Show your support by donating any amount. (Note: We are still technically a for-profit company, so your
contribution is not tax-deductible.)
PayPal Acct:
Feedback:
Donate to VoyForums (PayPal):
[ Login ] [ Contact Forum Admin ] [ Main index ] [ Post a new message ] [ Search | Check update time | Archives: 1, [2], 3, 4, 5, 6, 7, 8, 9, 10 ] |
Subject: http://www.cardshow.com/esmart/pdf/eSmartWeekly1.pdf | |
Author: Issue 2, Volume 1, 7 December 2002 |
[
Next Thread |
Previous Thread |
Next Message |
Previous Message
]
Date Posted: 06:06:24 01/11/03 Sat Issue 2, Volume 1, 7 December 2002 This week’s news from www.e-smartransaction.com P.2 : Open Letter to David Bonderman by Marc Lassus P.3 : Editorial: It’s All Marc Lassus’ Fault P.4 : Canadian Banks Not Fighting Fraud!?! • Ingenico Launches Bluetooth Payment Terminal • Frequent Flyer Cards: A Potential Danger? P.5: Protecting Smart Cards from Hackers? • From the Industry e-smartransaction WEEKLY is a weekly highlight of news published on its sister web site, www.e-smartransaction.com. •Director of publications: Charles COPIN • Editor: Ivan PANDEV (ipandev@e-smartransaction.com) • Contributing Journalists: Bénedicte Rallu, Brigitte Roux, & Jennifer Wilbois Marketing: Mounia Belhaoues (mbelhaoues@wanadoo.fr) • Subscriptions:•Catherine De Curieres (caroline.screve@wanadoo.fr) An Analyses & Syntheses publication : 146 rue Montmartre - 75002 Paris - FRANCE ℡+33 (0)1 53 40 97 00 +33 (0)1 44 76 01 81 www.cardshow.com © Analyses & Synthèses 2002 Gemplus: An Eventfull Week! The past week has been quite eventfull for smart card manufacturer, Gemplus: starting with TPG’s David Bonderman giving a (rare) private press conference in Paris, through Sagem entering the firm’s capital, and ending with a sword of Damocles of some €40 in unpaid taxes to add to the already heavy losses so far this year… Sagem Enters Gemplus Capital Exeunt Gemplus founder, Marc Lassus: his share of the smart card manufacturer’s capital sold to French high-tech group Sagem. The transaction was concluded at a share price “close to market value” (with the provision of an appreciation of 0%- 15%, should share value go over the €2 mark by the end of 2004). This gives Sagem about 10% of the smart card manufacturer’s capital. What is to be expected? In fact, the distribution of power within the firm won’t change except for Sagem replacing Mr. continued on p.2 Gemplus Threatened With Back Taxes! As is the smart card manufacturer didn’t have enough to deal with, the French internal revenue service is contesting the reality of the headquarters based in Luxembourg, which could translate into €40 million in unpaid taxes! The French internal revenue service wants to get what it considers its legal Continued on p.2 See also: Open Letter to David Bonderman by Marc Lassus On p.2 It’s All Marc Lassus’ Fault! An editorial by our director of Publications, Charles Copin, on page 3 © Analyses & Synthèses 2002 2 Continued from p.1 (Sagem Enters Genmplus Capital) Lassus (who will probably resign form the board). Whether or not the Board will find some well needed calm through this change remains to be seen. As this change was in the making, Mr. David Bonderman – usually quite media shy – met with some members of the French press. The reason: to give his view of the Gemplus saga, to counterbalance the “influence” of Marc Lassus in the French press. Here’s, in essence, what he had to say: - There were never any plans to delocalise Gemplus to the US (as has been oft hinted), except for the case of a few financial managers, but this was rejected by the board. - Links between Mr. Alex Mandl and the CIA do not exist: “It’s completely stupid. Like saying that someone was abducted by aliens,” explained Mr. Bonderman. - Though Marc Lassus is a visionary for founding Gemplus, he does not possess the “entrepreneurship” needed to lead such a firm and has made some “strategic errors”. - As for rumoured further layoffs at Gemplus, Mr. Bonderman states that it’s up to Alex Mandl who will present his strategy for the firm on Monday. Thus, the rumours flying about were apparently enough of a bother to get Mr. David Bonderman to fly to Paris to set the record straight. Unfortunately, the “record”, is far from being “straight” thanks to the Sagem entry into Gemplus capital. According to Sagem (a leader in the biometrics field with 40% of the global market), the explanation has to do with marrying leadership is biometrics with leadership in smart cards. Nevertheless, Le Monde (a French national newspaper) quotes sources from the French ministries of finance, the interior and defence as having influenced the buying into Gemplus (at the behest of Gemplus unions) to counter the alleged “Americanisation” of the firm. Things are therefore far from clear as of yet! Continued from p.1 (Gemplus Threatened With Back Taxes!) This could mean, an extra burden of some €40 million in unpaid taxes. The fact of the matter is that France is ‘contesting the reality’ of the firm’s legal headquarters which were moved to Luxembourg in 1999 (at the request of TPG which was to enter the firm’s capital) in preparation for going public. If things went through as is stated in the French Finance Ministry’s actions, the smart card manufacturer would have to add some €40 million to the firm’s losses of €224 over the first three quarters. Nevertheless, the notification from the internal revenue service is, in all probability, a “by the book” action. Chances are that all parties will enter negotiations, with the effect of the sum being reduced. All the same, it’s an extra detail which Gemplus could have done without! Open Letter to David Bonderman by Marc Lassus Just in as we are going to the [virtual] presses, an open letter by Gemplus founder Marc Lassus, in which he answers to Mr. David Bonderman’s statements to the French press. With completely biased arguments and a lot of gall, Mr. David Bonderman, head of TPG [Texas Pacific Group, Ed.] which holds 26% of Gemplus capital, explained his role of “saviour” of the firm. Those who know the true history of Gemplus, foremost the employees, will finally be able to understand what’s been going on. David Bonderman, who is usually very discreet, decided to set up a series of interviews with members of the French press, because he considered that TPG and himself were victims of an unjust campaign of disinformation orchestrated by his adversaries. A campaign which tainted his quasi-angelic image which he has managed to promote in America. About Gemplus, his principle arguments are as follows: • Without TPG and the resources it offered Gemplus’ (of which he took operational control when turnover was over €1.2 billion with net profits of €99 million at the end of 2000), the firm would have died. It is true that his team has managed the “feat” of bringing turnover to some €800 million with dramatic losses. • All is to be blamed on the old management team, which, constantly and for 12 years (despite what he claims) managed to lead Gemplus to the position of world leader , continuously gaining market shares and, before TPG’s intervention, making profits. • It is to be blamed on “bad luck” and, foremost, on the telecoms downturn. Obviously. But, David Bonderman forgot to remind us that from its entry into Gemplus, TPG eliminated all lines of diversification which brought Gemplus growth and profits in the areas of security, copyright protection, transportation with contactless, tracking, etc. Developments which were undertaken by the old management team. © Analyses & Synthèses 2002 3 • It can also be blamed on subversive elements on the Gemplus Board which is under TPG control, which dared to denounce incompetence, disrespect of enterprise governance rules, conflicts of interest, cheating and diverse abuses… • To imply that TPG wanted to move Gemplus headquarters to the U.S. is implying that TPG is demonic. I would like to point out that at the end of 2001, the CEO had already returned to California, followed by the CFO, who had already prepared the “expatriation” of key people who’s contracts and luggage were ready. But, of course, this is but pure devious speculation. At present, I will not go into detail on all of the biased arguments presented by David Bonderman, but the point to his interviews with the French press is that, for the first time, he showed how easy it will be to offer proof of his deviousness. But, we will return to this point at a later date. Suffice it to say here that, it will permit us to help Gemplus rid itself of the asphyxiating grasp of TPG. Mr. Bonderman did us a great favour in talking to the press… This character appears to have decided, quite recently, to show himself in daylight. He, who is regularly very discreet, also offered himself a demonstration to his own glory a couple of weeks ago, for his sixtieth birthday: He rented two Las Vegas hotels for an evening where Mick Jagger and the Rolling Stones serenaded him with his favourite songs. This modest ceremony cost a measly US$7 million. Even the U.S. press commented negatively on such excess. It would be presumptuous of us to hint that this money could have been better spent elsewhere… Gemplus employees, faced with layoffs will judge. Mr. Bonderman, what an honour you bestowed upon me by attacking me personally and publicly!! Marc Lassus Founder of Gemplus Editorial: It’s All Marc Lassus’ Fault! We had been waiting for a long time to hear David Bonderman on the Gemplus subject. On Tuesday (Dec. 3rd), this minority shareholder and board member gave a press conference. Curious, especially for a Gemplus Board member who always considered that Board members mustn’t talk publicly. One wonders if he will get the same treatment as Ziad Takiedine… Theoretically, the same cause should have the same effect. ‘The butler did it!’, and in this case, said butler would be Marc Lassus. Mr. Bonderman’s explanation to a very select group of French journalists during a private press conference are clear: Gemplus is in troubled waters? Yes, because the firm wasn’t run properly. Not because of the “strategies” he, himself put in motion through high-paid managers, but because they were preceeded by Marc Lassus. The firm’s ex-general manager, Bertrand Cambou has employed too many people in France and had entered agreements with semiconductor manufacturers which loom heavily on the firm’s present. Mr. Cambou is now in charge of an ADM production line with a turnover of US$1.3 billion, so he can’t be all that bad. Moreover, Mr. Cambou had run his plans for Gemplus by TPG, in the person of William Price back in February 2000, ay which time Mr. Price more than agreed. Nevertheless, if one listens to Mr. Bonderman, all of Gemplus’ woes are to be blamed on its exleader. Not a word on 2001’s CEO, Antonio Perez. It is true that he did want to create jobs at Gemplus based on the vigorous market of 2000, but in exotic countries where jobs cost less than in France. Now, Gemplus unions fear that R&D is to be relocated to Singapore – where is based one of the firm’s historic minor shareholders – with production moved to Mexico or Poland. As for the agreements made with silicon providers, one must remember that in 2000, the market was quite different: incredible growth in the telecoms market combined with a shortage of silicon. There’s the reason for the agreements made by Mr. Cambou with silicon providers. It was, it is true and in hindsight, a strategic error. The then new CEO, Mr. Perez could have renegotiated these agreements, but he was quite busy planning his return to California. David Bonderman does partially admit to that to French national newspaper Libération: “[The plan to move management to the US] never existed. It was just a few people in finance which were to be moved, but the board didn’t approve it.” Nevertheless, many little anecdotes tend to show that Mr. Perez never intended to stay in France, such as the home cinema he had installed while refusing to have the wiring hidden because he was just ‘passing through’. As for interim CEO, Ron Mackintosh, nothing is reported said to our colleagues in the French daily press (the select few invited to the select press conference) by Mr. Bonderman. He could have, for example, explained why he bough 50% of Differentis – a firm founded by Mr. Mackintosh – and then put it in charge of auditing Gemplus… Isn’t there a conflict of interest there? But, as reported in French newspaper Le Monde, Mr. Bonderman states that he doesn’t control the Board, therefore, it wouldn’t be his responsibility. Other curiosity: David Bonderman considers Gemplus ‘lucky’ to have bagged, for the job of CEO, Alex Mandl. Expensive. A few million dollars’ worth of luck there! Moreover, why must © Analyses & Synthèses 2002 4 Gemplus’ CEO be American (albeit of Austrian origin)? As for the CIA in all this (we cannot forget rumours of US intelligence agencies pushing for the taking over of smart card technology form Europeans), Mr. Bonderman points out that there’s an ex CIA chief on Schlumberger’s Board and that “doesn’t bother anyone”. Throughout all of this, Mr. Bonderman has shown that his role in Gemplus is a de facto control in the firm. Even if that may not be considered so in Luxembourg… Charles Copin Ingenico Launches Bluetooth Payment Terminal Terminal manufacturer, Ingenico, has launched its Bluetooth payment terminal, bringing a secure and economical portable solution to the market. The Ingenico 7700 payment terminal is a pioneer in the payment terminal market through the use of the Bluetooth standard. Bluetooth offers a range of some 200-plus meters as well as authentication as cryptography, making it a perfect solution for portable payment terminals. Thanks to Blurtooth, the Ingenico 7700 can be (wirelessly) connected to over seven peripherals (printer, phone, PC…) at data transfer rates of 700 Kbps. Available in 2003, the 7700 is also EMV compliant, through its EMV level 2 kernel, making it a highly secure as well as ergonomic solution which can be integrated into a network configuration of up to 5 POS terminals. Frequent Flyer Cards: A Potential Danger? The use of smart cards in frequent flyer programs offer the possibility of getting through checkpoints more rapidly and even checking in to one’s flight one’s self. But a GAO (US General Accounting Office) report suggests that such programs could actually compromise security. In a 41 page report for Senator Kay Bailey recently published (which can be obtained from the GAO Web site – www.gao.gov, report # GAO-03-253), the GAO states that smart cardbased registered traveller programs (in which, frequent travellers, upon giving adequate personal info, obtain a smart card which helps to speed up – or even bypass – the check-in process) raise security concerns. Beyond the classic “invasion of privacy” concerns (noted in the report), the GAO expresses the opinion that by less stringent screening for some travellers could, in fact, weaken security. “[T]he potential for members of ‘sleeper cells’ – terrorists who spend time in the United States building up a law-abiding record – to become registered travellers in order to take advantage of less stringent security screening,” is one of the problems which the report highlights. Another is on the subject of biometrics. The report states, backed by testing figures, that biometric technology “is expensive, does not allow for quick processing of numerous travellers [thus, defeating the purpose or ‘registered traveller’ programs, ED.], and is not foolproof.” The report concludes that “numerous unresolved policy and programmatic issues” would need to de addressed before setting up such programs. Thus, one could conclude that the GAO’s “Aviation Security – Registered Traveler Program Policy and Implementation Issues” is quite right in concluding that such programs just aren’t worth the risks. Nevertheless, one may beg to differ. Of course, such programs are not perfect. But, then again, what is? Of course, you won’t be able to pick up ‘sleeper cells’ using such a program. But, you can’t pick up ‘sleeper cells’ unless they go live (or, unless you’re very lucky in your intelligence gathering!). As for “unresolved policy issues”, they need but to be resolved through the defining and application of guidelines (in the US, for example, on a Federal level). As for biometrics, they are not infallible either, but they can be of help, one must just not solely rely on such technology. So, though such ‘registered traveller’ programs aren’t completely foolproof, they can help make air travel less of a hassle, something which that industry won’t frown upon (they’re almost worse off than the high-tech sector!). The one point which must be insisted upon, is that these programs mustn’t be set up haphazardly, but clear regulations (something the aviation world is used to) have to be in place to ensure security; and that is a problem for legislators. Canadian Banks Not Fighting Fraud!?! We need not remind readers (especially in these pages!) of the flaws of mag-stripe cards. Nevertheless, some see the solution (the smart card) as being too expensive… Debit card fraud and identity theft are becoming quite alarming in Canada as well as in the US where the Experian case has shook the banking card industry. A recent investigation by Montreal newspaper La Presse (www.cyberpresse.ca) shows that the number of reports of debit card fraud has doubled since 2000 (2643 cases this year compared to 1376 cases in 2000, for a population of a little more than 1.5 million). The problem is the skimming of debit cards, which, with the cardholder’s PIN (often chosen by the cardholder him or herself – giving way to many © Analyses & Synthèses 2002 birth dates or birth years as PIN), are then used to plunder bank accounts. One of the major problems is the easy access to the equipment used for skimming mag-stripe cards. An Ottawa firm which runs the www.canadabarcode.com site will deliver you a skimming device for around CAN$1,800 (about €1,160). The president of the firm, Mr. Robert Cattral, 29, has even been convicted of possession of stolen bank cards! Nevertheless, the possession of skimming devices remain legal. According to Montreal police, banks could easily stop this ever growing fraud by migrating to chip cards. Nevertheless, banks “consider that it is more affordable to reimburse victims than to modify their [card, ATM and POS, Ed.] system, which is twenty years old,” explains police captain Robert Chartrand of the economic crimes squad. This is not an isolated case in North America. According to privacy consultant, Robert Douglas, banks take “inadequate” steps to authenticate the identity of their clients. The obvious choice, according to Mr. Douglas is PIN (“[B]anks that don’t use PINs [are] defeated every time.”). But PIN alone, as we have seen above, is just not sufficient. The question is: how much more increase in fraud rates will North American banks tolerate before adding the chip to cards? Protecting Smart Cards from Hackers? After having pioneered a sophisticated method for cracking smart card security, Cryptography Research is selling a system for testing cards against that very attack it developed. Now here’s a case of creating your own market: San Francisco-based Cryptographic Research, having developed a technique for cracking smart card security (differential power analysis – in which secret codes are determined by the measurement of power consumption variation while the card is in use) back in 1998, is now offering the Differential Power Analysis workstation, to test the resistance of cards against such attacks. Paul Kocher, president of Cryptographic Research explains that the firm hesitated before offering the workstation, since, being a combination of soft and hardware used internally, it could also be used by hackers. Nevertheless, for between US$120,000 and US$200,000 (depending on the features), the firm will offer its workstation to “legitimate organisations”. Thus, having created (or, at least discovered) the problem, Cryptographic Research now offers the solution. But, before forking out hundreds of thousands of dollars, one must keep in mind that to obtain what is stored on the card using differential power analysis, a hacker must not only be highly skilled and have access to sophisticated equipment, but must have physical access to the card itself, and it must be in use for the analysis to work (thus, you also need the PIN, unless we’re talking about the card in cell phone which has already been turned on, and PIN entered!). In terms of the risks associated with such attacks, they are not very high: “In actual fact, I know of no instances of real-life fraud using DPA [Differential Power Analysis, Ed.],” explains Bruce Graham, communications manager at Gemplus. As intellectually interesting as it may be, one must ponder the true risks represented by differential power analysis before pulling out one’s corporate wallet. FROM THE INDUSTRY… (the latest press releases, which can be found in full on www.e-smartransaction.com) Miotec Granted the BS7799 Information Security Management System Certificate IR Recognition Systems Biometric HandKeys Control Access at Beaumont Hospital New Study Shows Online Shoppers Spend Up to Four Times More When They Feel Secure Nokia and Gemplus demonstrate R-UIM for North American wireless customers Wi-Fi Smart Card Consortium To Specify Secure Wi-Fi Mobility Management ARM Expands Training Program With New Training Center In France Valicert and Secure Solutions to offer comprehensive range of secure software solutions to UK financial services market Increased Internet Use and Reaction to Major Security Breach Main Reasons for Security Deployment, IDC Survey Reveals CardBASE Develops a Second National Smart Card Payment Application For Nigeria Change on the Board of Directors at Giesecke & Devrient MasterCard International Launches MasterCard® Installment CardTM New Consortium Launched to Promote Smart Active Label Systems OTI Reports Nine Months 2002 Results Trintech Reports Third Quarter Revenues of $11.4 Million and Nine Month Revenues of $32.4 Million [ Next Thread | Previous Thread | Next Message | Previous Message ] |
Subject | Author | Date |
Re: http://www.cardshow.com/esmart/pdf/eSmartWeekly1.pdf | ex CIA chief on Schlumberger’s Board | 06:09:00 01/11/03 Sat |