The smart card industry is crying foul about a report calling the security of the technology into question.
Bellcore, the research laboratory owned by the seven Baby Bell telephone companies, said last week that it found a "potentially serious problem" in the computer chip that turns the plastic card into an electronic replacement for cash.
Two Bellcore scientists concluded that "hypothetically," the card's chip could be made to malfunction, thereby giving mathematical clues to the secret keys and digital signatures that are the basis of its security. With that knowledge a criminal might be able to duplicate the monetary value on the card.
It sounded like a setback to an industry that is beginning to show long- awaited signs of growth.
But the theory has not been tested. Bellcore hasn't actually compromised cards as described in the research paper - using extreme heat or even a microwave oven to cause a system error.
Even so, William Barr, executive director of information networking at Morristown, N.J.-based Bellcore, called the finding "significant."
Mr. Barr, also vice president of the Smart Card Forum, said Bellcore is "very concerned that the cards used in telecommunications and financial applications are secure. We want to be in the forefront of the search to find solutions for our clients."
A New York Times article last Thursday, implied that smart phone cards in Europe and high-profile bank card systems such as Mondex are vulnerable. Visa International and MasterCard International were also mentioned, as was their joint test project scheduled for early 1997 in New York City.
Industry executives were swift to weigh in with denials.
"We've reviewed the paper," said Michael Keegan, chief executive of London-based Mondex International, which claims to have devoted considerable time and funding to assuring system security.
"Their assumptions don't apply to Mondex," Mr. Keegan said.
Though many officials welcomed the challenge, maintaining that this type of scientific analysis and dialogue can lead to improved product design, they dismissed the Bellcore theory as unproven, unrealistic, and "nothing new." Many executives took exception to the paper's use of the words "tamperproof device."
The cards are "tamper resistant," said Chris Jarman, vice president of chip technology at MasterCard International.
"No system is 100% foolproof," said Edgar Brown, senior vice president of remote banking at First Union Corp., which is participating in the Visa Cash card program in Atlanta. "We are constantly working with any number of players industrywide to ensure that the cards, terminals, and systems that collect transactions are keeping ahead of any potential counterfeiters."
Electronic cash systems "rely on layers of security and a range of techniques," said Mr. Jarman. Bellcore's "claim relates to one aspect."
Industry sources said the cost of breaking a smart card system, unlike magnetic stripe cards or cash, far exceeds the benefits.
"Put the resources of a Bellcore on this technology and clearly they can breach it," said William Hugh Murray, security consultant for Deloitte & Touche in Wilton, Conn. But he asked, "Is the cost low enough to make it profitable?"
Mr. Murray also said Bellcore had "mixed motives" for releasing the information to the press. "I think it's fairly obvious they're trying to drum up business."
Other observers pointed to a paragraph in Bellcore's press release that stated: "An external organization such as Bellcore will have to determine to what extent the devices are vulnerable." They saw that as an attempt to gain influence by a research institution that is struggling to come up with a strategy for the era of telecommunications deregulation.
Joseph Schuler, executive vice president of marketing for Schlumberger, the French smart card manufacturer, dismissed the paper as "primarily speculation.
"If they have a theory, I wish they would prove it before they go to the press."
Eric Planchard, chief executive of Microcard Technologies, a smart card unit of France's Bull Group, said Bellcore is "creating smoke and mirrors."
The findings will be taken seriously by the industry, many sources said, but it will not deter the drive toward a cashless society.
"We are confident in chip technology and the benefits it will present to consumers, merchants, and financial institutions," Visa said.
