|
|
[Home] [Databases] [Search] [Feedback] [Help] | |
Privacy Law Resources |
Collection of information on this scale, or in this detail, has not been possible until now, and smart cards represent the beginning of the truly cashless society.
One of the many benefits offered by cash is that consumers can enter transactions anonymously. With cash no record is generated which enables a link to be made between the purchase and the purchaser. Consumers are able to make purchases and obtain services (like surprise gifts for their partners and children), without feeling that that every transaction is being recorded and added to their consumer profile.
In response to concerns about lack of anonymity, some smart card promoters intend to offer so-called anonymous cards, which consumers will be able to purchase from newsagents or vending machines, and which will not record any personal details.
Some of these anonymous cards may initially be disposable, but the cost of producing disposable smart cards is likely to mean that re-chargeable cards become the preferred choice for card issuers. Issue fees for disposable cards will discourage many consumers from using them, and in the longer term, the option to use disposable cards may simply be withdrawn.
The problem with re-chargeable cards is that the anonymity of the card holder can easily be compromised in a number of everyday situations. For example, if a person chooses to re-charge their smart card at an EFTPOS terminal, a record will be created showing the location, time and amount of the re-charge, alongside the smart card identification number. If the card holder used a credit or debit card to perform the re-charge, then their account number and the location, time and amount of that transaction will also be recorded. Thus, a record linking the smart card to their personal account will be created and stored in a central database, or on the EFTPOS till scroll. Of course, it only takes one such link to compromise the anonymity of card holders for all their previous and subsequent transactions.
Even without re-charging, the anonymity of card holders is likely to be compromised in a number of situations, such as:
where the cards carry a name or signature panel;
Where a record of the name and/or address of a card holder is recorded if they report their card damaged or faulty;
Where the name and address details are required to obtain a refund from a retailer for items purchased on the card;
Where name and address details are required to obtain any other benefit from a retailer - eg. a warranty, a discount, or entry into a competition;
Where the card holder purchases items which require that their name and address is also recorded. This would include ordering a home delivered meal, purchasing a subscription, or ordering a mail order item;
Where a government agency or law enforcement agency uses its statutory powers to obtain a record of the smart card identification number, and infers a link between that number and the card holder by observed use in one or more instances; and
Where a government agency or law enforcement agency uses its statutory powers to "discover" the card in an individual's possession, and then infers a link between the card-holder and earlier card transactions.
The promotion of smart cards as anonymous in these circumstances must be considered a misnomer. If any of the events listed above occurs, the anonymity of a card would be permanently compromised, and the door would be opened to a complete profile of the card-holder. This profile might include records showing the time, date and location of thousands of transactions over a number of years.
MONDEX
Mondex is a smart card system designed to be the "Worldwide Alternative to Cash". It is a joint venture of British Telecom, Midland Bank and National Westminster Bank in the United Kingdom. The Mondex card is a multi-function contact smart card. Applications are likely to include stored value, PIN security locking, foreign currency, telephone use, telephone banking and loyalty schemes.
A Mondex wallet is available. The wallet looks like a calculator sized card reader with a keyboard, and can itself store value. The wallet produces statements of the last ten or more transactions, and allows card holders to transfer Mondex money between cards, without having to use a bank.
Customers can reload their cards over a Mondex phone from their bank. They can pay immediately for services or purchases by transferring money from the card by phone to anyone who also has a Mondex card and Mondex phone. They can even transfer money over the phone to relatives or friends.
Mondex has begun a trial of their system in Swindon (about one hour west of London, population 180,000) involving nearly 40,000 cards. All Midland and Natwest ATMs in Swindon and 300 BT pay-phones have been converted to accept smart cards.
Mondex International has been discussing the system with several large banks in Australia, and expects to sign a franchise agreement with an Australian bank in the near future.
Mondex will be offering a mix of anonymous and personalised cards. The system is described as being "unaccounted". Mondex argues that this means that once you have withdrawn money from your bank account onto your card no one knows where you spend your money, but the system is subject to some very strong pressures to keep more detailed records of where the money has been spent.
For example, a list of the last ten transactions is kept by the card, the wallet and the Mondex phone. Mondex retail units may have to keep a much longer list of transactions.
The simple transfer of money between numerous accounts and cards over the telephone or by using Mondex wallets is likely to cause concern amongst law enforcement agencies. Money laundering and tax evasion would be difficult to trace unless tight records are kept, so there will be great pressure for a comprehensive database of information to be created. Indeed, the Bank of England, the equivalent of the Reserve Bank in Australia, is currently considering the money laundering implications of such systems. 12
Case Study 2.