SCM Microsystems Delivers Verifiable Security for Consumer Internet Transactions, Among First to Achieve FINREAD Compliance
Fremont, CA, July 10, 2003–Taking a major step forward to open the Digital World, SCM Microsystems, Inc. (Nasdaq: SCMM, Prime Standard: SMY) announced that the company is among the first three worldwide to achieve FINREAD compliance. Development and testing under the Trusted FINREAD Initiative has proved that SCM’s STR-FINREAD smart card readers provide a verifiable foundation of trust for Internet transactions.
A FINREAD compliant card reader, like the STR-FINREAD from SCM, is a universal PC peripheral device that can reliably secure smart card initiated transactions on the Internet in a non-trusted environment, such as a home PC. The FINREAD standard also guarantees interoperability between different smart card issuing entities and across multiple reader manufacturers.
“FINREAD is the capstone on a foundation of digital trust for e-commerce,” said Robert Schneider, CEO of SCM Microsystems. “A FINREAD compliant reader guarantees consumers the highest level of end-to-end security for Internet transactions, and it protects retailers and service providers against losses due to uncovered payments. The success of this program is significant because it shows that a compliant smart card reader can be certified as trusted, and then used with different payment and transaction applications from different entities. The successful completion of the FINREAD Trusted Initiative will open the door for more extensive use of the Internet to deliver new services for commerce, government administration, banking and social programs,” concluded Schneider.
Carried out under the auspices of the European Commission, the multi-organization program involved these leading European and international payments players, service providers and manufacturers: Banksys (Belgian payment card scheme), Groupement des Cartes Bancaires “CB” (French payment card scheme and coordinator of the project), Europay International (now MasterCard Europe), Ingenico, Interpay Nederland (Dutch payment card scheme), SIZ (German savings bank IT system), VISA, France Telecom, Canal Plus Technologies, Sagem, Orga, OMNIKEY, GTA and SCM Microsystems.
FINREAD (FINancial Transactional IC Card READer) is an international standard published in July 2001 for using interoperable smart card readers to secure payments and remote sensitive transactions on the Internet. It is based on requirements specified by the payment system operators listed above, and the European Committee for Standardization (CEN) endorses it.
The Trusted FINREAD Initiative was initiated in November 2001 with the objective of implementing and testing a trusted environment based on FINREAD-compliant smart card readers. The compliance program tested several interacting components that together deliver secure Internet transactions.
First, the program verified interoperability. This means that different public key certificates and smart card applications called “applets” coming from different issuing entities all worked on FINREAD-compliant smart card readers coming from multiple vendors. Second, the program validated the certification process for smart card readers.
The compliance testing proved that any FINREAD compliant reader from any manufacturer can provide secure Internet transactions for any FINREAD compliant smart card applications. This is true even for applications from different card issuing entities, such as a payment provider, a government ministry or a social program administration. The next step is a field test that will be deployed this summer with a large bank in Italy.
Here’s how it works in practice. A FINREAD compliant reader such as SCM’s STR-FINREAD is attached to a PC connected to the Internet. When making a remote transaction over the Internet a small Java-based program, called a “Finlet,” is downloaded into the FINREAD smart card reader. This Finlet, which is specific to the type of card used in the application, manages the interaction of the reader with the card. Working together, the smart card and reader secure the transaction by authenticating digital certificates, verifying PIN entry and digitally signing the transaction. The same reader can work successfully for any smart card application that complies with the FINREAD standard.
SCM’s secure smart card reader STR-FINREAD supports numerous applications, including payment, e-purse reloading, loyalty systems, home banking and digital signature. The STR-FINREAD accepts any Java-based program that follows the FINREAD standards, as long as it has been verified and electronically signed by a trusted party.
One of the most important aspects of the FINREAD standard is a highly secure and certified procedure for the systematic authentication and signature of Finlets downloaded to the reader. The STR-FINREAD follows this procedure, which protects against any malicious software that fraudulent attackers attempt to put in the reader. In addition, the card reader provides efficient coding mechanisms that can be used within applications for identifying and authorizing the individual smart card users.
The STR-FINREAD is available for immediate delivery from SCM Microsystems. For additional information, please visit http://www.scmmicro.com.
FINREAD is a set of technical specifications for a secure card reader connected to a PC to carry out, essentially but not exclusively, payment and global financial as well as e-commerce transactions on the Internet. Those specifications have been drafted by a consortium of European and international (Visa and MasterCard Europe) payment schemes and a card reader manufacturer in the framework of a European Commission’s Program on standardization. Those specifications have been adopted as a CWA (CEN Workshop Agreement) by the European Committee for Standardization (CEN).
About SCM Microsystems
SCM Microsystems is a leading supplier of solutions that open the Digital World by enabling people to conveniently access digital content and services. The company markets and sells its smart card reader technology for network and physical access and conditional access modules for secure digital TV decryption to OEM customers in the government, financial, enterprise and broadcasting markets worldwide. Global headquarters are in Fremont, California, with European headquarters in Ismaning, Germany. For additional information, visit the SCM Microsystems web site at http://www.scmmicro.com.
All trade names are either trademarks or registered trademarks of their respective holders.