SCM Microsystems, Inc. announced that the company is among the first three
to achieve FINREAD compliance. Development and testing under the Trusted
FINREAD Initiative has proved that SCM’s STR-FINREAD smart card readers
provide a verifiable foundation of trust for Internet transactions.
A FINREAD compliant card reader, like the STR-FINREAD from SCM, is a
universal PC peripheral device that can reliably secure smart card initiated
transactions on the Internet in a non-trusted environment, such as a home PC.
The FINREAD standard also guarantees interoperability between different smart
card issuing entities and across multiple reader manufacturers.
“FINREAD is the capstone on a foundation of digital trust for e-commerce,”
said Robert Schneider, CEO of SCM Microsystems. “A FINREAD compliant reader
guarantees consumers the highest level of end-to-end security for Internet
transactions, and it protects retailers and service providers against losses
due to uncovered payments. The success of this program is significant because
it shows that a compliant smart card reader can be certified as trusted, and
then used with different payment and transaction applications from different
entities. The successful completion of the FINREAD Trusted Initiative will
open the door for more extensive use of the Internet to deliver new services
for commerce, government administration, banking and social programs,”
Carried out under the auspices of the European Commission, the
multi-organization program involved these leading European and international
payments players, service providers and manufacturers: Banksys (Belgian
payment card scheme), Groupement des Cartes Bancaires “CB” (French payment
card scheme and coordinator of the project), Europay International (now
MasterCard Europe), Ingenico, Interpay Nederland (Dutch payment card scheme),
SIZ (German savings bank IT system), VISA, France Telecom, Canal Plus
Technologies, Sagem, Orga, OMNIKEY, GTA and SCM Microsystems.
FINREAD (FINancial Transactional IC Card READer) is an international
standard published in July 2001 for using interoperable smart card readers to
secure payments and remote sensitive transactions on the Internet. It is
based on requirements specified by the payment system operators listed above,
and the European Committee for Standardization (CEN) endorses it.
The Trusted FINREAD Initiative was initiated in November 2001 with the
objective of implementing and testing a trusted environment based on
FINREAD-compliant smart card readers. The compliance program tested several
interacting components that together deliver secure Internet transactions.
First, the program verified interoperability. This means that different
public key certificates and smart card applications called “applets” coming
from different issuing entities all worked on FINREAD-compliant smart card
readers coming from multiple vendors. Second, the program validated the
certification process for smart card readers.
The compliance testing proved that any FINREAD compliant reader from any
manufacturer can provide secure Internet transactions for any FINREAD
compliant smart card applications. This is true even for applications from
different card issuing entities, such as a payment provider, a government
ministry or a social program administration. The next step is a field test
that will be deployed this summer with a large bank in Italy.
Here’s how it works in practice. A FINREAD compliant reader such as SCM’s
STR-FINREAD is attached to a PC connected to the Internet. When making a
remote transaction over the Internet a small Java-based program, called a
“Finlet,” is downloaded into the FINREAD smart card reader. This Finlet,
which is specific to the type of card used in the application, manages the
interaction of the reader with the card. Working together, the smart card and
reader secure the transaction by authenticating digital certificates,
verifying PIN entry and digitally signing the transaction. The same reader
can work successfully for any smart card application that complies with the
SCM’s secure smart card reader STR-FINREAD supports numerous applications,
including payment, e-purse reloading, loyalty systems, home banking and
digital signature. The STR-FINREAD accepts any Java-based program that
follows the FINREAD standards, as long as it has been verified and
electronically signed by a trusted party.
One of the most important aspects of the FINREAD standard is a highly
secure and certified procedure for the systematic authentication and signature
of Finlets downloaded to the reader. The STR-FINREAD follows this procedure,
which protects against any malicious software that fraudulent attackers
attempt to put in the reader. In addition, the card reader provides efficient
coding mechanisms that can be used within applications for identifying and
authorizing the individual smart card users.
The STR-FINREAD is available for immediate delivery from SCM Microsystems.
For additional information, please visit http://www.scmmicro.com.
FINREAD is a set of technical specifications for a secure card reader
connected to a PC to carry out, essentially but not exclusively, payment and
global financial as well as e-commerce transactions on the Internet. Those
specifications have been drafted by a consortium of European and international
(Visa and MasterCard Europe) payment schemes and a card reader manufacturer in
the framework of a European Commission’s Program on standardization. Those
specifications have been adopted as a CWA (CEN Workshop Agreement) by the
European Committee for Standardization (CEN).
About SCM Microsystems
SCM Microsystems is a leading supplier of solutions that open the Digital
World by enabling people to conveniently access digital content and services.
The company markets and sells its smart card reader technology for network and
physical access and conditional access modules for secure digital TV
decryption to OEM customers in the government, financial, enterprise and
broadcasting markets worldwide. Global headquarters are in Fremont,
California, with European headquarters in Ismaning, Germany. For additional
information, visit the SCM Microsystems web site at http://www.scmmicro.com.