Paving the way to one-card utopia

Posted on June 4, 1999 
Filed Under CNET, Julian

By Julian Matthews, June 4, 1999

On the surface, the premise for Malaysia’s national multipurpose card (MPC) project seems logical–a single smartcard to combine all functions and then some, instead of the various cards cluttering one’s wallet.

Embedded on a chip on the card would be one’s identity, medical details, driving license, and passport. It would also double as credit, debit, e-cash and automated teller machine (ATM) card.

With a thumb print or identity number, the card could also function as an access key for individualized applications such as club memberships, ticket-less air travel, shopping discounts or allowing access to buildings and restricted areas.

What’s in it for consumers? The ultimate convenience. Using the card will be quicker than fishing out cash. You’ll always have exact change. Your credit worthiness could always be easily verifiable. No need to remember complicated numbers. No more form filling.

But when the task force for the MPC met up in 1997 to discuss the card’s specifications, the one “supercard” seemed way ahead of its time. There was a variety of obstacles to resolve–non-compatibility, propriety technology, security, cost and ethics.

How do you get competing credit card issuers to place their individual brands on the one card, for example? How do you get both local and foreign banks to make their ATM technologies compatible? How do you make a chip-based passport “readable” in various countries?

How, for instance, do you renew driving licenses and passports easily in a country notorious for its glacial bureaucracy, especially when you lose such documents?

When smartcard heaven can also be hell

The scary thing for cardholders is if you lose your card, you’re not just out of money, you lose your identity, proof that you can drive, and access to your workplace. Scarier still–someone could assume your identity and misrepresent you.

Canceling the card should be easy enough. But how long will it take to get a new card if you need to go through several government departments to identify yourself? How would the government avoid the misuse of a dead person’s card?

The questions were confounding. Compounding the specification nightmare, was the fact that Malaysia has a history of fumbling when it comes to such technology. Figure out, for instance, why there are three non-compatible public payphone systems requiring three different cards to access.

Could such a government make the leap to the one-smartcard nirvana it proposed for its Multimedia Super Corridor (MSC) project that the MPC was part of?

One of the early decisions of the task force was to adopt a two-card approach and narrow the scope of functions for each. One would be a Payment Card for access to debit, credit, ATM and electronic cash.

The other would be a Government Card for identity, health, driving license, and passport purposes. The latter was limited to four applications, perhaps because it was inconceivable to think more than four government departments could agree on anything.

The task force insisted that technology platforms for both cards be compatible, so that eventually, the cards could be merged.

The decision proved fortuitous for Malaysia. In a single stroke, the market for the national MPC–estimated at as many as two million for the initial MSC roll-out–was doubled.

Factor in the fact that Malaysia planned to issue the MPC to all its 20 million citizens, and the card’s vast e-commerce possibilities, and you had a hot market on your hands.

Suddenly, major smartcard players all over the world were interested.

Malaysia’s wild card

To allow local players to participate in the project, Malaysia formulated a bidding policy that forced local and foreign companies to jointly tender for components of the lucrative contract.

The rationale was that Malaysia would get the state-of-the-art technology in exchange for training, employment and technology transfer.

In November 1997, Malaysian Electronic Payment System (1997) Sdn Bhd (MEPS), a consortium of Malaysian banks running a common ATM network, announced the first MPC award. It had adopted Proton technology for the e-cash function which would allow small value transactions on both multipurpose cards.

Proton was developed by Banksys SA of Belgium, and currently has one of the largest user bases in the world with 30 million cards in circulation, accepted by 230,000 terminals in 15 countries.

In February 1998, Proton’s local representative company, Triumphant Launch Sdn Bhd, together with its consortium partners, also won the bid for the National Payment and Clearing System for the MPC.

Last September, a technical test for the Proton-based e-cash cards was run during the 16th Commonwealth Games held in Kuala Lumpur.

The sole participating local bank Bank Bumiputra Malaysia Bhd issued 2,000 reloadable cards of RM500 value, and 100,000 disposable cards worth RM50 each, for the purchase of food and souvenir items from participating merchant outlets at the Games Village and around the capital.

In August this year, MEPS will be embarking on a commercial pilot of the Proton e-cash system. About 22,000 reloadable MEPS cash cards will be issued by six banks, and about 100 merchants will be involved.

Delays in awarding contracts related to the MSC and MPC have resulted in smartcard players showcasing their technology elsewhere.

Over the last year, various chip-based cards have popped up in Malaysia. These cards are for use in payphones, handphones, satellite TV decoders, universities, and automatic toll collection. Even national passports are now issued with embedded chips. All the card issuers are touting their wares in the hope that they can buy some mileage for their MPC bids.

Revolution in the making

CNET Asia was informed that bids for the Payment MPC were divided into at least two phases–the first phase will be for the writing of specifications for the integration of the three remaining applications on the card: debit, credit and ATM. The second phase may include developing the applications and making the cards.

It is learned from a government source that a five-company consortium led by Percetakan Keselamatan Nasional Sdn Bhd, and backed by the technical expertise of German smartcard player Giesecke & Devrient (G&D) GmbH, won the bid for the first phase.

Various consortia have also been asked to bid for the second phase of the card, based on G&D’s specs.

The Government MPC contract, worth RM272 million (US$71.6 million), was awarded this week to GMPC Corporation Sdn Bhd, beating 11 other applicants.

GMPC Corp comprises systems integrator Dibena Enterprise Sdn Bhd; solutions provider Unisys MSC Sdn Bhd; smartcard player Iris Technologies (M) Sdn Bhd; networking and hardware supplier CSA MSC Sdn Bhd; and card reader supplier EPNCR (M) Sdn Bhd.

Both the Payment MPC and Government MPC are slated to make their earliest debut by the year 2000.

MEPS executive chairman Mohammad Abdullah said a six-month commercial pilot for the Payment MPC is set for the first quarter 2000.

Although he did not disclose its specifications, he said the cards will eventually have the capacity to incorporate Visa, MasterCard and other credit card capabilities while retaining their brand names.

Mohammad suggested that payment transactions for both cards are also likely to use the MEPS Secure Electronic Transaction (SET) Payment Gateway in the near future.

MEPS launched the SET gateway running on the IBM platform in March as an alternative to the more popular Secure Sockets Layer (SSL) protocol used for online transactions.

Six banks have signed up and are issuing credit card holders with e-wallets and either VeriSign or GTE-based digital certificates to buy goods and services from about 30 local merchants.

Malaysia paved the way for branded certificate authority (CA) providers to sell their systems in the country when it put into force the Digital Signature Act last October.

In future, cardholders are expected to use digital certificates issued by at least two local CAs: DigiCert Sdn Bhd and MSC Cybersign International Sdn Bhd.

Mohammad said Malaysia’s e-commerce volume is estimated to jump from about RM46 million (US$12.1m) in 1999, to RM796.8 million (US$209.7m) in 2000, and RM1.5 billion (US$394.7m) in 2001.

A leap in the dark

For detractors, the e-commerce potential of Malaysia’s MPC raises the sinister specter of fraud.

In the U.S., doubts were cast recently by a leading telecommunications company that encryption systems operated by smartcards were not tamper-proof. The cards could enable criminals to store “counterfeit” electronic money–the electronic equivalent to forging counterfeit banknotes.

The development of advanced encryption and security systems should therefore be high on the agenda of MPC developers.

Another question is that of privacy. Putting identity, medical history, creditworthiness and other intimate details on a single card allows access to data on an individual, which previously was stored on different databases.

Government, financial institutions and manufacturers all have an obligation to ensure that a cardholder’s right to privacy is not violated. Such issues are set to color the development of Malaysia’s MPC over the coming years.

But by committing to the one supercard utopia, Malaysia has already taken the road of no return.

Only one thing is certain–the financial stakes are high.

If Malaysia bets on the wrong technology, it will pay the costly price of experimentation. If it backs the right technology, the MPC will open up not just a national market, but a global one.

Published in CNet Asia, June 04, 1999: Pg 1 | Pg 2 | Pg 3 | Pg 4 | Pg 5


Comments are closed.