VoyForums
[ Show ]
Support VoyForums
[ Shrink ]
VoyForums Announcement: Programming and providing support for this service has been a labor of love since 1997. We are one of the few services online who values our users' privacy, and have never sold your information. We have even fought hard to defend your privacy in legal cases; however, we've done it with almost no financial support -- paying out of pocket to continue providing the service. Due to the issues imposed on us by advertisers, we also stopped hosting most ads on the forums many years ago. We hope you appreciate our efforts.

Show your support by donating any amount. (Note: We are still technically a for-profit company, so your contribution is not tax-deductible.) PayPal Acct: Feedback:

Donate to VoyForums (PayPal):

Login ] [ Contact Forum Admin ] [ Main index ] [ Post a new message ] [ Search | Check update time | Archives: 1[2]345678910 ]
Subject: http://www.cardshow.com/esmart/pdf/eSmartWeekly1.pdf


Author:
Issue 2, Volume 1, 7 December 2002
[ Next Thread | Previous Thread | Next Message | Previous Message ]
Date Posted: 06:06:24 01/11/03 Sat

Issue 2, Volume 1, 7 December 2002
This week’s news from www.e-smartransaction.com
P.2 : Open Letter to David Bonderman by Marc Lassus
P.3 : Editorial: It’s All Marc Lassus’ Fault
P.4 : Canadian Banks Not Fighting Fraud!?! • Ingenico Launches Bluetooth Payment Terminal •
Frequent Flyer Cards: A Potential Danger?
P.5: Protecting Smart Cards from Hackers? • From the Industry
e-smartransaction WEEKLY is a weekly highlight of news published on its sister web site, www.e-smartransaction.com.
•Director of publications: Charles COPIN • Editor: Ivan PANDEV (ipandev@e-smartransaction.com) • Contributing
Journalists: Bénedicte Rallu, Brigitte Roux, & Jennifer Wilbois
Marketing: Mounia Belhaoues (mbelhaoues@wanadoo.fr) •
Subscriptions:•Catherine De Curieres (caroline.screve@wanadoo.fr)
An Analyses & Syntheses publication : 146 rue Montmartre - 75002 Paris - FRANCE
℡+33 (0)1 53 40 97 00 +33 (0)1 44 76 01 81 www.cardshow.com
© Analyses & Synthèses 2002
Gemplus:
An Eventfull Week!
The past week has been quite
eventfull for smart card manufacturer,
Gemplus: starting with TPG’s David
Bonderman giving a (rare) private
press conference in Paris, through
Sagem entering the firm’s capital, and
ending with a sword of Damocles of
some €40 in unpaid taxes to add to
the already heavy losses so far this
year…
Sagem Enters Gemplus Capital
Exeunt Gemplus founder, Marc Lassus:
his share of the smart card
manufacturer’s capital sold to French
high-tech group Sagem.
The transaction was concluded at a
share price “close to market value” (with
the provision of an appreciation of 0%-
15%, should share value go over the €2
mark by the end of 2004). This gives
Sagem about 10% of the smart card
manufacturer’s capital.
What is to be expected? In fact, the
distribution of power within the firm won’t
change except for Sagem replacing Mr.
continued on p.2
Gemplus Threatened With Back
Taxes!
As is the smart card manufacturer didn’t
have enough to deal with, the French
internal revenue service is contesting the
reality of the headquarters based in
Luxembourg, which could translate into
€40 million in unpaid taxes!
The French internal revenue service
wants to get what it considers its legal
Continued on p.2
See also:
Open Letter to David Bonderman by
Marc Lassus
On p.2
It’s All Marc Lassus’ Fault!
An editorial by our director of Publications, Charles Copin,
on page 3
© Analyses & Synthèses 2002 2
Continued from p.1 (Sagem Enters Genmplus Capital)
Lassus (who will probably resign form the board).
Whether or not the Board will find some well
needed calm through this change remains to be
seen.
As this change was in the making, Mr. David
Bonderman – usually quite media shy – met with
some members of the French press. The reason:
to give his view of the Gemplus saga, to
counterbalance the “influence” of Marc Lassus in
the French press. Here’s, in essence, what he
had to say:
- There were never any plans to delocalise
Gemplus to the US (as has been oft
hinted), except for the case of a few
financial managers, but this was rejected
by the board.
- Links between Mr. Alex Mandl and the
CIA do not exist: “It’s completely stupid.
Like saying that someone was abducted
by aliens,” explained Mr. Bonderman.
- Though Marc Lassus is a visionary for
founding Gemplus, he does not possess
the “entrepreneurship” needed to lead
such a firm and has made some
“strategic errors”.
- As for rumoured further layoffs at
Gemplus, Mr. Bonderman states that it’s
up to Alex Mandl who will present his
strategy for the firm on Monday.
Thus, the rumours flying about were apparently
enough of a bother to get Mr. David Bonderman
to fly to Paris to set the record straight.
Unfortunately, the “record”, is far from being
“straight” thanks to the Sagem entry into
Gemplus capital. According to Sagem (a leader
in the biometrics field with 40% of the global
market), the explanation has to do with marrying
leadership is biometrics with leadership in smart
cards. Nevertheless, Le Monde (a French
national newspaper) quotes sources from the
French ministries of finance, the interior and
defence as having influenced the buying into
Gemplus (at the behest of Gemplus unions) to
counter the alleged “Americanisation” of the firm.
Things are therefore far from clear as of yet!
Continued from p.1 (Gemplus Threatened With Back
Taxes!)
This could mean, an extra burden of some €40
million in unpaid taxes. The fact of the matter is
that France is ‘contesting the reality’ of the firm’s
legal headquarters which were moved to
Luxembourg in 1999 (at the request of TPG
which was to enter the firm’s capital) in
preparation for going public.
If things went through as is stated in the French
Finance Ministry’s actions, the smart card
manufacturer would have to add some €40
million to the firm’s losses of €224 over the first
three quarters. Nevertheless, the notification from
the internal revenue service is, in all probability, a
“by the book” action. Chances are that all parties
will enter negotiations, with the effect of the sum
being reduced. All the same, it’s an extra detail
which Gemplus could have done without!
Open Letter to David Bonderman by Marc
Lassus
Just in as we are going to the
[virtual] presses, an open
letter by Gemplus founder
Marc Lassus, in which he
answers to Mr. David
Bonderman’s statements to
the French press.
With completely biased arguments and a lot of
gall, Mr. David Bonderman, head of TPG [Texas
Pacific Group, Ed.] which holds 26% of Gemplus
capital, explained his role of “saviour” of the firm.
Those who know the true history of Gemplus,
foremost the employees, will finally be able to
understand what’s been going on.
David Bonderman, who is usually very discreet,
decided to set up a series of interviews with
members of the French press, because he
considered that TPG and himself were victims of
an unjust campaign of disinformation
orchestrated by his adversaries. A campaign
which tainted his quasi-angelic image which he
has managed to promote in America.
About Gemplus, his principle arguments are as
follows:
• Without TPG and the resources it offered
Gemplus’ (of which he took operational control
when turnover was over €1.2 billion with net
profits of €99 million at the end of 2000), the firm
would have died. It is true that his team has
managed the “feat” of bringing turnover to some
€800 million with dramatic losses.
• All is to be blamed on the old management
team, which, constantly and for 12 years (despite
what he claims) managed to lead Gemplus to the
position of world leader , continuously gaining
market shares and, before TPG’s intervention,
making profits.
• It is to be blamed on “bad luck” and, foremost,
on the telecoms downturn. Obviously. But, David
Bonderman forgot to remind us that from its entry
into Gemplus, TPG eliminated all lines of
diversification which brought Gemplus growth
and profits in the areas of security, copyright
protection, transportation with contactless,
tracking, etc. Developments which were
undertaken by the old management team.
© Analyses & Synthèses 2002 3
• It can also be blamed on subversive elements
on the Gemplus Board which is under TPG
control, which dared to denounce incompetence,
disrespect of enterprise governance rules,
conflicts of interest, cheating and diverse
abuses…
• To imply that TPG wanted to move Gemplus
headquarters to the U.S. is implying that TPG is
demonic. I would like to point out that at the end
of 2001, the CEO had already returned to
California, followed by the CFO, who had already
prepared the “expatriation” of key people who’s
contracts and luggage were ready. But, of
course, this is but pure devious speculation.
At present, I will not go into detail on all of the
biased arguments presented by David
Bonderman, but the point to his interviews with
the French press is that, for the first time, he
showed how easy it will be to offer proof of his
deviousness. But, we will return to this point at a
later date. Suffice it to say here that, it will permit
us to help Gemplus rid itself of the asphyxiating
grasp of TPG. Mr. Bonderman did us a great
favour in talking to the press…
This character appears to have decided, quite
recently, to show himself in daylight. He, who is
regularly very discreet, also offered himself a
demonstration to his own glory a couple of weeks
ago, for his sixtieth birthday: He rented two Las
Vegas hotels for an evening where Mick Jagger
and the Rolling Stones serenaded him with his
favourite songs. This modest ceremony cost a
measly US$7 million. Even the U.S. press
commented negatively on such excess. It would
be presumptuous of us to hint that this money
could have been better spent elsewhere…
Gemplus employees, faced with layoffs will
judge.
Mr. Bonderman, what an honour you bestowed
upon me by attacking me personally and
publicly!!
Marc Lassus
Founder of Gemplus
Editorial:
It’s All Marc Lassus’ Fault!
We had been waiting for a long time to hear
David Bonderman on the Gemplus subject. On
Tuesday (Dec. 3rd), this minority shareholder and
board member gave a press conference.
Curious, especially for a Gemplus Board member
who always considered that Board members
mustn’t talk publicly. One wonders if he will get
the same treatment as Ziad Takiedine…
Theoretically, the same cause should have the
same effect.
‘The butler did it!’, and in this case, said butler
would be Marc Lassus. Mr. Bonderman’s
explanation to a very select group of French
journalists during a private press conference are
clear: Gemplus is in troubled waters? Yes,
because the firm wasn’t run properly. Not
because of the “strategies” he, himself put in
motion through high-paid managers, but because
they were preceeded by Marc Lassus. The firm’s
ex-general manager, Bertrand Cambou has
employed too many people in France and had
entered agreements with semiconductor
manufacturers which loom heavily on the firm’s
present. Mr. Cambou is now in charge of an ADM
production line with a turnover of US$1.3 billion,
so he can’t be all that bad. Moreover, Mr.
Cambou had run his plans for Gemplus by TPG,
in the person of William Price back in February
2000, ay which time Mr. Price more than agreed.
Nevertheless, if one listens to Mr. Bonderman, all
of Gemplus’ woes are to be blamed on its exleader.
Not a word on 2001’s CEO, Antonio
Perez. It is true that he did want to create jobs at
Gemplus based on the vigorous market of 2000,
but in exotic countries where jobs cost less than
in France. Now, Gemplus unions fear that R&D is
to be relocated to Singapore – where is based
one of the firm’s historic minor shareholders –
with production moved to Mexico or Poland.
As for the agreements made with silicon
providers, one must remember that in 2000, the
market was quite different: incredible growth in
the telecoms market combined with a shortage of
silicon. There’s the reason for the agreements
made by Mr. Cambou with silicon providers. It
was, it is true and in hindsight, a strategic error.
The then new CEO, Mr. Perez could have
renegotiated these agreements, but he was quite
busy planning his return to California. David
Bonderman does partially admit to that to French
national newspaper Libération: “[The plan to
move management to the US] never existed. It
was just a few people in finance which were to be
moved, but the board didn’t approve it.”
Nevertheless, many little anecdotes tend to show
that Mr. Perez never intended to stay in France,
such as the home cinema he had installed while
refusing to have the wiring hidden because he
was just ‘passing through’.
As for interim CEO, Ron Mackintosh, nothing is
reported said to our colleagues in the French
daily press (the select few invited to the select
press conference) by Mr. Bonderman. He could
have, for example, explained why he bough 50%
of Differentis – a firm founded by Mr. Mackintosh
– and then put it in charge of auditing Gemplus…
Isn’t there a conflict of interest there? But, as
reported in French newspaper Le Monde, Mr.
Bonderman states that he doesn’t control the
Board, therefore, it wouldn’t be his responsibility.
Other curiosity: David Bonderman considers
Gemplus ‘lucky’ to have bagged, for the job of
CEO, Alex Mandl. Expensive. A few million
dollars’ worth of luck there! Moreover, why must
© Analyses & Synthèses 2002 4
Gemplus’ CEO be American (albeit of Austrian
origin)?
As for the CIA in all this (we cannot forget
rumours of US intelligence agencies pushing for
the taking over of smart card technology form
Europeans), Mr. Bonderman points out that
there’s an ex CIA chief on Schlumberger’s Board
and that “doesn’t bother anyone”.
Throughout all of this, Mr. Bonderman has shown
that his role in Gemplus is a de facto control in
the firm. Even if that may not be considered so in
Luxembourg…
Charles Copin
Ingenico Launches Bluetooth Payment
Terminal
Terminal manufacturer, Ingenico, has launched
its Bluetooth payment terminal, bringing a secure
and economical portable solution to the market.
The Ingenico 7700 payment terminal is a pioneer
in the payment terminal market through the use
of the Bluetooth standard. Bluetooth offers a
range of some 200-plus meters as well as
authentication as cryptography, making it a
perfect solution for portable payment terminals.
Thanks to Blurtooth, the Ingenico 7700 can be
(wirelessly) connected to over seven peripherals
(printer, phone, PC…) at data transfer rates of
700 Kbps.
Available in 2003, the 7700 is also EMV
compliant, through its EMV level 2 kernel, making
it a highly secure as well as ergonomic solution
which can be integrated into a network
configuration of up to 5 POS terminals.
Frequent Flyer Cards: A Potential
Danger?
The use of smart cards in frequent flyer programs
offer the possibility of getting through checkpoints
more rapidly and even checking in to one’s flight
one’s self. But a GAO (US General Accounting
Office) report suggests that such programs could
actually compromise security.
In a 41 page report for Senator Kay Bailey
recently published (which can be obtained from
the GAO Web site – www.gao.gov, report #
GAO-03-253), the GAO states that smart cardbased
registered traveller programs (in which,
frequent travellers, upon giving adequate
personal info, obtain a smart card which helps to
speed up – or even bypass – the check-in
process) raise security concerns.
Beyond the classic “invasion of privacy” concerns
(noted in the report), the GAO expresses the
opinion that by less stringent screening for some
travellers could, in fact, weaken security. “[T]he
potential for members of ‘sleeper cells’ –
terrorists who spend time in the United States
building up a law-abiding record – to become
registered travellers in order to take advantage of
less stringent security screening,” is one of the
problems which the report highlights. Another is
on the subject of biometrics. The report states,
backed by testing figures, that biometric
technology “is expensive, does not allow for quick
processing of numerous travellers [thus,
defeating the purpose or ‘registered traveller’
programs, ED.], and is not foolproof.” The report
concludes that “numerous unresolved policy and
programmatic issues” would need to de
addressed before setting up such programs.
Thus, one could conclude that the GAO’s
“Aviation Security – Registered Traveler Program
Policy and Implementation Issues” is quite right in
concluding that such programs just aren’t worth
the risks. Nevertheless, one may beg to differ.
Of course, such programs are not perfect. But,
then again, what is? Of course, you won’t be able
to pick up ‘sleeper cells’ using such a program.
But, you can’t pick up ‘sleeper cells’ unless they
go live (or, unless you’re very lucky in your
intelligence gathering!). As for “unresolved policy
issues”, they need but to be resolved through the
defining and application of guidelines (in the US,
for example, on a Federal level). As for
biometrics, they are not infallible either, but they
can be of help, one must just not solely rely on
such technology.
So, though such ‘registered traveller’ programs
aren’t completely foolproof, they can help make
air travel less of a hassle, something which that
industry won’t frown upon (they’re almost worse
off than the high-tech sector!). The one point
which must be insisted upon, is that these
programs mustn’t be set up haphazardly, but
clear regulations (something the aviation world is
used to) have to be in place to ensure security;
and that is a problem for legislators.
Canadian Banks Not Fighting Fraud!?!
We need not remind readers (especially in these
pages!) of the flaws of mag-stripe cards.
Nevertheless, some see the solution (the smart
card) as being too expensive…
Debit card fraud and identity theft are becoming
quite alarming in Canada as well as in the US
where the Experian case has shook the banking
card industry. A recent investigation by Montreal
newspaper La Presse (www.cyberpresse.ca)
shows that the number of reports of debit card
fraud has doubled since 2000 (2643 cases this
year compared to 1376 cases in 2000, for a
population of a little more than 1.5 million). The
problem is the skimming of debit cards, which,
with the cardholder’s PIN (often chosen by the
cardholder him or herself – giving way to many
© Analyses & Synthèses 2002
birth dates or birth years as PIN), are then used
to plunder bank accounts.
One of the major problems is the easy access to
the equipment used for skimming mag-stripe
cards. An Ottawa firm which runs the
www.canadabarcode.com site will deliver you a
skimming device for around CAN$1,800 (about
€1,160). The president of the firm, Mr. Robert
Cattral, 29, has even been convicted of
possession of stolen bank cards! Nevertheless,
the possession of skimming devices remain legal.
According to Montreal police, banks could easily
stop this ever growing fraud by migrating to chip
cards. Nevertheless, banks “consider that it is
more affordable to reimburse victims than to
modify their [card, ATM and POS, Ed.] system,
which is twenty years old,” explains police
captain Robert Chartrand of the economic crimes
squad.
This is not an isolated case in North America.
According to privacy consultant, Robert Douglas,
banks take “inadequate” steps to authenticate the
identity of their clients. The obvious choice,
according to Mr. Douglas is PIN (“[B]anks that
don’t use PINs [are] defeated every time.”). But
PIN alone, as we have seen above, is just not
sufficient. The question is: how much more
increase in fraud rates will North American banks
tolerate before adding the chip to cards?
Protecting Smart Cards from Hackers?
After having pioneered a sophisticated method
for cracking smart card security, Cryptography
Research is selling a system for testing cards
against that very attack it developed.
Now here’s a case of creating your own market:
San Francisco-based Cryptographic Research,
having developed a technique for cracking smart
card security (differential power analysis – in
which secret codes are determined by the
measurement of power consumption variation
while the card is in use) back in 1998, is now
offering the Differential Power Analysis
workstation, to test the resistance of cards
against such attacks.
Paul Kocher, president of Cryptographic
Research explains that the firm hesitated before
offering the workstation, since, being a
combination of soft and hardware used internally,
it could also be used by hackers. Nevertheless,
for between US$120,000 and US$200,000
(depending on the features), the firm will offer its
workstation to “legitimate organisations”.
Thus, having created (or, at least discovered) the
problem, Cryptographic Research now offers the
solution. But, before forking out hundreds of
thousands of dollars, one must keep in mind that
to obtain what is stored on the card using
differential power analysis, a hacker must not
only be highly skilled and have access to
sophisticated equipment, but must have physical
access to the card itself, and it must be in use for
the analysis to work (thus, you also need the PIN,
unless we’re talking about the card in cell phone
which has already been turned on, and PIN
entered!). In terms of the risks associated with
such attacks, they are not very high: “In actual
fact, I know of no instances of real-life fraud using
DPA [Differential Power Analysis, Ed.],” explains
Bruce Graham, communications manager at
Gemplus. As intellectually interesting as it may
be, one must ponder the true risks represented
by differential power analysis before pulling out
one’s corporate wallet.
FROM THE INDUSTRY…
(the latest press releases, which can be
found in full on www.e-smartransaction.com)
Miotec Granted the BS7799 Information
Security Management System Certificate
IR Recognition Systems Biometric HandKeys
Control Access at Beaumont Hospital
New Study Shows Online Shoppers Spend Up
to Four Times More When They Feel Secure
Nokia and Gemplus demonstrate R-UIM for
North American wireless customers
Wi-Fi Smart Card Consortium To Specify
Secure Wi-Fi Mobility Management
ARM Expands Training Program With New
Training Center In France
Valicert and Secure Solutions to offer
comprehensive range of secure software
solutions to UK financial services market
Increased Internet Use and Reaction to Major
Security Breach Main Reasons for Security
Deployment, IDC Survey Reveals
CardBASE Develops a Second National Smart
Card Payment Application For Nigeria
Change on the Board of Directors at Giesecke
& Devrient
MasterCard International Launches
MasterCard® Installment CardTM
New Consortium Launched to Promote Smart
Active Label Systems
OTI Reports Nine Months 2002 Results
Trintech Reports Third Quarter Revenues of
$11.4 Million and Nine Month Revenues of
$32.4 Million

[ Next Thread | Previous Thread | Next Message | Previous Message ]

Replies:
Subject Author Date
Re: http://www.cardshow.com/esmart/pdf/eSmartWeekly1.pdfex CIA chief on Schlumberger’s Board06:09:00 01/11/03 Sat


Post a message:
This forum requires an account to post.
[ Create Account ]
[ Login ]
[ Contact Forum Admin ]


Forum timezone: GMT-8
VF Version: 3.00b, ConfDB:
Before posting please read our privacy policy.
VoyForums(tm) is a Free Service from Voyager Info-Systems.
Copyright © 1998-2019 Voyager Info-Systems. All Rights Reserved.