenticard General Manager Bob Hager. “Brady brings strong leadership with a commitment to product development and innovation that will provide significant opportunities for our growth and further enhance our focus on the customer.”
Brady Corporation is an international manufacturer and marketer of complete solutions that identify and protect premises, products and people. Its products help customers increase safety, security, productivity and performance and include high-performance labels and signs, safety devices, printing systems and software, and precision die-cut materials. Founded in 1914, the company has more than 300,000 customers in electronics, telecommunications, manufacturing, electrical, construction, education and a variety of other industries. Brady is headquartered in Milwaukee and employs about 5,500 people in operations in the United States, Europe, Asia/Pacific, Latin America and Canada. Brady’s fiscal 2005 sales were approximately $816 million. More information is available on the Internet at http://www.bradycorp.com/ and http://www.identicard.com/.
Five buildings and 148 doors at the Ohio campus on Wright Patterson AFB are now secured via a FIPS 201 compliant physical access control system. The solution, integrated by SMARTnet Inc., reads current Common Access Cards and will read next generation contactless cards.
Air Force Institute of Technology (AFIT) Leads the Way in Physical Security Infrastructure Supporting HSPD-12
Frederick, MD – February 1, 2006 – SMARTnet, Inc. has successfully implemented a physical access system for the Air Force Institute of Technology at Wright Patterson AFB, that supports contact and contactless Common Access Cards (CAC).
AFIT’s new physical access system covers five buildings and 148 doors across its campus, networked together via IP to a centralized security center. The new system allows students to use their CAC card for both physical access and logical access thus eliminating the need for multiple type access cards. Additionally, the new system supports the older contact CAC and will support the new contactless CAC cards (FIPS-201, PIV II compliant) thus providing AFIT a planned transition path without having to have multiple reader devices to meet their needs and support the directives of HSPD-12.
According to Steve Bowers, Executive Support Officer, Office of the Dean, “We needed a new physical access system and we wanted to be sure our new system would support the existing technology as well as where the Air Force was heading with the new requirements based on HSPD-12. With the help of the Air Force Security Office, XIC, we developed a requirement for our new system. SMARTnet designed and integrated a solution that met our requirements.”
To support the PIV II capabilities, AFIT, with the assistance of the SMARTnet team, will be evaluating and testing prototype finger print readers that will be integrated with the card readers. The new integration for biometrics is expected to begin in April 2006.
SMARTnet is an enterprise IT systems integration firm offering a nationwide presence and 10 years experience designing and implementing highly flexible mission critical IT and security solutions.
For information: www.smartnetgov.com.
Compare FIPS 201 Products
