Computer Law & Security Report Vol. 18 no. 4 2002ISSN 0267 3649/02/$22.00 © 2002 Elsevier Science Ltd. All rights reserved

235

Electronic Payments — the Smart Card

This article in three parts examines the legal issues raised by the development of the smart card. It explorescontractual, liability and intellectual property rights issues and assesses whether a suitable legal frameworkexists in which smart card use can flourish and grow.

ELECTRONIC PAYMENTS — THE SMART CARDSMART CARDS, E-PAYMENTS, & LAW – PART IDr Simon Newman and Gavin Sutter, Queen Mary College, University of London

A. INTRODUCTION TO SMART CARDS ANDELECTRONIC PAYMENTS SYSTEMSA smart card is simply a plastic rectangle containing an elec-tronic chip, and holding a certain amount of readable data.One common consumer use in the UK is in digital television,where they are used as security devices to unscramble theincoming digital television signal. They are also now com-monly used in GSM standard digital mobile phones asSubscriber Identity Module (SIM) cards. However,most atten-tion focuses on their potential as an independently carried,easily portable, means of both identification and electronicpayment - for example as an “e-purse” holding electroniccoins for low-value transactions, either held solely on thecard,1 or linked to a central database. Smart card technologyis not new, but at least until very recently it has largely failedto achieve widespread use within the countries of theEuropean Union. This is now beginning to change as smartcards become increasingly ubiquitous, although as yet theirprofile remains low amongst the general public - many peo-ple may carry around one or more smart-chipped credit cardsin their wallet or purse without being aware that it holdsmore than the usual magnetic strip.

Previous European smart cards development centred onmultiple national systems,2 all non-compatible, which havenever achieved good customer take-up. Even where a largenumber of cards have been circulated, as with Proton inBelgium, the frequency of use has remained discouraginglylow. The European Commission’s eEurope Smart CardCharter, after a shaky start in 2000, is trying to rectify this bymoving from its originally technology-oriented stance towardsa much more customer-centred approach. Previously itfocused on technological development of competing systems,with interoperability a distant goal. This has changed. A new“user-centric” approach to all aspects of smart cards is intend-ed to help enfranchise the citizen and give him/her fulleraccess to the Information Society which is developing in allaspects of daily life, including government and local authorityapplications.3 It acknowledges in particular the need for easy“anytime anywhere”access, in order to achieve the mass take-up of smart cards that is currently lacking.

It seems that the principal customers pushing develop-ment in this instance are not individual consumers, nor eventhe banking corporations, but the European Union’s nationaltransport networks. Transport has proven to have a key roleto play in this area as it has the mass cross-cultural user com-munity and relatively simple, extremely high-volume applica-tions4 that are needed to make smart cards part of everyone’sdaily life. Particularly prominent in this field is Transport forLondon.5 Inspired by the success of the ‘Octopus’ smart cardin the Hong Kong transit system, their Prestige Project hasdeveloped a smart card system for easy automated ticketing.This is a ‘contactless’ card, initially intended as a season tick-et, with an expiry date recorded in the card, allowing anunlimited number of journeys up to that date. Contactlesssmart card readers have already as of September 2001 beeninstalled at some London Underground stations, and the sys-tem is likely to be in general use by the end of 2002. An e-purse facility card is intended to be added shortly thereafter,with no time limit, but with prepaid electronic tokensdeducted from the card on each journey, that can be ‘refilled’with tokens through occasional payment at an electronicticketing machine. Inter-operability with other national andEuropean transport networks is a high priority - ultimatelyallowing the same card to be used on rail,bus and other masstransport systems from London to Madrid to Helsinki andbeyond.

As with all network systems, from mobile phones to theInternet, smart card applications must be interoperable withcommon standards in order to benefit exponentially fromwider use throughout the EU and beyond. It is therefore crit-ical both that suitable technological standards are reached,and that a suitable legal framework exists in which smart carduse can flourish and grow.

One question raised by the multi-functional nature ofsmartcards is one of ownership: standard, single use mag-netic strip cards are commonly understood to be issued by,for instance, a bank, to be used by the customer but remain-ing the property of the issuer. Multi-functional cards mayhave several different applications from several differentsources loaded on them – banking details, credit card,health

CLSR1804.qxd 7/3/02 2:54 PM Page 235

236

Electronic Payments — the Smart Card

records – so who owns the card? Is there a single cardowner, or will each interested party be said to own onlytheir own application stored on the card? A related questionasks who is permitted to issue an “electronic purse” smartcard.Will this be limited to banks? Will personal data cardsbe issued solely by government? Especially in countriessuch as, for instance, Germany or France where a govern-ment-issued ID card is a necessity, could the government insuch a state issue its own smart cards for ID purposes whichthe user would then add other applications such as paymentfacilities to? Government owned cards would raise the fur-ther issue of citizens’ rights to access government informa-tion as relating to themselves.Alternatively, will it be legally,as it is technically, possible for a company simply to produceand sell ‘empty’ smartcards which the user can then add his own details to? Or must the issuer be a licensed person,real or legal?

A further important issue requiring analysis is whetherthe user of a card will be permitted to add and remove appli-cations from the smartcard at will, or whether it will carryfixed applications as installed by the relevant companies withwhich the user may not tamper. The voluntary nature of suchsystems must be emphasized - the multi-application “smartwallet” may contain software from numerous different organ-isations,but its contents must be under the user’s control, justlike a physical wallet. If it is to be commercially successful itmust be seen as both safe and convenient for the end user.This is likely to require easy notification procedures in case ofloss or theft, with the card and its contents being made quickand easy to replace.

The contractual issues involved require consideration. Forinstance, the contractual relationship between issuer anduser will remain substantially similar as for the issue of a stan-dard magnetic strip single use card. However, a multi-func-tional card raises a number of other relationships such as thatbetween card issuer and application provider, or betweenone application and another.

An area of great significance is liability. Liability for loss,damage, fraudulent usage, etc of a standard magnetic strippayment card (credit, debit, etc) is subject to a clear con-tract between the issuer and the user. However, when amulti-functional smart card is involved, the issues becomemuch more complex. For example, in the case of loss ortheft, who bears the responsibility if not the user? Is there asingle application which will be responsible for ensuringadequate security for the card’s general functions, for exam-ple, prevention of fraudulent use of the card in payment, orof a digital signature encoded into it in order to identify therightful user? Security, fraud prevention, and so on will alsoarise as issues of consumer protection provisions. Theapplication of data protection requirements will be of greatsignificance in ensuring adequate consumer protectionstrategies are in place.This is likely to entail the use of somemethod of encryption, raising further issues as to availabilityof decryption information.

Lastly, intellectual property rights (IPR) in the smartcardtechnology will be analyzed in the study. How will the pro-tection of such rights be achieved – will it be primarily bypatents, rather than copyright? How are those commercialinterests involved in the production of smartcards current-ly protecting their interests in the technology?

1.The Development of Smart CardsRapid growth in electronic business has led to the develop-ment of payment systems tailored to meet the needs of onlinepurchasing.Although credit cards have proved the most pop-ular method for online payments so far, they may not be themost appropriate method in all transactions. For example,they may prove too costly for the purchase of low valuegoods and services, and are not suitable for making paymentsto consumers.The increased interest in auction schemes suchas eBay6 leads to an increasing need for systems which allowfor the transfer of value between consumers, rather than onlybetween consumers and businesses. The perceived securityrisks of sending credit card details online have also proved abarrier to their use, leading to an interest in developing moresecure alternatives.

A vast array of electronic payment systems have been(and are being) developed around the world.These are eithersmartcard systems, where the value is stored on a chip on amultipurpose card, or software systems where the value isstored as electronic tokens in the memory of the computer.However,although some of these systems have been availableto the consumer for several years none has become universal-ly accepted. Furthermore, because the various systems andtechnologies are not interoperable, consumers and mer-chants are forced to choose which or how many of the sys-tems to use. Many online buyers and sellers have thereforeelected to use the traditional credit card due to its greater uni-versal acceptance.

Many systems have been developed in trial form but havenot immediately been followed up by commercial exploita-tion, and others have been changing and modifying their ser-vices to meet the needs of the market. It seems therefore thatthe market is still in a state of flux and that commercial barri-ers are hindering the adoption of these new systems.Varioussteps have been taken towards remedying the lack of interop-erability such as the development of a standard protocolwhich may overcome the commercial difficulties.As far as thelegal issues are concerned these have to a degree been over-shadowed by the commercial problems although in theEuropean Union the creation of a regulatory framework forelectronic money issuers is underway. However, other issuessuch as the contractual relationship between the issuer andthe consumer have not been addressed.

2. Electronic Payment Systems: Software

(a) Credit and Debit CardsCredit and debit cards may be grouped together as examplesof ‘debt transference systems’.The use of either in making pay-ments associated with online purchase is broadly similar tothe other main methods of carrying out distance card pur-chases – by mail, fax or by telephone – in that the actual carditself and the signature thereon are not handled or seen by thepayee, but the details (number and expiry date) are transmit-ted over the internet, either via a website or by email. Curr-ently such incorporation of ‘traditional’ credit card systemsinto electronic commerce remains the most popular methodof payment over the internet, presumably at least in part be-cause its use does not require investment of time and moneyinto acquiring and becoming familiar with new systems.

CLSR1804.qxd 7/3/02 2:54 PM Page 236

237

Electronic Payments — the Smart Card

Also, there is a perceived ‘comfort’ factor in the securityoffered by an established brand such as Visa.There still exists,however,some degree of concern among consumers generallyabout the security of making such transactions.While the riskof interception of credit card information by a third party,or arecord of it being made by an unscrupulous sales assistant,andsubsequent fraudulent usage does little to deter most frommaking such purchases by telephone or in person, fearsabound that this will happen if they do so over the internet.Governments have a clear interest in such issues,as wider con-sumer spending in internet sales will serve to bolster the newdigital economy.Technological methods may give consumersthe confidence to take advantage of what the new market-place has to offer.They may also help to prevent credit cardfraud, thus contributing to reduction of such crimes, anotherattractive feature for governments.

(b) Secure Socket Layer (SSL) Protocol

The SSL protocol creates a secure channel for the transmis-sion of encrypted payment card details between retailer andconsumer and is in wide usage across the internet, incorpo-rated into many different software systems. Patented byNetscape and submitted to the World Wide Web Consortium(W3C) early in 1998 as a standard, it has now become thenorm for secure communication of payment card informationover the internet. In operation, SSL utilizes a mix of publicand private key encryption. Private key encryption involvesthe use of one single ‘key’ – an algorithmic code – whichallows a message to be encrypted. Once encrypted, the mes-sage can only be reopened with the key.Access to a messagecan thus be controlled by controlling distribution of the key.The public key technique is broadly similar, however, there isa separate, public key which is given to B to either decodemessages which have been encrypted using A’s private key orto encrypt a message to send to A which can then only beopened with the private key. It is a version of this systemwhich online retailers generally use.The public key is madefreely available to the consumer via the website: the paymentdetails are automatically encrypted using the public keybefore being sent to the retailer, who is the only party able todecrypt the message, by means of the private key.

This helps to minimize the risk of interception and subse-quent fraudulent usage by third parties, thus encouragingconsumer confidence in making transactions this way. It doesnot, however, do anything to address the problem of thepotential for fraud on the part of either the consumer or theretailer. For instance, the retailer has no way of knowingwhether the person he is dealing with is the legitimate card-holder or a thief who has stolen the card, or even someonewho has fraudulently acquired the necessary credit cardinformation (online transactions do not require the actualpossession of the card itself, or the holder’s signature.All thatis needed is the entry into the order form of the card numberand expiry date.) Equally, where the retailer is a brand whichthe consumer has never seen before, SSL offers no guaranteethat the company really exists and is not, for example, merelya front designed to illicitly acquire the consumer’s credit cardinformation. Nor can it do anything to stop unscrupulousretailers or employees of retailers from recording the infor-mation once decrypted and fraudulently using it. This may

well dissuade smaller scale retailers who either cannot affordthe risk of having to absorb loss due to such fraud, or find itdifficult to establish an online market due to consumer reluc-tance to trust an unestablished or unfamiliar brand.

(c) Secure Electronic Transaction (SET) Standard

By way of a response to the potential fraud problem with theSSL protocol, the SET standard was jointly developed byNetscape, Visa and MasterCard. SET standard provides bothidentification of parties to a transaction,and a means of estab-lishing the integrity of a communication. It operates on thebasis of a public/ private key encryption system.A transmis-sion encrypted by the consumer using the public key distrib-uted by the retailer’s bank can only be deciphered using thecorresponding private key.Thus only the bank can access theconsumer’s credit card details, which are passed on in anencrypted form by the retailer seeking payment.This methodeffectively prevents an unscrupulous retailer from acquiringand fraudulently using the consumer’s credit card details.

The SET standard also guarantees by means of a digital sig-nature that the communication containing the consumer’spayment authorization has originated with the cardholderand that it has not been intercepted and altered by any thirdparty while in the process of transmission.

The SET standard, then,prevents fraudulent usage of cred-it card information, protecting the interests of retailers andbanks as well as those of the consumer.The security of trans-actions in the SET standard can also be improved by using itin tandem with an SSL channel. However, while there are sys-tems available which are compatible with the SET standard(e.g. CyberCash’s CashRegister), it has yet to be used by com-mercial enterprises on the internet as it is not the most con-venient method of ensuring a secure transmission.This is dueto the fact that before an SET transaction may be made, notonly must both the retailer and the card holder be registeredwith SET,but also they must hold digital certificates, issued bya third party certification authority, which authenticate thecredit card holder and the retailer to whom payments will bemade.

(d) Proprietary Online Systems

In addition to SSL and SET, which may be used by retailerswith merchant accounts for the acceptance of credit cardpayments, there are also several systems under which pay-ments may be made through a third party intermediary.Thiscan involve payment by credit card without requirement ofactually forwarding the credit card information with everysingle transaction, the details being securely held by the thirdparty intermediary.Alternatively, this may be done by meansof encryption of the credit card’s details. Such systems areparticularly attractive to retailers who for one reason oranother cannot qualify for a merchant’s account for the pur-poses of receiving credit card payments etc.,or for whom thecosts of accepting such payments would be uneconomical.

(e) Credit Card Information Databases

Another variant on standard credit card payment systems iswhere the seller retains a record of the cardholder’s information

CLSR1804.qxd 7/3/02 2:54 PM Page 237

238

Electronic Payments — the Smart Card

in a database on their server – the credit card details need onlybe communicated over the web once (typically via an SSL chan-nel), thereafter it may be recalled from the retailer’s server via apassword system.This approach offers greater security to theconsumer, as while no ‘secure’, firewalled server can ever beguaranteed ‘hacker-proof’, it is considered to involve less risk ofinterception than frequent transmission over the internet ofsuch sensitive information. Amazon internet booksellers7

acquire a customer’s card details via an SSL channel with thefirst order, then stores this information. The information willthen be used by Amazon, as the legislation permits, for limitedmarketing purposes and to provide the customer with anaccount to which (s)he can gain access by entering his or heremail address and a password. By using the website to make afirst order the consumer is deemed to have consented to suchcollection and retention of the information.

Amazon also offers ‘1-Click’ ordering: once this is enabled,all necessary delivery and credit card information is alreadyfilled in from a consumer’s account – simply a faster and easi-er method of purchase than the standard shopping cart andform filling approach. Orders made using this facility can becancelled within 90 minutes by clicking on a ‘review orchange your 1-Click order’ box and completing the appropri-ate form.The same SSL protocol is used for the secure trans-mission of 1-Click orders as for standard Amazon shoppingcart orders,although Amazon do advise that 1-Click users takecertain further precautions to ensure that if the consumer issending his / her order from a public or shared computer the1-Click facility is not left switched on when (s)he is not usingthe machine.

(f) Digital Cash Systems

While credit card based payment systems are,by and large, anadaptation of pre-existing payment systems to internet pay-ment systems, digital cash solutions have been specificallydesigned for digital transfer,often with the internet specifical-ly in mind. In theory,digital cash is an electronic equivalent to‘real’ cash, money being spent ‘upfront’, i.e. transfer of valuetaking place simultaneously with the transaction, not on acredit,‘pay later’basis. It is attractive to both retailers and con-sumers for a number of reasons.For instance, loss is limited tothe amount paid in that transaction alone in the event of itbeing intercepted and redirected.Low- value transactions canbe accommodated where these would not be economicallyviable using a credit card based system. Digital cash is alsoopen to those who may not be able to acquire a credit card,e.g. children or those with a poor credit rating.An importantattractive feature of digital cash is that it permits (at least intheory) anonymous transactions.

There are two main type of digital cash system: thosewhich are based on smart cards, and those in which value isstored in a software program on the user’s PC.

(g) Software Electronic Cash Systems

There are a number of digital cash systems in which the valueis held in software on the user’s PC – such systems are entire-ly ‘virtual’, there being no physical payment instrument suchas with normal cash or credit or smart card systems. Thesesystems have by and large been specifically designed for use

on the internet, and present a possible alternative to smart-card based e-cash for the online world.

Some systems operate on the basis of an exchange oftokens between buyer and seller from the buyer’s electronicwallet – a software application into which value is transferredfrom either a credit card or debit card. When payments aremade using the tokens stored in the electronic wallet, theactual funds, which are still held by the bank, are transferredto the retailer’s account.The most currently successful soft-ware-based proprietary system is Paypal. One notable systemcurrently in operation in Austria and Germany is worthy ofmention: Paysafecard, a “scratch card” pre-payments systemfor online purchases. The user purchases a scratch card ofcertain value, and can then purchase goods online fromselected retailers using the PIN number on the card. Thereare red cards for use by juveniles,which allow only purchasesfrom “family-friendly” sites, and blue cards for use by adults.The system, which is highly analogous to the pre-paid mobilephone scratchcards common in the UK, has proven success-ful so far with a high incidence of use exceeding companypredictions.

(h) Electronic Payment Smart Cards Systems

A ‘smart card’ is a multi-functional device, similar in size to atraditional credit card, which stores information not on amagnetic strip but instead on an onboard chip that may con-tain data about a number of things e.g. a payment instrument,identification, medical records etc.A ‘true’ smart card is capa-ble of processing information without the need of an externalprocessor housed in the card reader that it will be used inconjunction with. Memory cards – such as the SIM card usedin a GSM mobile telephone, or the prepaid ‘phone card’ usedby some public telephone kiosks – are often also dubbedsmart cards, in spite of the fact that they contain no process-ing chip and are, therefore, not smart cards proper, at least inthe sense of a multi-functional instrument with independentprocessing capability, as discussed here.

In the Republic of Ireland, Bus Eireann carried out a suc-cessful trial, the ‘Dash’ project, demonstrating the practicalbenefits of such a multi-functional tool.The smartcard issuedin this trial was enabled with several separate applications.Passengers were able to pay their bus fare with the card,which then also acted as a ticket, as well as an electronic wal-let which could be used in payment in shops, card phones,and car parking facilities on a set test route. Smartcards wereutilized in a number of early payment systems, includingMondex, Proton and VisaCash. The reusable cards are pre-loaded with value,generally via an ATM machine.Proton cardsmay also be loaded via a C-ZAM Phone – a telephone devel-oped for home use which offers a number of services usingthe Proton card over the telephone network (e.g.home bank-ing, telesales). Since September 1998, all new Belgacom pub-lic telephones, including 10 000 installed between October1997 and October 1998, have been equipped to allow reload-ing of Proton cards.Once loaded with value, these smartcardsmay be used in payment for goods or services just as a creditor debit card may be used.A smartcard is a more secure pay-ment format than the standard magnetic strip card whichcredit cards are by and large based on – it may be stolen justas easily, however, a smartcard cannot be duplicated. Further,

CLSR1804.qxd 7/3/02 2:54 PM Page 238

239

Electronic Payments — the Smart Card

smartcard security is reliant on two encryption keys; onewhich is stored on the bank’s computer, and another, secretkey, unknown even to the cardholder, stored on the carditself.When a consumer’s smartcard is passed through a retail-er’s card reader and the consumer’s PIN number entered, thekey stored on the card acts to encrypt the information storedon the card.Card stored information may thus only be read inits encrypted form, except by the bank’s authentication sys-tem (the same process as in credit card authentication), withthe bank’s encryption key. A further security ‘feature’ of asmart card is its limited memory: this is sufficient to retain theencryption key, however, there is not enough ‘room’ to sup-port a hacking program designed to access the encryptionkey. Of course, as technology continues to develop, this maynot always prove to be the case. It is far from inconceivablethat smartcards may be developed which do contain enoughmemory to support a hacking program, and therein lie theroots of potential future conflict between technologicaladvancement and security.

The chief advantage with smartcards lies in their multi-functional capability (this raises significant liability issues: seebelow): the Proton system, for example, can combine thewide range of payments it can be used for with functioning asa loyalty card, as well as a building access card. During 1998the Belgian National Health Services issued a smartcard con-taining all necessary data for treatment and reimbursement,fully compatible with all Proton services. Multi-currencyusage is also a possibility with smartcards.With the introduc-tion of the Euro in 1999, the Proton system has been adaptedto make and receive payments in both Belgian Francs andEuros.The Mondex electronic cash system is unique in that itis the only electronic cash smartcard that currently supportsthe use of several different currencies at any one time. Up tofive different currencies may be used simultaneously, eachstored in a separate ‘pocket’ area in the cards. Most signifi-cantly, in terms of the emergence of a standard which wouldmake such cards more widely usable and thus encourage con-sumers to utilize them on a much wider basis, the Protondesigners are involved alongside other international partnersand with the support of the European Commission in a pro-ject which aims to set up an ‘Interoperable C-SET’, i.e. aninternational standard for payments made over the internetusing smartcard technology.Such interoperability will be like-ly to be an extremely influential factor in the adoption ofsuch electronic cash solutions and development towards auniversal standard.

(i) Mobile Phone e-Payments

At this point it is worth noting a system pioneered by Sonera,Finland’s largeste telecoms company, called Sonera MobilePay. Under this system the user dials a phone number, e.g. ona ticketing or vending machine, using his GSM mobile phonewith its smart-chipped SIM card. The machine delivers therequested goods, and the cost of the goods is simply added tothe user’s phone bill. Under this approach it would seem thatno actual ‘e-money’ is involved. But what if the systemallowed use of phones that are pre-paid, of the type commonin the UK, and thus hold a stored value of talk-time, which isexpended with the purchase? Could this count as electronicmoney under Directive 2000/46/EC of the European

Parliament and of the Council of 18 September 2000 on thetaking up, pursuit of and prudential supervision of the busi-ness of electronic money institutions? That, as they say, maybe an interesting question for the courts to decide.

(j) Micropayment Systems

Micropayment systems are digital cash systems which havebeen specifically designed to be utilized where the informa-tion/objects being paid for cost a fraction of a cent.These sys-tems are divisible into two groups – those which involveexchanging tokens, and those which operate on the basis of asubscription.

Clickshare8 is a system which facilitates micropaymentson a subscription basis, developed specifically with onlinenewspapers / magazines / journals / etc. in mind. The con-sumer subscribes to a publisher’s journal(s), and is given anidentification number which (s)he may use to access anddownload articles from that (those) journal(s). ThisClickShare ID may also be used in order to access magazinesand articles to which the consumer has not subscribed; thisadditional cost will be added to his / her subscription, andcan be recouped by the publisher of the article in questionfrom the original publisher with whom the consumer hassubscribed.

It should be borne in mind that ClickShare is not a newdigital cash system per se. It can, however, be used alongsideexisting digital cash applications: digital cash vendors may beused by ClickShare Service Providers to obtain payment fromtheir end users.

3. InteroperabilityConsumers have been slow to take up these new paymentmethods. Jupiter Communications9 correctly forecast thatconsumer reluctance to adopt digital cash payment systemswould continue for the – immediate future: the company cor-rectly forecast that by 2002 electronic cash solutions will stillbe used in only 1% of online transactions. Despite the relativesuccess of Paypal, it seems unlikely that the figure at the endof 2002 will greatly exceed this prediction. Part of the prob-lem would seem to be that retailers are extremely unlikely toadopt such a wide range of digital cash systems, preferring tostick with systems which accept remuneration via traditionalpayment cards in online transactions.A standardized applica-tion would allow them to accept payments from a number of different but compatible systems. It is conceivable that the market may produce a de facto standard (c/f MicrosoftWindows). For instance, VisaCash might seem to be a likelycontender to succeed in the market selection of a standard,due to the ‘saleability’of, in large part based on public trust in,the strength if the Visa brand, it’s international reputation andacceptability. For these reasons the VisaDelta debit card sys-tem caught on very rapidly in the UK, in spite of competitionfrom the already established Switch network.

Other barriers to wider adoption of online payment sys-tems include consumer reluctance and cultural preference.Consumer reluctance may be overcome by appropriatemarketing and promotion of the security features of a particular system. Cultural preferences may be harder tochange. For example, in Japan, alongside the more common

CLSR1804.qxd 7/3/02 2:54 PM Page 239

240

Electronic Payments — the Smart Card

security worries raised in conjunction with online businesstransactions, there is a widespread cultural preference forusing cash in payment rather than credit cards. Reliable,secure electronic cash solutions could help to bring aboutchange, especially in the context of online delivery.10 Note,however, that the Mondex system was proven successful ina broadly similar cultural environment, Hong Kong.Traditional credit card companies, of course, have a stronginterest in maintaining the status quo. Moves to preservemarket share in the face of competition from newer, e-pay-ment facilities are already being made. For instance,Visa, inconjunction with Yahoo! UK & Ireland11 are now offering a‘Yahoo! Credit Card’ – essentially a standard Visa credit cardbearing the Yahoo logo, which may be applied for online.There is nothing innovative about the card; it is simply a

marketing approach designed to reach a specific targetmarket – internet users who may be tempted by other pay-ment systems. Marbles12 is another credit card which maybe applied for online (a decision is promised within 60 sec-onds). A marbles account can be operated over the inter-net. Again, this is primarily a traditional credit cardmarketed specifically at the internet user. MasterCard,Visa’smain rival in the provision of credit cards, opted for analternative approach: Mondex International Ltd, theprovider of the Mondex payment system, is a wholly ownedsubsidiary of MasterCard International.

DDrr SSiimmoonn NNeewwmmaann and GGaavviinn SSuutttteerr, Centre for CommercialLaw Studies, Queen Mary College, University of London.

FOOTNOTES1 E.g. Mondex.2 Such as Proton (Belgium), Geldkarte (Germany), MINIpay (Italy),Avant (Finland), Quick (Austria) and VisaCash (Spain).3 E.g. library, DSS (Social Security) and NHS (medical) records, aswell as driving license,citizen identification and possibly passports.Civil liberties concerns may limit some applications.4 Essentially ticketing, both single-journey and season tickets.5 Incorporating London Underground and London Buses. It will

eventually encompass Docklands Light Rail, Croydon Tramlink and others, and is hoped to include the main rail companies.6 See <www.eBay.com>.7 In the UK : <http://www.amazon.co.uk>; similar systems operateon both the original US based site at <http://www.amazon.com>and the German Amazon site at <http://www.amazon.de>.8 <http://www.clickshare.com>.9 <http://jup.com/home.jsp>.

BOOK REVIEW

Computer ContractsMMoorrggaann aanndd SStteeddmmaann oonn CCoommppuutteerr CCoonnttrraaccttss,, SSiixxtthh EEddiittiioonn bbyy RRiicchhaarrdd MMoorrggaann aanndd KKiitt BBuurrddeenn,, 22000011,, SSwweeeett && MMaaxxwweellll,,hhaarrdd--ccoovveerr pplluuss ddiisskk,, ££116600,, 660044pppp..,, IISSBBNN 00 442211 7744225500 XX

After almost twenty years the co-author of the second to the fifth edition of this work – Graham Stedman – has with-drawn so that Kit Burden, partner at the City firm of Barlow Lyde and Gilbert, joins the other original co-author RichardMorgan to prepare the sixth edition of this work. As the preface indicates, the purpose of the work is twofold:“To illumi-nate the computer content of agreements and to provide useable precedents”. The authors take as an illustration:“The pic-ture of a company secretary or legal advisor with little experience of computers who is suddenly asked to look over ‘thecomputer contract’ and comment on it. His problem in understanding the contract (let alone looking for pitfalls) ariseschiefly from the computer aspects. This book may help him to understand the main types of computer contract and theprovisions he may expect to find in them. We are also concerned for the lawyer or other person involved in drafting a con-tract and to that end have devised a set of precedents, one of the features of this book”.

The main changes to the previous edition are located in Part 3 of the book dealing with computing services. Newchapters have been added dealing with outsourcing agreements and Internet contracts. The latter deals with bothInternet service provider contracts and website design agreements. There are also new precedents dealing with an out-sourcing agreement, website hosting agreements and two website access agreements – one for business customers andone for consumers. Case law has also been revised since the last edition as well as relevant legislation which include theData Protection Act 1998, the Competition Act 1998, the Contracts (Rights of Third Parties) Act of 1999 and the ElectronicCommunications Act 2000. The publishers also provide a disk which reproduces the precedents material contained in thebook. This represents over 250 pages of material overall.

AAvvaaiillaabbllee ffrroomm SSwweeeett && MMaaxxwweellll,, CChheerriittoonn HHoouussee,, NNoorrtthhwwaayy,, AAnnddoovveerr,, HHaannttss,, SSPP1100 55BBEE,, UUKK.. UUKK CCuussttoommeerr SSeerrvviicceeTTeell:: ++4444 ((00)) 2200 77444499 11111111.. IInntteerrnnaattiioonnaall CCuussttoommeerr SSeerrvviiccee TTeell:: ++4444 ((00)) 11226644 334422990066..

CLSR1804.qxd 7/3/02 2:54 PM Page 240