National Smart Card Project

Retail Payments Sector Considerations

-1- 0dffff74781cfb97d97ef004da8a85f5.doc 08/04/2018

Report WP7-14 Version 3.0 February 2004

1 Abstract

Payment service providers, given the massive investment they have made in payment systems infrastructure, are always interested in sources of income and profit. However market forces, regulation and technology legacy mean that they are only able to cost effectively provide certain types of card payment service.

This document has three key objectives:

 To document the business, operational, regulatory and payment system considerations that will affect the decisions of the retail banks, building societies and other financial institutions when they consider involvement in the provision of payment services to Local Authorities.  Highlight any obstacles to their involvement and describe potential means by which these may be overcome.  Identify key requirements of any adopted national smart card scheme that would facilitate and encourage retail financial institutional involvement.

The National Card Payment Market is made up of the financial services organisations that focus on providing card based payment services to the mass consumer market as part or as the entirety of their commercial business. This includes:

Full Service Banks - that work on establishing a relationship with a customer and then ‘up- selling’ other services such as insurance or loans. Payment cards are seen as a means to establishing the all-important customer relationship. This has led most full service banks to provide a credit card service that is offered to non-current account holders.

Credit Unions - that exist to support community lending and as such their rationale for card issuance is solely as a means of making funds available to their borrowers in a convenient form.

Building Societies - that attempt to match the service levels of full service banks, while mortgage lending remains their primary business. Their rationale for card issuance differs from full service banks but leads to similar outcomes in terms of product portfolio, charges and interest rates and their own profitability on debit and credit card products.

Monoline Operators - that offer a single product, which is a credit card service. Unlike their established rivals, they do not have the costs of a branch office or ATM network to support and are therefore able to offer highly competitive credit card products.

Store Card Providers - that are similar entities to the monolines but they do not provide internationally interoperable credit products such as Visa and MasterCard. Instead, they operate niche credit products operating under the brand of a particular store. Their business rationale is often geared towards high interest products with very high profitability levels.

With regard to the Regulatory Environment, Local Authorities need to be aware of the controls which will be exerted upon them if they wish to provide financial card products. Card products must conform to the legislation and requirements of controlling bodies. These include:

 The Financial Services Authority - an independent body that regulates the financial services industry within the UK.  The Consumer Credit Act 1974 - requires most businesses that offer goods or services on credit or lend money to consumers to be licensed by the OFT  Compliance - The rules which govern the usage of the card are controlled and enforced by a number of bodies, all with different areas of responsibility and accountability:

Key market trends are:

 Major Drivers - Market trends within the card payment business have been governed by the twin factors of competition and the threat of fraud.  Acquiring and Issuing Consolidation and Differentiation - Acquiring services and the processes involved have changed little during the last 20 years; there is not much in terms of differentiation between acquirers.  Changes to the regulatory environment - The card issuing banks are coming under increased pressure from the Government to offer their services in a more transparent way and ensure value for money for the cardholder.  Competitive Threats - Competitive pressure on issuing banks is also coming from non- bank companies who are looking to launch competitive card products.

Potential Obstacles are: - Card service providers will only consider bringing on additional business if it brings short term revenue or will provide a guaranteed long term customer relationship which ultimately generates revenue through the on-sell of other services. Merchant acquiring divisions within financial organisations make little profit on the card services they provide and typically tend to rely upon their card issuing arms to support them. As a result they will only consider being an acquirer for the Local Authorities if:

 Transaction volumes/costs are significant.  Management/service provision costs do not make the exercise loss making.  There are potential opportunities for revenue in other areas of the relationship with the Local Authority.

Summary of Business Requirements

The business requirements of (and expected benefits to) the Financial Services Sector are shown in Section 7.4. The benefits are summarised as follows:  Increased customer base  Increased transaction volume.  Up-sell opportunities  Increased transaction revenues.  Enhanced Consumer Proposition  Access to client base  Recovering investment cost in Chip & PIN  Increase transaction volumes.  Extending the Acceptance infrastructure  Increased brand market share  Technology and Process Selection  Fees and Charges

Table of Contents

1 Abstract...... 2 2 Introduction...... 6 3 Analysis Rationale...... 7 4 Current Payment Services...... 8 4.1 Introduction...... 8 4.2 The National Card Payment Market...... 8 4.3 Business Rationale of Market Entities...... 8 4.4 Markets Trends – Customer Profile...... 10 4.5 Market Players...... 11 4.6 The Economics of Credit and Debit Card Service Operation...... 11 5 The Regulatory Environment...... 13 5.1 Introduction...... 13 5.2 Financial Services Authority (FSA)...... 13 5.3 Existing Regulations...... 13 5.4 Compliance...... 14 5.5 Impact on Local Authority Schemes...... 14 6 Market Trends...... 15 6.1 Major Drivers...... 15 6.2 Introduction of Chip and PIN...... 17 6.3 Acquiring and Issuing Consolidation and Differentiation...... 17 6.4 Changes to the regulatory environment...... 18 6.5 The Universal Bank...... 18 6.6 Competitive Threats...... 19 7 Collaboration with Financial Sector Partners - Motives and Obstacles...... 21 7.1 Motivation of the Financial Community...... 21 7.2 Potential Obstacles...... 21 7.3 Expectations of the Financial Community of the Local Authorities...... 22 7.4 Summary of Business Requirements for the Financial Sector...... 24 8 Appendix 1 – The Players...... 28 8.1 Companies and Organisations...... 28 9 Appendix 2 – Card Product Types...... 33 9.1 Credit Cards...... 33 9.2 Debit Cards...... 33 9.3 Charge Cards...... 34 9.4 Other Card Types...... 34

10 Appendix 3 – Chip and PIN...... 36 10.1 Background...... 36 10.2 How Chip and PIN works...... 36 11 Appendix 4 – The Economics of Credit and Debit Card Service Operation...... 39 11.1 Introduction...... 39 11.2 Fees and Service Charges...... 39 11.3 Liabilities...... 41 11.4 Capital and Operational Cost...... 41 11.5 Economic Constraints...... 41 12 Appendix 5 – National Smart Card Project Glossary...... 43

2 Introduction

This document has three key objectives:

 To document the business, operational, regulatory and payment system considerations that will affect the decisions of the retail banks, building societies and other financial institutions when they consider involvement in the provision of payment services to Local Authorities.  Highlight any obstacles to their involvement and describe potential means by which these may be overcome.  Identify key requirements of any adopted national smart card scheme that would facilitate and encourage retail financial institutional involvement.

In preparing this document, discussions have been held with APACS who represent every regulated card payment scheme operator in the UK and Switch who are the dominant debit card scheme in the UK. Other informal discussions were held with individual banks and MasterCard Europe as a means of confirming the information that is presented in this document.

3 Analysis Rationale

Before considering the opportunities presented by the existing card payments infrastructure it is useful to consider the rationale for contemplating its use.

A clear need for payment services as part of any card product offered by the Local Authorities to their citizens has been established. This payment service would be used to support a wide range of low value transactions in a broad range of environments including travel, vending, libraries and schools.

Within the Cross Regional E-payment Requirements document (WP7-05), it was identified that in order to succeed, any Local Authority based card products would require wide ranging acceptance (inside and outside of the owning Authority) and interoperability between Local Authorities and the commercial sector.

Creating a widespread payment systems infrastructure requires massive investment and also requires a great deal of time. Broadly speaking, any payment network created by the Local Authorities would be in parallel with that which already exists.

The UK financial sector is currently investing in a massive programme to redevelop their payment infrastructure to use chip and PIN technology based on EMV standards. This coincidentally creates the opportunity to more cost effectively support low value payments through the use of Pre-Authorised Payment (PAP)1, within the exiting infrastructure. Unlike the launch of a parallel e-purse system this would allow the existing infrastructure to be used without additional technology costs.

The opportunity therefore exists for the Local Authorities to work with the existing card payments industry and gain access to an installed infrastructure that immediately supports low transaction value payments which meets the needs of Local Authorities.

1 This was previously known as Pre-Authorised Debit (PAD). The name was changed in late 2003 to become a superset name, incorporating Pre-Authorised Credit (PAC) and Pre-Authorised Debit (PAD).

4 Current Payment Services

4.1 Introduction

This section provides a review of current payment services provided by the UK retail financial institutions and the business economics that drive them. While a retail bank has many facets, the focus of this document is limited to those payment services which are card based.

4.2 The National Card Payment Market

For the purposes of this document we are considering any financial services organisation that focus on providing card based payment methods to the mass consumer market as the part or the entirety of their commercial business. This includes any retail bank, building society, credit union or other licensed operator such as the major store card providers e.g. GE Capital.

All such organisations are commercial entities who expect to generate a return on invested capital. However they differ considerably in terms of the degree of return they expect to generate both short and long term.

Obviously credit unions and building societies tend to have more socially aware values that guide their business decisions whereas store card operators and many retail banking groups are driven towards maximising shareholder returns. This is an important consideration for the purposes of this document because it highlights the need to match cultural fit requirements as well as technological or service capacity. In other words some of the most effective providers of card payment services in England are the least likely to form an effective alliance with a Local Authority because of the considerable difference in expected outcomes from such a relationship. However within the broad range of card payment service providers there are many that could work with the Local Authority community.

4.3 Business Rationale of Market Entities

Organisations that provide card based payment services in the English market have different reasons for doing so which need to be understood by Local Authorities.

4.3.1 Full Service Banks

Most high street banks offer a wide range of services to their customers and their sales model usually works on establishing a relationship with a customer and then ‘up-selling’ other services such as insurance or loans. Payment cards are seen as a good way of quickly establishing the all important customer relationship. Generally speaking full service banks will consider their debit card product as a necessary component of a full service offering despite the low profitability of such products whereas their credit card offerings will be seen as highly profitable. This has led some full service banks to provide a credit card service that is offered to non- current account holders – the best example of this is Barclaycard which acts independently of Barclays Bank and whose credit cards holders do not necessarily bank with Barclays. Most of the major full service banks now operate this model.

4.3.2 Credit Unions

Although there is very little card issuing by Credit Unions there is a growing trend in this direction. Credit Unions exist to support community lending and as such their rationale for card issuance is solely as a means of making funds available to their borrowers in a convenient form.

4.3.3 Building Societies

Building Societies have reduced in number considerably as many converted from mutual ownership status to private companies. Those that remain are attempting to match the service levels of full service banks however they do so against the background of mortgage lending as their primary business. Their rationale for card issuance therefore differs from full service banks but leads to similar outcomes in terms of product portfolio, charges and interest rates and their own profitability on debit and credit card products.

4.3.4 Monoline Operators

In the past card based payment services were only offered by full service providers. The customer would receive a debit or credit card along with a cheque book and current account facility. However in the last ten years the UK market has seen the rise of the monolines as a major competitive force. These ‘monolines’ have a single product – hence their name – which is a credit card service. Examples include MBNA and Capital One. Unlike their established rivals they do not have the costs of a branch office or ATM network to support and are therefore able to offer highly competitive credit card products.

Due to the reduced operational costs surrounding these products the traditional UK banks have been forced to cut margins on their credit products and try to be more creative in the products and services they deliver in an attempt to expand their issuing base and their acquiring business. This competitiveness could work in favour of the Local Authorities as banks want and need relationships with owners of large niche groups that the monoline issuers cannot serve with just a credit product. Any new markets which are to be exploited must be profitable and the Local Authorities need to consider how they might fit these criteria.

4.3.5 Store Card Providers

Store card operators are similar entities to the monolines but they do not provide internationally interoperable credit products such as Visa and MasterCard rather they operate niche credit products within the confines of particular stores. Their business rationale is often geared towards high interest products with very high profitability levels.

4.4 Markets Trends – Customer Profile

4.4.1 Credit Cards

In the past different retail banks had different target markets; some only dealt with customers with good or exceptional credit ratings, which reduces the risk of financial losses from bad debt or fraud to their business, while others focused on the so-called ‘sub-prime’ sections of the community, where loans and other financial products are offered at higher interest rates to offset the risks associated with underwriting this type of business.

With the increased competitiveness of the UK market and the arrival of the monoline card issuers, there is now a much greater willingness on the part of all card payment issuers (except building societies and credit unions) to recruit customers who pose a greater level of risk than their traditional customers. This competitive force is driving retail banks to provide a credit service to a far greater proportion of the population than was previously considered viable or sensible.

4.4.2 Card Products

The UK is a very mature card payments market with a well established infrastructure and highly competitive market. Financial service companies offer a number of card based products which include Automatic Teller Machine (ATM), Debit, Credit and Store card products all of which come in a variety of forms. The nature of each product type is described in Appendix 2 – Card Product Types.

4.4.3 Card Schemes

The cost of introducing a card processing system for either issuing cards or acquiring card transactions is only justified if high enough volumes of cards can be issued and therefore high enough payment transaction volumes with sufficient value can be processed. The required volumes cannot usually be achieved by any one single party; to achieve this requires a non- competitive, co-operative approach which brings many card issuers and merchant acquirers together under a single acceptance brand. I.e. Switch, Visa, MasterCard, etc. (see Appendix 1 for a brief history of these schemes).

The success of these schemes is due to their ability to market the scheme brand to both card holders (citizens) and card acceptors (merchants). Once the brand and economies of scale have been established, individual scheme members (Card Issuers and Merchant Acquirers) will then market their own products on a competitive basis to win market share.

The main role of the scheme is to market the scheme brand, administer the scheme rules and regulations and operate international clearing and settlement systems for their members. In some countries they operate national clearing and settlement systems e.g. Switch and LINK are UK only systems whilst Visa and MasterCard are both international and sometimes national operators.

4.5 Market Players

4.5.1 Merchant Acquirers

Acquirers are banks who make arrangements with businesses (merchants), such as shops, to provide the ability to accept plastic card payments. When a payment is made by card, the transaction is sent to the acquirer, who credits the merchant’s bank account and sends details of the sale to the card issuer for processing against the appropriate cardholder account. Typically the acquirer charges the merchant a few pence for handling debit card transactions and a small percentage of the transaction value for credit cards.

There are 7 merchant acquirers in the UK although 85% of all UK acquiring is handled by the 3 main banks Barclays, NatWest (RBOS) and HSBC. It is these high street banks that operate the infrastructure that supports the UK financial cards market today. Most UK merchant acquirers are also card issuers. The exceptions to this rule are non-bank service companies like FDR who are merchant acquirers but not card issuers.

4.5.2 Card Issuers

Issuers own and manage the relationship with the cardholder, they issue “cards” to customers/account holders and manage the way in which these cards can be used. The card issuers determine the availability of card products to their customers and the availability of a line of credit to the holder, the issuer is responsible for ensuring that sufficient funds are available when the card is used and takes the risk of allowing a line of credit. An Issuer’s primary source of income is interest charged on outstanding debts.

Within the UK today there are now many card Issuers (over 17 have issued more than one million cards each) which is significantly higher than the original 3 high street banks that established the infrastructure. Because of economies of scale and the UK being a mature market, it is easy and cost effective for new card issuers to set up and use the established infrastructure and membership of one of the major schemes allows them access to this infrastructure.

4.6 The Economics of Credit and Debit Card Service Operation

4.6.1 Commercial Drivers

Commercial drivers that may induce financial sector organisations to work with Local Authorities will derive largely from the economics of the proposition. A fuller description of these economic factors - and a discussion on potential constraints - can be found in Appendix 4 – The Economics of Credit and Debit Card Service Operation.

4.6.2 Fees and Service Charges

Interchange fees - Interchange fees are set to compensate for the risk and operating expenses involved in processing a transaction and is partly determined by the nature of the transaction.

Terminal acceptance options - To accept card-present e-payments, a payment terminal device is required; these devices are normally provided by the acquiring bank, on a lease or rental basis, or can they can be purchased by the retail business directly.

Chargebacks - A chargeback is instigated by the cardholder, who after receiving his monthly card statement fails to recognise a transaction which is listed. Chargebacks are not a revenue stream; rather they are a cost factor that influences the pricing of the service provided.

4.6.3 Liabilities

A considerable part of the business economics of a card payment operation is the cost of fraudulent transactions and bad debt. Within the UK, losses due to card fraud in 2003 were equal to £424.6 million and the current projected figures for the end of this decade are £1 billion.

4.6.4 Capital and Operational Cost

One of the most significant areas of cost for any player in the card payments market is the cost of capital equipment including information technology, communications and card acceptance hardware and software. They also carry significant operational costs especially manpower related costs associated with the operation of systems and support for customers.

5 The Regulatory Environment

5.1 Introduction

For Local Authorities to assess whether to provide financial card products they need to be aware of the controls which will be exerted upon them and who, within the UK, will sanction these products. While card products can be developed and delivered by the card issuing companies they must conform to the legislation and requirements of controlling bodies such as the Financial Services Authority.

5.2 Financial Services Authority (FSA)

The FSA is an independent body that regulates the financial services industry within the UK. They are the “policemen” of the financial services industry. The aims of the FSA are to:  Maintain Confidence in the UK financial system  Promote public understanding of the financial system  Secure the correct level of protection for the consumer  Assist in the reduction of financial crime i.e. money laundering

The FSA ensures that companies and their products conform to both standards and legislation and do this by employing a number of techniques including market surveillance and transaction monitoring. They have the power to investigate and prosecute companies or individuals who fail to conform to these standards.

5.3 Existing Regulations

The Consumer Credit Act 1974 requires most businesses that offer goods or services on credit or lend money to consumers to be licensed by the OFT. Trading without a licence is a criminal offence and can result in a fine and/or imprisonment. The Act was introduced to protect people who enter into credit agreement as long as the loan did not exceed £25,000.

The Act covers credit card, charge card, cheque, coupon, voucher, etc.; all are types of credit agreements.

The Act also covers goods which are taken away from the store and paid for on instalments, this is also deemed as a form of credit agreement.

If goods are paid for in instalments, but the goods cannot be removed until the final payment then this is also a form of credit agreement.

Hire Purchase agreements are also credit agreements. This is where you pay by instalments to use the goods, but have an option to buy the goods after all the instalments have been paid.

Should Local Authorities wish to launch any financial services product it is most likely they will be required to be regulated by the FSA and also need to comply with the Consumer Credit Act 1974.

One advantage of paying for expensive goods and/or services with a credit card, such as Access, Visa or MasterCard, is that if there is a problem the credit card company may be liable to the same extent as the supplier (section 75 Consumer Credit Act 1977).

Section 75 of the Act gives people the right to their money back from credit card companies if they use their card to buy something which turns out to be faulty. It only applies to goods worth more than £100 and less than £30,000, and it does not apply to debit, charge cards, bank loans or certain shop cards.

This act ensures that if a card is used to purchase goods or services and, these goods or service breach the laws such as the Sale of Goods Acts, the cardholder can reclaim the money from the credit company or from the merchant.

5.4 Compliance

The rules which govern the usage of the card are controlled and enforced by a number of bodies all with different areas of responsibility and accountability;  The issuing bank determines the line of credit available to the holder and the card products available to the holder.  The payment schemes that enforce the rules relating to when the card has been used e.g. they specify the timescales involved in moving payment from the issuing banks to the acquiring banks & merchants.  The Financial Services Authority (FSA) who ensure compliance and protect the right of the consumer. Within the UK all financial products and companies answer to the bank of England.

Should Local Authorities decide that any card being issued by them is capable of being used outside of the UK (as proposed by Janice Morphet, Modernisation Team, Office of the Deputy Prime Minister, 18th November 2003) then any transaction will come under European Parliament and Council Regulation on cross-border payments which was adopted during December 2001.

Article 3 provisions within the Regulation relating to cross-border electronic payment transactions (generally regarded as card transactions) became effective on 1st July 2002 and those relating to cross-border credit transfers came into effect on 1st July 2003.

5.5 Impact on Local Authority Schemes

Local Authorities should not underestimate the demands placed upon businesses that wish to issue financial products. Any new card scheme launched by a Local Authority which has a financial element will be subject to the same rigors as those of any retail bank scheme. This will not be the case if the Local Authorities choose to use products offered by an existing and already regulated card payment product and/or scheme.

Card issuers may develop specific products on behalf of Local Authorities but this will come at a price. The obstacles to preventing a symbiotic relationship are explored within the Collaboration with Financial Sector Partners - Motives and Obstacles section of this document.

6 Market Trends

6.1 Major Drivers

Market trends within the card payment business have been governed by two factors; competition in a mature market and the threat of fraud.

The increase in competition through very aggressive marketing by the new monoline card issuers has seen an explosion in card issuing activity in the UK which has resulted in credit and debit cards being made available to a much wider customer base with cardholders now holding many cards with lines of credit which, in many cases, exceed their repayment capabilities. This has resulted in a credit boom which is now providing considerable concern to central government.

The other area has been the major investment being undertaken by the UK banks to combat the increasing threat of fraud with the introduction of ‘Chip and PIN’.

The following tables provided by APACS (Association for Payment Clearing Services), show the transaction volumes associated with both cash and non cash methods of payment. This information provides an insight into people’s preferred methods of payment and highlights the significant increase in “plastic” related transactions.

TOTAL TRANSACTION 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 VOLUMES IN THE UK (Millions) All Plastic Card Purchases 1316 1488 1723 2023 2413 2759 3094 3537 3914 4386 4814 Debit Card 522 659 808 1004 1270 1503 1736 2062 2337 2696 2994 Credit and Charge Card 724 748 815 908 1025 1128 1224 1344 1452 1562 1687 Store Card (estimate) 70 82 100 109 118 128 134 131 125 128 133 Plastic Card Withdrawals at 1199 1277 1372 1512 1656 1809 1917 2030 2090 2250 2342 ATMs and Counters Direct Debits, Standing Orders, 1962 2047 2196 2402 2613 2826 3056 3255 3470 3705 3929 Direct Credits and CHAPS Cheques 3728 3559 3430 3283 3203 3083 2986 2854 2699 2565 2393 For payment 3332 3163 3074 2938 2901 2838 2757 2641 2515 2399 2246 For cash acquisition 396 396 356 345 302 245 229 213 185 166 147 Total Non-Cash (Plastic Card, 8205 8371 8721 9220 9885 10477 11053 11672 12185 12907 13478 Automated and Paper) Cash Payments (estimate) 27845 27273 26179 26270 26318 25540 25309 25596 27910 27684 26601 Post Office Order Book Payments 1108 1144 1127 1163 1114 1066 1017 962 880 791 687 and Passbook Withdrawals Total Transaction Volumes 37158 36788 36026 36654 37318 37083 37379 38230 40963 41382 40766 APACS Clearing Company 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 Payment Volumes (Millions) BACS 1820 1904 2058 2268 2476 2683 2905 3095 3316 3527 3735 CHAPS and Town Clearing* 9 11 12 13 14 17 18 22 25 28 31 Cheque and Credit (including 2513 2432 2388 2314 2285 2239 2185 2104 1981 1890 1772 Scotland) The UK ATM Network (Banks and 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 Building Societies) Number of ATMs 18700 19100 20000 20900 22100 23200 24600 28300 33000 36666 40825 ATM withdrawals (millions) ** 1169 1242 1335 1471 1599 1745 1850 1968 2027 2174 2268 ATM cards (millions) *** 49 51 52 55 57 61 66 69 73 78 83 Table 1 - Card Usage Statistics

*Until its closure in February 1995, the Town Clearing handled high-value payments in paper format **The 2001 ATM withdrawals figure does not include independent ATM deployment data ***ATM cards are stand-alone ATM cards or debit cards with an ATM functionality. Credit cards with ATM functionality are excluded.

The following table shows the payment and cash acquisition volumes during 2002 compared with 2001.

2002 Payment and Cash Acquisition Number Change on 2001 Volumes (billion) Debit Card Purchases 3.0 11.1% Credit and Charge Card Purchases 1.7 8.0% Plastic Card Withdrawals at ATMs and 2.3 4.0% Branch Counters Direct Debits, Standing Orders, Direct 3.9 6.0% Credits and CHAPS Cheques 2.4 -6.7% Total Non-Cash 11.0 4.7% Total Non-Cash Payments and Cash 13.5 4.4% Acquisition Table 2 - Payment and cash acquisition volumes

6.2 Introduction of Chip and PIN

The banks have responded to the threat of rising fraud by the introduction of Chip and PIN. This is a huge investment with a pay back period of at least 7 years for many card issuers and merchant acquirers. Chip and PIN brings many benefits and it is expected to alter the economics of provided payment card products so that new markets and customers can be supported. These new opportunities bring new revenues which will help off-set the massive investment they are making (£800M over 5 years) in this system upgrade. For further discussion of this subject please refer to Appendix 3 – Chip and PIN.

6.3 Acquiring and Issuing Consolidation and Differentiation

Acquiring services and the processes involved have not changed during the last 20 years; the procedures which they follow rarely change and the rules associated with transactions which flow between the various payments schemes differ slightly. There is not much in terms of differentiation between acquirers, some provide better/cost effective transaction charging, others provide better management information and reconciliation capabilities.

From an issuing perspective the same is true, for the customer some offer interest free, deferred payment or lower APR rates, a typical credit card may be 7%-24% while a store card could be 26-30%. The problem for the issuers is that the “card pot” has remained fairly static for some years now; there are only so many potential cardholders available for card issuers to target. While many people may have several cards within their wallets or purses, they will tend to use only one or two of these, all of which adds significant costs to the card issuing companies. Within the UK there are 8 acquiring banks and most are well-known high street names and who last year processed more than a quarter of a million card transactions each day.

The Association for Payment Clearing Services (APACS) forecast that by 2011 there will be over 500 million such transactions taking place annually.

With the growth in transactions set to rise, one area which will also be set to rise is the one of debt consolidation and debt recovery. Both these areas are forecast to become major industries during the next five to eight years as payment cards and credit facilities are easier to come by so will the debts which they bring, currently no legislation is available to protect either the old or young from financial exploitation.

While the merchant and cardholder relationships for cards are held by a financial institution many of the retail banks have outsourced their system and processing to third parties such as First Data Europe (FDE), Electronic Data Systems (EDS), Total Systems (TSYS) and Oberthur Card Systems as examples.

6.4 Changes to the regulatory environment

The card issuing banks (credit lending) have come under increasing pressure from the Government (cf the Cruikshank report published in 2000) to offer their services in a more transparent way and ensure value for money for the cardholder. This pressure has impacted the profitability of card services (credit lending) and is forcing a move towards enhanced debit card products. These require huge volumes to be profitable so one again we see a desire to expand market share, acquired transaction volumes and value of throughput.

6.5 The Universal Bank

6.5.1 Benefit Payment Migration

In May 1999 the Government decided to move to ACT (Automated Credit Transfer) as the normal way of paying benefits (DWP has a published target in its public service agreement to pay 85% of customers by ACT by 2005). They also said that benefit recipients should be able to draw their cash at post offices if they wish. In addition the Inland Revenue has introduced two new tax credits in 2003 for which all direct payments will be made via ACT from their introduction.

In June 2000 the Performance and Innovation unit recommended that the Post Office should develop the concept of a Universal Bank. In working up proposals the "Universal Bank" concept evolved into universal banking services at post offices.

6.5.2 Universal Bank

The proposal consists of two strands: access at post offices to the banks' own basic bank accounts; and the Post Office card account - a simple account exclusively for benefit recipients who are either unable or unwilling to open even a basic bank account, allowing benefits claimants to access their benefit in cash at post offices via a Post Office account instead of an order book or giro. The intention is that this account should be a stepping-stone to financial inclusion (i.e. over time benefit recipients will migrate to using bank accounts provided by financial institutions).

6.5.3 Objectives of Universal Banking Services

The universal banking services programme has the following strategic objectives:  to modernise welfare payments (i.e. benefits, pensions and tax credits) by making payments directly into bank accounts, thus substantially reducing administrative costs and fraud;  to increase financial inclusion by ensuring that everyone who wants can open a simple, accessible bank account with its services available over post office counters;  to provide a means of generating replacement business for the Post Office network, helping to ensure it remains viable following the migration of benefits to payments directly into accounts.

In pursuing these objectives, a particular aim is to deliver the Government's commitment that:  after the move to payment of benefits directly into accounts, people will still be able to collect their cash in full at a post office.

The programme has a further objective, which is to maintain standards of customer service and customer perception in relation to payment of benefits and tax credits.

In May 2001 a Memorandum of Understanding was agreed with eleven major financial institutions (accounting between them for 99% of the UK current account market). Barclays, Lloyds TSB, Royal Bank of Scotland/NatWest, HSBC, Abbey National, the Halifax, Alliance and Leicester, the Bank of Scotland, National Australia Group, the Co-operative, and the Nationwide Building Society have agreed with the Government that they will make their basic bank accounts accessible through post offices, contribute £180 million to the costs of the Post Office Card Account (POCA), and to commit to simple straight forward account opening for those with bank accounts.

In February 2002 the EU competition commission gave State Aid's clearance.

In March 2002 contracts agreed between the spending departments (Department of Work and Pensions, Inland Revenue and Northern Ireland Social Security Agency) and between POL (Post Office Limited) and its key supplier EDS/Citibank for the provision of card account.

6.6 Competitive Threats

More and more non-bank companies are looking to launch competitive card products, placing immense pressure upon the existing and traditional banks. This competition not only comes from the other banks but also from retailers, and utilities companies who are also offering competing products.

If Local Authorities offer a route to market that allows the banks to push into new territories, safely and cost effectively then they will be keen to trade with Local Authorities. The competitive threats faced by the banks will act as drivers for change that the Local Authorities can leverage.

One major threat to the UK retail banks is of acquisition, more foreign based banks are looking to move into the UK, with new ranges of cost effective managed products. Often a way for these banks to gain an initial foothold is via an acquisition of one of the existing banks and then migrate (unless the current portfolio is profitable) the current customer base over to the new product range.

7 Collaboration with Financial Sector Partners - Motives and Obstacles

7.1 Motivation of the Financial Community

As previously highlighted the banks are under extreme competitive pressure to find new and sustainable ways of increasing their card base and product offerings. To do this they need to:

 Be able to respond to competitive threats from other finance houses and non-bank derived financial products  Protect/increase their marketing share at a time when the market appears saturated with credit products - their main source of profitable revenue  Comply with government edict and address the potential opportunity and threats that the Universal bank may bring  Identify new revenue opportunities from service provision including card issue, statementing and transaction acquiring etc.  Create “up-sell” revenue opportunities - e.g. insurance  Recover the cost and investment made in the Chip and PIN systems and infrastructure.  Provide an enhanced consumer proposition – e.g. have a branded debit card which could also be used to pay for activities, such as leisure centres, and parking  Gain access to a client base that historically has been unattainable, due to cost constraints (high cost of customer acquisition and high risk).  Extend the use of the existing transactional infrastructure at minimal additional cost whilst generating increased turnover.

7.2 Potential Obstacles

The motivator for any of the card service provider is profitability and/or customer relationship ownership. They will only consider bringing on additional business if it brings short term revenue or a guaranteed long term relationship which ultimately generates revenue through the on sell of other services.

Merchant acquiring divisions within financial organisations make little profit on the card services they provide and typically tend to rely upon their card issuing arms to support them. As a result they will only consider being an acquirer for the Local Authorities if:

1. Transaction volumes/costs are significant. 2. Management/service provision costs do not make the exercise loss making. 3. There are potential opportunities for revenue in other areas of the relationship with the Local Authority.

7.2.1 Transactions Volumes

The transaction processors can easily cope with additional retail businesses using the existing infrastructure. When they consider the Local Authority business the main obstacle will be the relatively low transaction volumes and the relatively high per transaction price they will need to charge to generate a profit (see section 3.3.6). It is highly likely that the banks will only be interested in Local Authority business if they are able to capture all of the Local Authorities transactions, including internal expenditure through purchasing cards and higher value transactions such as Council Tax as these brings the size of turnover and economies of scale which they seek. The larger transactions values and the revenues they bring will be used to offset the negligible revenue generated by the lower value transactions, which are believed to form the bulk of the Local Authority based transactions.

7.2.2 Management Service

Currently the management of merchant accounts by acquirers is minimal and the expectations by the merchant are low (most information is obtained from their EPOS systems); therefore internal acquirer services costs are kept relatively low. Should the Local Authorities decide that the standard approach to the provision of information or, that additional services are required in order to support authority expectations, then unless these are funded by the Local Authorities, it will prove an obstacle to moving forward.

7.2.3 Potential Opportunities

Often the banks will take on additional business where the initial financial returns are marginal provided there are longer term opportunities to be had. While the banks may accept the lower transactional fees if the volumes are sufficient, they would look for the longer term relationships with the product holder to offset them. Should the Local Authorities decide they do not want to grant access to the citizens by the banks this may alter the financial dynamic associated with the transactional cost model.

7.3 Expectations of the Financial Community of the Local Authorities

Before engaging the financial community the Local Authorities will be required to have decided upon:

 The type of payment products on offer and number (initially must be a debit product for maximum penetration)  To what extent their involvement will be in offering payment products, e.g. are they issuers, acquirers or product developers  Their ability and willingness to use the banking infrastructure, (based on legislative, regulatory constraints, safeguards and reduced cost to market)  The possible need for a centralised Authority approach to achieve economies of scale and relevance.  The branding of the card and the possible challenges of using a credit brand given the profile of the potential customer base.

 What are acceptable commercial terms for engaging with card payment service providers?  Identification of the number of potential card holders and scale of business that they are offering to the financial sector.  Ownership of the customer – who owns the relationship and how will it be managed in case of disputes or fraud? A primary driver for any of the financial institutions is to expand their card base and up-sell additional products to the card holder. The Local Authorities will need to determine who owns that customer relationship and whether they are willing to let the financial institutions target these individuals with other financial related products, including the more sensitive area of how they will deal with citizens no longer deemed trust worthy by the financial service provider.

Only when these questions have been answered by Local Authorities can the card payment service providers be engaged to determine their willingness to provide the necessary services.

7.4 Summary of Business Requirements for the Financial Sector

This table sets out the potential benefit, conditions, obstacles and consequent business requirements of any working relationship they are likely to want to form with a Local Authority from the perspective of an existing Card Issuer, Merchant Acquirer or Scheme.

Card Issuer Potential Benefit Conditions Obstacles and Possible Business Requirement Remedies Increased customer The Local Authorities business must Many of the target customers will New customers base. extend their existing customer base and already hold bank owned card New markets not cannibalise it. The new potential products. Profitability of each customer or customers must be individually profitable subsidy. to the Issuer or the costs of servicing Co-incidental support for them must be borne by the Local Universal Bank requirements. Authority. It will be valuable additional Bank Compliant technology and business if it also meets their need to processes used. support the Universal Bank requirements. By default this assumes that the card technology and processing infrastructure is not altered in order to service this business. Increased transaction The volume of transactions must be The number of transactions per Predicted transaction volumes. volume. considerable e.g. millions per annum. annum has not been calculated. Up-sell opportunities The card issuer will seek to exploit the Data Protection Act, cultural values Clear ownership of customer relationship they have with the Local and citizen perception. relationship and/or access rules. Authority and their citizens.

Card Issuer Potential Benefit Conditions Obstacles and Possible Business Requirement Remedies Increased transaction The increase in transaction revenue must The cost of acquiring transactions Predicted average transaction revenues. be proportional to its costs including fraud is a function of the installed values. and bad debt costs. infrastructure and sets a floor below Number of off-line versus on-line which it is not possible to go. This transactions envisaged. floor is certainly higher than a Degree of risk envisaged and proportion of the transaction values acceptance or otherwise of anticipated although Chip and PIN liability. may change this. It is also a Low risk product e.g. pre- function of fraud and bad debt. authorised debit or existing debit. Access to client base The cost of winning and keeping business There is no coordinating entity Aggregated LA business? must be kept low. If each LA is a available to the LA which could potential customer the banks will find it operate this relationship. hard to service the demand profitably. Competition legislation would need Suggests a collective approach from LA. to be considered. Enhanced Consumer The card service provided would have to The cost of implementing new Clearly stated new product Proposition offer the bank’s existing customers the acceptance devices e.g. parking requirements. ability to add LA functions onto their cards meters would have to be provided Agreement on who will fund new so that e.g. a current debit card holder by one or more of the parties acceptance devices, extended can use their card to gain access to the involved. card capability, processing and leisure centre and pay for parking. card issuing systems. Recovering Card issuers will achieve this if the card Ability of the LA card functionality Use of EMV. investment cost in issued is EMV compliant for its payment requirements to be economically Chip & PIN application. A CEPS compliant purse will delivered by a card using EMV as force them to reinvest in Chip & PIN the basis of small value payments. making the problem worse for them. Chip and PIN and Pre-Authorised Payment (Debit) offers a solution.

Merchant Acquirer Potential Benefit Conditions Obstacles and Possible Business Requirement Remedies Increase transaction Suitable fee and charge rates (prices) Local Authority Procurement rules Commercially attractive fees and volumes must be available to them and deals over and practices. Economic charges. long periods of time to allow them to justification for the service. recover any investment made in new (business case). acceptance devices. By default this assumes that the transaction acquiring infrastructure is not altered in order to service this business. Recovering investment Merchant Acquirers more than Card Ability of the LA card functionality Use of EMV. cost in Chip & PIN Issuers have incurred huge investment requirements to be economically Access to market. costs to support Chip and PIN. They delivered by a card using EMV as have a strong incentive to increase Chip the basis of small value payments. based transactions. However they will Chip and PIN and Pre-Authorised not invest in CEPS based purses unless Payment (Debit) offers a solution. LAs are prepared to underwrite the entire investment. Extending the Any deal must allow the Acquirer to place Existing merchant acquiring deals Exclusivity deals over long Acceptance terminals in new locations that attract are in place. Economics of terminal periods of time. infrastructure profitable transactions from LA and Bank placement. Use of existing standards and issued cards. By default this assumes processes. that the transaction acquiring Arrangements to cover LA infrastructure is not altered in order to specific requirements costs. service this business.

Schemes Potential Benefit Conditions Obstacles and Possible Business Requirement Remedies Increased brand Any LA scheme must comply with This may limit the appeal of the Compliance with rules. market share relevant Scheme rules if they issue cards payment product and restrict who Clear brand usage rules. under that branch e.g. Switch. can use it. Perception of brand use in LA market may be counterproductive for both parties. Technology and The Schemes strictly control what can be This may prevent the card from Use of existing standards. Process Selection used and how it is operated. This creates operating in a way acceptable to LA Compliance with processes and constraints. and impose costs. rules. Fees and Charges Any relationship would have to be on the The costs of operating the service Scheme consistent fees and same basis as a commercial member of may be too high for LA. charges. the scheme. There are examples of A single body to negotiate with. Schemes creating special rules for large groupings especially government related e.g. Visa Purchasing Card for Government in UK. Table 3 - Summery of Financial Sector Business Requirements

8 Appendix 1 – The Players

8.1 Companies and Organisations

This appendix examines the role of companies and organisations such as APACS, Switch, LINK, VISA & MasterCard.

8.1.1 APACS

The association for Payment Clearing Services (APACS) is the industrial body within the UK which oversees money transmissions and which has the responsibility for the co-operative aspects of payments including plastic cards.

Once of APACS principle tasks are to manage the major UK payment clearing systems and to maintain their operational efficiency and financial integrity, e.g. BACS, CHAPS, Cheque and Credit Clearing.

APACS is also responsible for the developing the clearing and for related activities i.e. undertakes strategic studies, forecasting activities relating to money transmissions and the payment markets in the future and the development of standards for payment systems.

Topics covered by APACS include best practice guidelines and standards in relation to:  Payment clearing systems  Money transmission/electronic funds transfer (EFT)  Credit and Debit Cards  Card Terminals  Chip cards  E-Purse and e-cash  Cross-border payments  Home and office banking  Security for Electronic payments  Trust services

8.1.2 LINK

LINK Interchange Network Ltd is the transaction management company that processes transactions for the UK's only shared, branded cash machine network. As the largest ATM switch in the world LINK currently processes around 2 billion transactions per year for the UK's largest financial institutions and independent ATM deployers.

LINK's role is to manage the central switch to which all these financial institutions are connected and provide a settlement service for the shared transactions which take place. LINK provides the legal and commercial framework that makes ATM sharing in the UK so successful, as well as the technical infrastructure that enables it to happen, i.e. central hub, telecommunications infrastructure, settlement services and management information to its network customers.

LINK enjoys a history stretching back to the very beginning of ATM sharing in the UK, and so has vast experience and detailed understanding with regard to the establishment and growth of shared networks by balancing the needs of consumers, acquirer banks and card issuers. It was formed in 1985 to facilitate cash machine sharing between the customers of several smaller building societies and medium-sized banks.

The company now manages the shared ATM transactions of 50 members, including all of the UK's major financial institutions and ATM deployers, by providing the central hub, the telecommunications infrastructure and the settlement and management information to its Network customers, each of which has its own host systems.

8.1.3 MasterCard/VISA

MasterCard and Visa are the main credit card payment schemes which operate world wide. These schemes do not issue cards themselves but instead create and police the rules which govern the way merchants, acquiring and issuing banks interact.

Both MasterCard and VISA are also responsible for control of the networks which transmit funds between acquiring banks and issuing banks.

8.1.3.1 VISA – History

The history of bank cards dates back to 1914. That year, Western Union issued the first consumer credit card. These early cards were issued to preferred company customers to offer them an array of special services, including interest-free deferred payments.

In the first decades of the 20th century, a large number of non-financial companies, including hotels, department stores and gas companies, issued credit cards to their customers. The Diners Club card, introduced in 1950, was the first credit card accepted by different merchants.

In 1951, Franklin National Bank of Long Island, New York, issued a card that was accepted by merchants, and soon approximately 100 other banks began to issue cards. Cardholders were not charged fees or interest; they simply paid the full amount due on the account upon receipt of the statement, but banks did charge merchants a fee for card transactions.

Bank of America had the entire state of California as a potential market, and when it issued Bank Americard in 1958, the card was an instant success. By 1965, the institution had already subscribed licensing agreements with a group of banks outside California, allowing them to issue Bank Americard. At the same time, another group of banks in Illinois joined forces in the U.S. East Coast to create Master Charge. By 1970, over 1,400 banks were offering Bank Americard or Master Charge cards, and bank cards were already generating US$3.8 billion in sales volume.

In 1970, Bank of America gave up control of the Bank Americard program. Bank Americard Issuer banks took control of the program, creating National Bank Americard Inc. (NBI), an independent non-stock corporation, which would be in charge of managing, promoting and developing the Bank Americard system within the U.S.

Outside the U.S., Bank of America continued to issue licenses to banks to issue Bank Americard. By 1972, licenses had been granted in 15 countries. In 1974, IBANCO, a multinational member corporation, was founded in order to manage the international Bank Americard program.

In many countries, there was still reluctance to issue a card associated with Bank of America, even though the association was entirely nominal in nature. For this reason, in 1977 Bank Americard became the Visa card, retaining its distinctive blue, white and gold flag. NBI became Visa U.S.A., and IBANCO became Visa International.

8.1.3.2 MasterCard - History

MasterCard has expanded globally to such an extent that no other payment card is accepted in more locations around the world than MasterCard. They also have the MasterCard/Cirrus ATM network, among the largest ATM networks in the world with over 900,000 locations on all seven continents.

1981 - MasterCard introduced the first gold bankcard program.

1983 - MasterCard was the first to use the laser hologram as an antifraud device.

1987 - A MasterCard® card became the first payment card issued in the People's Republic of China.

1989 - MasterCard introduced the first bankcard with a tamper-resistant signature panel.

1990 - MasterCard unveiled a co-branding strategy and became the industry's co-branding leader.

1991 - MasterCard, in partnership with Europay International, launched Maestro®, the world's first truly global online debit program.

1992 - Maestro completed the first-ever coast-to-coast national online debit transaction in the United States. 1996 - MasterCard Global Service® became the first program to provide cardholders with telephone access to core emergency and special services in 21 languages, from 130 countries (today, in 196 countries and 46 languages).

1996 - MasterCard contracted with AT&T to replace its transaction network infrastructure with the industry's first virtual private network design, which delivers faster response time and lower costs. (In 1998, alone, the VPN reduced cumulative payment processing time by nearly half a century.)

1997 - MasterCard acquired a 51% stake in Mondex International, which offers the only electronic-cash product that is globally interoperable, with a multicurrency capability.

1997 - MasterCard was the first payments organization to cap uniform liability limits for unauthorized use at US$50 for all U.S.-issued MasterCard-branded consumer cards—both credit and debit.

1998 - MasterCard/Cirrus® ATM Network expands to Antarctica.

1998 - MasterCard and MYCAL Card Company in Japan announce the world's first migration from traditional credit cards to multi-application chip cards using the MULTOS™ operating systems.

1999 - Mondex™ e-cash and MULTOS became the first commercial products ever to receive the highest assurance level possible under the prestigious ITSEC (Information Technology Security Evaluation Criteria) security rating.

1999 - The first online purchase of a U.S. Treasury Bond was made with a MasterCard card.

2000 - MasterCard became the first in the industry to establish a U.S. rule of no liability for the consumer from the unauthorized use of payment cards.

2001 - MasterCard launches mc2 Card, the first non-rectangular card.

2001 - MasterCard becomes the first payments association to actively support all smart card platforms, enabling members to issue MasterCard, Maestro and Cirrus branded smart cards on MULTOS, JavaCard, or proprietary platforms.

2002 - MasterCard becomes the first bankcard association to convert to a private share corporation, in connection with its merger with Europay.

8.1.4 SWITCH

Back in the 1980s, with the costs of processing cheques continuing to rise, three major banks saw the opportunity for a fully-electronic payment system: a system that could be administered more efficiently, would be easier and safer for retailers to handle and more convenient for consumers.

In 1988, Midland Bank (now HSBC), National Westminster Bank and The Royal Bank of Scotland joined forces to launch the Switch Card Scheme. After an initial period when the Scheme was administered by these founder members, a separate company was created to manage and market the Scheme on behalf of a growing membership. Since the first Switch transaction back in October 1988, the Scheme has grown to include other banks and building societies and now has many members.

In 1997, Switch launched another fully electronic debit card programme: Solo. Using the same infrastructure as Switch, Solo offers a different level of financial control and was designed to extend the benefits of electronic debit card payment to a new group of shoppers.

Both brands have proved very successful in their marketplace, a testament to hard work and expertise that have supported Switch and Solo over the past few years.

However, the world moves on. When Switch first appeared, it was highly innovative – one of the world’s first domestic debit card brands. In its time it has helped to change the way the UK spends. Now, in an increasingly global market, where international commerce is commonplace, there is less need for a domestic brand and it makes more sense for our cardholders to have one single, debit brand that they can use not only at home but also abroad – at millions of outlets and many thousands of ATMs. Hence the Scheme’s decision to migrate the Switch brand to Maestro. The move will benefit retailers too, giving them access to many millions of Maestro cardholder’s worldwide.

As for the Scheme and its members, moving to Maestro will provide access to new services being developed by MasterCard and will allow easier access to those that want to join one of the world’s biggest debit card brands.

9 Appendix 2 – Card Product Types

9.1 Credit Cards

Credit cards are attached to a revolving line of credit usually offered with a 45 to 60 days interest free period after which interest is charged on a daily basis. The interest generated is the main source of income for this type of card. Some card issuers do charge an annual fee but this practice declined soon after its introduction due to competitive pressure.

Credit cards are regulated by the Consumer Credit Act 1974 which was one of the main reasons for the boom in credit over the last 30 years as the act de-regulated the credit industry providing an open, competitive market.

9.2 Debit Cards

Debit card usage has proliferated in the UK over the last 15 years since the introduction of Switch.

Debit cards are physically used in the same way as credit cards but they act like an electronic cheque and allow the customer to draw available funds from their current bank account. It is useful to note that the current account may include an overdraft allowance in which case the debit card allows access to a prearranged line of credit. However the distinction between credit and debt cards is primarily that the debit card is an intrinsic part of a more complex customer relationship including a current account whereas a credit card can be provided separately from any other product. A debit card payment is taken directly from the current account within a day or two of the purchase. The details then appear on the bank statement. Most debit cards also operate as ATM cards allowing holders to withdraw cash from their account.

There are two debit card schemes in Britain - Visa Debit and Switch. The cards can be used wherever their brand logos are displayed. Although Switch is only available in the UK and can only be used in outlets with electronic terminals most Switch cards also belong to the Maestro and Cirrus networks operated by MasterCard members. This means they can be used at these brand acceptance points to purchase goods and withdraw cash abroad. It has recently been announced that MasterCard has taken over the Switch scheme and will, over then next 5 years, be replacing it with their Maestro brand.

In the UK the debit card schemes work principally in a ‘Pre-dominantly Offline’ environment, this is to say that the point of sale terminals can authorise transactions up to an agreed transaction value (floor limit) without having to gain an ‘online’ approval from the issuer of the card (the authority controlling the debit card account). There is an inherent risk in this but it is offset by reduced operating costs for both the merchant and the banks.

Both Switch and Visa issue variations of their main product (Switch and Visa Debit) with additional products (Solo and Electron) where such offline authorisation is not allowed. For these card products each transaction must be authorised ‘online’ by the card issuer with an electronic authorisation message. Since the account linked to the card is checked each time it is used, the holder cannot go overdrawn inadvertently. These card products are often issued to young people, those new to banking and people with savings rather than current accounts.

9.3 Charge Cards

Charge cards are used in the same way as credit cards, except that the bill must be paid off completely each month. They can be linked to the same card schemes but usually have higher annual fees than credit cards, particularly if they are branded as “gold” cards. They may offer additional benefits such as priority bookings on tickets and free travel insurance. Some banks issue charge cards, and there are three internationally recognised charge card operators; Diners Club, JCB and American Express.

9.4 Other Card Types

9.4.1 Budget Cards

Budget cards are a form of credit card usually issued by retailers (see store cards). You pay at least an agreed monthly minimum and have access to a credit limit which is a multiple of that payment. For example, a monthly payment of at least £10 and a multiple of 25 would give you a credit limit of £250. Each credit limit on a budget card is determined by the card issuer who is taking the financial risk.

9.4.2 Co-branded Cards

Co-branded cards are a type of credit card issued jointly by an issuer and a non-financial institution which has a well-known brand name. The non-financial institution offers certain benefits to cardholders, normally using a points system. Once you have collected the required number of points on your co-branded card, you are entitled to a choice of benefits on offer. Two examples of co-branded cards are the Ford/Barclaycard and GM/HFC card where expenditure on the card is translated into discounts on the co-branders products.

There is a relatively new form of co-branding present in the UK market which involves a bank providing a full-service debit card product including current account facilities through the agency of a retailer, for example the Tesco and Sainsbury’s banking products. This type of relationship may form the basis of the model for a relationship between a Local Authority and a bank.

9.4.3 Company cards

Company cards (sometimes called business or corporate cards) are credit or charge cards which are issued to companies for use by chosen members of staff with business expenses to eliminate the need for large amounts of petty cash. These cards are accepted everywhere that the underlying standard branded credit cards are accepted e.g. Visa. As well as individual statements being sent to cardholders, a statement is sent to the company detailing all transactions made. Company cards offer the facility to control and analyse business expenditure. The term 'commercial cards' is sometimes used as a catch all describe company cards, business cards and purchasing cards.

9.4.4 Cheque Guarantee Cards

Cheque guarantee cards guarantee a cheque up to the amount printed on the card, which is usually £50, £100 or £250. The retailer checks the signature on the card against the signature on the cheque and writes the card number on the back of the cheque. Cheque guarantee cards are often combined with debit and cash withdrawal functions.

9.4.5 Purchasing Cards

Purchasing cards are issued to companies to enable them to pay for company goods, such as stationery and office supplies up to an agreed buying limit. These cards enable them to save on costs created by raising invoices and cheques. Last year a consortium of Visa bank issuers started providing purchasing cards to British government departments.

9.4.6 Store Cards

Store cards are issued by retailers and are accepted only by the individual company, such as a department store, retail chain or petrol station which issues them. All transactions are between the issuer and cardholder only. There are three types of store cards: budget cards, charge cards and standard credit cards. You can use store cards to make payments and to obtain credit, but not to obtain cash.

10 Appendix 3 – Chip and PIN

10.1 Background

Card fraud losses are growing at around 30 per cent per year and stood at £411 million in 2001. To combat this growth two things are required to be established at the time of the transaction – that the card is genuine and that the person using it is the true owner. Chip and PIN is a major development in combating crime and is expected to more than halve predicted fraud losses.

The chip cards now being introduced by the UK banks, already more than 37 million (August 2002 figures) meet the first objective by ensuring the card is not counterfeit.

To meet the second objective, by 2005 most credit and debit card transactions, where a cardholder has been issued with a Chip and PIN card and is present during the transaction, will be authorised by the holder entering a Personal Identification Number (PIN) rather than signing a paper receipt.

If this system was not put in place, forecasts predict that UK losses would be in the region of £800 million by 2005 and if this were to happen it would put the card payments system in serious jeopardy, which would impact heavily on the retail sector whose need for cash would become unsupportable eventually leading to national economic problems.

10.2 How Chip and PIN works

Chip and PIN simply means entering a PIN into a hand-sized keypad when using a card for face-to-face transactions (e.g. in shops, restaurants, supermarkets, petrol stations, etc.).

The sequence is:  Card is inserted into a card reader or PIN pad  After checking the amount the cardholder will enter their PIN number  The machine will then check the PIN number entered against the PIN number stored on the chip contained on the card  A receipt will then be issued

PIN pads come in many different shapes and sizes and may have different instructions on the screen display.

In some stores, the cardholder will be able to insert their card into the PIN pad, giving the holder more control, as the card will not need to leave their sight.

The chip on the new cards will contain the same personal information as the magnetic strip holds at present; this will enable the cards to be used in those shops without PIN pads. Here cardholders will carry on signing a receipt as you before.

Chip and Pin brings additional benefits to all who are involved in the payment cycle, for Issuers these include:

 The opportunity to target previously unattainable groups due to poor risk controls  Provides a Platform for new products  Reductions in Fraud  Basic reductions in bad debt –both write-offs and provisioning  Reduced Chargeback processing costs  Reduced operational costs  Reduced processing costs  Total control of card usage  Enhanced Risk Management  Reduced card issuing and product modification/ production costs  Reductions in Counterfeit fraud  Reductions in Lost and Stolen Fraud  Reduced On-line transactions  Reduced infrastructure contingency costs  Cards can support Multiple Business Applications  Acceptance via multi-channel  Reduced Risk when entering new markets  Greater Management Information  Knowledge that all transactions are secure  Immediate realization of many benefits  Single solution for global conditions  Fully interoperability with third party solutions

While there are benefits for the acquiring banks they are not as great as those of the card issuing banks, they include:

 Reduced operational costs  Reductions in chargeback volumes  Reduced losses due to chargebacks  Reduced real-time network transactions  Greater infrastructure capacity  Greater Merchant satisfaction  Reductions in contingency provisioning  Reduced requests for supporting information  Opportunity to reduce Merchant fees  Greater ability to meet Service Level Agreements (SLA)  Reduced processing cost

For the Merchant there are similar benefits which include:

 Reduced chargeback processing costs  Reduced chargeback volumes  Reduced Write-offs due to Chargebacks  Reduced operational costs – Storage and Retrieval

For Local Authorities, where the concerns are for the protection and usage of the Citizen, Chip and Pin brings:

 Reduction in the number of Cards held  Knowledge all transactions are secure  Knowledge that the card cannot be compromised  Greater opportunity for personalisation

11 Appendix 4 – The Economics of Credit and Debit Card Service Operation

11.1 Introduction

In this appendix, we consider the economics of operating credit and debit card businesses. These are included as they will likely form the basis for identifying any commercial drivers that may exist to induce these organisations to work with Local Authorities. At the end of this appendix, we have also identified several constraints which tend to inhibit participation in credit and debit card businesses and which Local Authorities must be aware of.

11.2 Fees and Service Charges

11.2.1 Interchange fees

Interchange fees are set to compensate for the risk and operating expenses involved in processing a transaction. The interchange fee a business pays on a transaction is partly determined by the nature of the transaction. For example, mail order or telephone order sales (known as “cardholder not present” because there is no opportunity to verify the cardholder’s signature) are inherently riskier than in-person (cardholder present) sales and therefore carry a higher interchange fee.

The interchange fee is also partly determined by the business operating procedures. For example Smart card (chip) transactions are considered more secure than magnetic strip therefore they have a lower interchange fee.

There are two types of interchange fee:

4. The multilateral interchange fee – this is a fee paid by merchant acquirers to card issuers when a card is used to purchase goods and services. 5. The multilateral service fee – this is the fee paid by the card issuers to acquiring banks when a customer uses a card either at an ATM or over the counter to obtain a cash advance.

Interchange fees are applied to every transaction, with a particular Scheme’s rules and regulation setting these fees according to the transaction type.

It is important to note that although these fees are fixed by scheme rules they are also subject to market forces and there are discounts for volume offered. In this way a major retailer such as Tesco pays considerably less per transaction than a small corner shop.

11.2.2 Terminal acceptance options e.g. rental, costs

To accept card-present e-payments a payment terminal device is required. These devices are normally provided by the acquiring bank, on a lease or rental basis or can they can be purchased by the retail business directly. Alternatively the e-payment functionality is built into the point of sale system and owned and operated by the retailer. Rental charges vary considerably and typically there is a link to the volume of transactions and the total annual value of expenditure made through the terminal in any given period. Once again the greater value and/or volume the lower the rent because the merchant acquirer can off set terminal cost against increased transaction fees paid by the retailer.

11.2.3 Chargebacks

The cycle of a chargeback is instigated by the cardholder, who after receiving his monthly card statement fails to recognise a transaction which is listed. In the normal course of events the cardholder will contact their card issuer to dispute the transaction.

A request from the issuer is routed through the payment scheme to the acquiring bank to request the transaction details from the merchant. The merchant is then required, normally within 14 days, to locate and forward, either the original or a copy of the sales voucher to the acquirer, who then routes this information, through the payment scheme back to the issuing bank in order to try and defend the transaction. The whole cycle should be completed within 45 days as specified by the rules operated by the payments schemes.

If the sale is identified as fraudulent and it is considered that the merchant did not take the required precautions in conducting the transaction as define by the scheme rules and regulations, the issuing bank will reclaim the value of the transaction from the acquirer who in turn will reclaim the value from the merchant this is known as a ‘chargeback’.

There is a considerable cost to this exercise (the chargeback department of the UK’s largest acquirer currently costs £18 million per year to run) and this cost will be reflected in the terminal rental and interchange fees that are levied by the merchant acquirer to the merchant. These fees reflect both the risk associated with the merchants business and whether they are likely to have a large percentage of disputed transactions.

Presently 90% of all internet based disputed transactions, which are classed as Cardholder Not Present (CNP) result in a chargeback.

Chargebacks are not a revenue stream rather they are a cost factor that influences the pricing of the service provided.

11.3 Liabilities

A considerable part of the business economics of a card payment operation is the cost of fraudulent transactions and bad debt.

At the moment most of the counterfeit card losses are born by the Card Issuers but from January 2005, liability for fraudulent card transactions and lost and stolen card fraud will pass to the party that is not Chip and PIN compliant. The Chip & PIN programme is aimed at those transactions where the cardholder and card are present at the time of the transaction.

Within the UK losses due to card fraud in 2003 were equal to £424.6 million and the current projected figures for the end of this decade are £1 billion.

Card Not Present transactions are outside the scope of the Chip and PIN programme.

11.4 Capital and Operational Cost

One of the most significant areas of cost for any player in the card payments market is the cost of capital equipment including information technology, communications and card acceptance hardware and software. They also carry significant operational costs especially manpower related costs associated with the operation of systems and support for customers.

11.5 Economic Constraints

For issuer and acquiring organisations the primary driving challenge is to sustain a low cost for processing each transaction.

There are a number of areas where costs are potentially incurred, these include:

 Hardware and Software (EPOS devices), options include lease and purchase  Product related transaction fees  Interchange fees  Acquiring transaction and commission fees  Operational costs especially marketing and branding  Merchant support and training  Maintenance  Minimum monthly fees  In some cases ATM fees

There are ways to reduce some of these costs. For example, the per transaction fee, is the fee charged by the Merchant Acquirer to process each transaction. Low discount rates are often coupled with high transaction fees, and vice versa. Where high-cost products are sold, it would be best to look for relatively low discount rates. Where the transaction values will be relatively low, it would be more appropriate to opt for a low transaction fee tariff.

Should a discount structure be part of any transactional agreement, it is most likely that a monthly minimum fee will be charged if the amount paid in discount rate fees does not meet a monthly minimum set by the Merchant Acquirer. A certain number of transactions of an agreed value will need to be processed in order to avoid paying these fees.

For the banking community any new relationship which they embark upon must at some stage provide a revenue stream. This is not only important to the banks current and future profitability but also to assist in recouping the costs associated with providing a transactional infrastructure.

It should be noted that acquirers make little or no profit; they are supported by the card issuing arm of the bank, which typically make their profit from credit related products. Consideration should be given this statement as it will help to understand the commercial terms surrounding the use of the acquiring banks infrastructure.

12 Appendix 5 – National Smart Card Project Glossary

This Glossary is intended to help readers to understand terms used in the National Smart Card Project publications. The primarily purpose is to be useful in this context rather than a precise set of definitions. Numeric 3G - Third generation mobile telecommunications technology A ActiveX - A loosely defined set of object-oriented programming technologies and tools developed by Microsoft. The main technology is the Component Object Model (COM). ActiveX is Microsoft's answer to the Java technology from Sun Microsystems. Algorithm - A sequence of steps used to perform a mathematical operation ANSI - American National Standards Institute: Standardisation coordination body for the USA API - Application Programming Interface: A set of routines, protocols (q.v.), and tools for building software applications (q.v.) Applet - A program designed to be executed from within another application (q.v.). Unlike an application, applets cannot be executed directly from the operating system. On the Web, an applet is a small program that can be sent along with a Web page to a user. Java applets can perform simple tasks without having to send a user request back to the server. Application - A piece of software that performs business functions. It can reside on a smart card (q.v.) Archiving - Copying data onto a backup storage device ASN.1 - Abstract Syntax Notation One: A language that defines the way data is sent across dissimilar communication systems Asymmetric Cryptography - Cryptography (q.v.) using a Public Key/Private Key (q.v.) combination Authentication - A security process that verifies that a person seeking to use an application (q.v.) on a smart card (q.v.) is the person who is entitled to use it for the purpose intended B Biometrics - Biological authentication mechanism such as a fingerprint, iris, voice, facial dimensions BIOS - Basic Input Output System: Built-in software that determines what a computer can do without accessing programmes from a disk bit - Binary digit: The smallest unit of information on a machine. A single bit can hold only one of two values: 0 or 1. The term was first used in 1949 Block - Action taken by an issuer to prevent the use of a card, or a particular application on a chip card Bluetooth - A short-range radio technology aimed at simplifying communications among Internet (q.v.) devices and between devices and the Internet BSI - British Standards Institute: National Standards body for the UK responsible for facilitating, drafting, publishing and marketing British Standards C C++ - One of the most popular high-level programming language for graphical applications CA - Certificate Authority q.v. Card-to-card - Transaction to transfer something (usually money) from one card to another CAT - Cardholder Activated Terminal: A terminal that dispenses a product or service

CCID - Chip Card Interface Device: USB (q.v.) devices that interface with or act as interfaces with chip cards and smart cards CDMA - Code Division Multiple Access: A generic term that describes the technology on which a wireless air interface is based CD-ROM - Compact Disc - Read Only Memory: A type of optical disk capable of storing large amounts of data. Once stamped by the vendor, they cannot be erased and filled with new data CEN - Comité Européen de Normalisation (European Committee for Standardisation): The only recognised European organisation for the planning, drafting and adoption of European Standards, except for electrotechnology (see CENELEC q.v.) and telecommunications (see ETSI q.v.) CEN/ISSS - Information Society Standardisation System: Provides market players with a comprehensive and integrated range of standardisation services and products, in order to contribute to the success of the Information Society in Europe CENELEC - The European organisation for the planning, drafting and adoption of European Standards for electrotechnology CEPS - Common Electronic Purse Specifications: Define requirements for all components needed by an organisation to implement a globally interoperable electronic purse programme, while maintaining full accountability and auditability Certificate Authority A certificate authority (CA) is an authority in a network that issues and manages security credentials and public keys for message encryption. As part of a public key infrastructure (PKI), a CA checks with a registration authority (RA) to verify information provided

by the requestor of a digital certificate. If the RA verifies the requestor's information, the CA can then issue a certificate CESG - Communications-Electronics Security Group: The Information Assurance arm of the UK’s Government Communications Headquarters (GCHQ) Cipher Text - Text that has been encrypted (q.v. encryption) CIPS - Chartered Institute of Purchasing and Supply: Private international education and qualification body representing purchasing and supply chain professionals CMS - Card Management System Contact interface - A means for allowing the exchange of data between a smart card and a reader that requires the card to be in physical contact with the reader Contactless interface - A means for allowing the exchange of data between a smart card and a reader without any physical contact between the card and the reader CRM - Customer Relationship Management Cryptogram - Enables chip data exchange in a secure manner Cryptographic Key - Used to encrypt or decrypt a message Cryptography - The relationship between plain text and cipher text (q.v.) that prevents anyone other than the intended recipient from reading the information CVM - Cardholder Verification Method: The means to verify the authenticity of a cardholder CWA CEN Workshop Agreement: Published European consensus arising from CEN/ISSS workshops Cyberspace - Networked computers/the Internet (q.v.) D Decryption - The procedure used in cryptography (q.v.) for converting cipher text (q.v.) to plain text DES - Data Encryption Standard: A popular encryption (q.v.) method developed in 1975 and standardized by ANSI (q.v.) in 1981 DfES - (Government) Department for Education and Science (UK) Digital Certificate - An electronic "credit card" that establishes your credentials when doing business or other transactions on the Internet (q.v.). It is issued by a Certificate Authority (q.v.) Digital ID - Another name for a Digital Certificate (q.v.) Digital Key - Strings of unique bits (q.v.) that allow messages to be scrambled and unscrambled Digital Signature - A digital code that can be attached to an electronically transmitted message that uniquely identifies the sender DPA - Data Protection Act 1998 (UK) Dual interface card - A smart card (q.v.) having both a contact (q.v.) and a contactless (q.v.) interface; see distinction with Hybrid card (q.v.) E e-cash - Electronic cash: Cash stored electronically and readily exchanged into monetary value ECML - Electronic Commerce Modelling Language: A universal format for online commerce Web sites that contains customer information that is used for purchases made online, formatted through the use of XML (q.v.) tags (q.v.) e-Commerce - Electronic commerce: Transactions that are conducted over an electronic network, where the purchaser and merchant are not at the same physical location eESC - The eEurope Smart Card initiative: Launched by the European Commission in 1999 to accelerate and harmonise the development of smart cards across Europe EFTPOS - Electronic Fund Transfer at Point Of Sale: Usually a terminal Electronic Wallet - Software that stores information about a cardholders cards. Usually supplied by the issuers and appended to the cardholders web browser e-mail - Electronic mail Emboss - Print raised data on a card EMV - Europay, MasterCard and Visa: A collaboration between these three organisations EMVCo - An industry association of the collaborators in EMV (q.v.) for the banking and finance industry Encryption - The procedure used in cryptography (q.v.) for converting plain text to cipher text (q.v.) e-purse - Electronic purse: A function on a chip card that allows e-cash (q.v.) value to be stored e-tailing - Electronic retail ETSI - European Telecommunications Standardisation Institute: Not for profit organisation whose mission is to produce the telecommunications standards for Europe (see also CEN q.v.)

eURI - Extended User-Related Information: Defined in CWA (q.v.) 13987 for Interoperable (q.v.) Citizen Services using Smart Card (q.v.)Systems F FINREAD - European specifications for an applet-based (q.v.) secure interoperable (q.v.) smart card (q.v.) reader for online transactions implying sensitive data transfers FIPS - Federal Information Processing Standards: Standards and guidelines issued by NIST (q.v.)

G Gateway - A node or switch that permits communications between two dissimilar networks GPRS - General Packet Radio Service: A standard for wireless communications which runs at speeds up to 115 kilobits per second, compared with current GSM (q.v.) GSC-IS - Government Smart Card-Interoperability Specification: Interoperability (q.v.) specification for smart cards (q.v.) in the USA developed by NIST (q.v.) GSM - Global Systems for Mobile Communications: One of the leading digital cellular systems H Hash - Message digest. A number generated from a string of text http - Hyper Text Transfer Protocol: The underlying protocol used by the World Wide Web (q.v.) Hybrid card - A smart card (q.v.) that contains two separate and unconnected chips, one with a contact interface (q.v.) and the other with a contactless interface (q.v.) I ICAO - International Civil Aviation Authority: A specialized agency of the United Nations, ICAO is the permanent body charged with the administration of the principles laid out in the Convention on International Civil Aviation, Chicago, 7/12/1944 ICC - Integrated Circuit Card, or smart card (q.v.) ICT - Information & Communications Technology IDeA - Improvement and Development Agency (UK): Established by and for local government in April 1999 to support self-sustaining improvement from within local government IEC - International Electrotechnical Commission: Global standards organisation for all electrical, electronic and related technologies

IFM - Integrated Formal Methods: The rigorous engineering methodology for system development; a conceptual parallel to the industrial standard UML (q.v.) IIN - Issuer Identification Number: The numbering system that uniquely identifies a card issuing institution in an international interchange environment, specified in ISO/IEC 7812 IKE - Internet Key Exchange Integrity - Information that is free from error, corruption or alteration Internet - A global collection of interconnected networks, used for the purpose of electronic communication Interoperability - The ability for different systems to work together

Information Law Terms See WP8-04 Appendix 1 for definitions of the following terms in context: Data Data Controller DPA Data Processor Data Subject

DCA E-Envoy Identity Guidelines FOIA HRA LCD Mandatory/Mandatory Smart Card Scheme Personal Data Processing Public Authority Sensitive Personal Data Intranet - A private network IOPTA - "InterOperable PT Applications" for smart cards: A revision of CEN (q.v.) standard ENV1545 that defines the codification of data elements used for public transport IP - Internet (q.v.) protocol: Specifies the format of packets, also called datagrams, and the addressing scheme IR - Inland Revenue (UK) ISO - International Standardisation Organisation: Body responsible for development of international standards covering a huge range of issues Issuer - A financial institution that establishes an account for a cardholder and issues a payment card IT - Information Technology ITSO - Formerly "Integrated Transport Smartcard Organisation": Public sector membership organisation founded in 1998 to build and maintain specifications for secure end-to-end interoperable ticketing operations in the UK J Java - A high-level object-oriented programming language developed by Sun Microsystems Java Card - An ISO 7816-4 Compliant application (q.v.) environment focused on smart cards (q.v.)

K Key Escrow - Storage of a private key (q.v.) by a neutral third party Key Management - The process by which cryptographic keys (q.v.) and messages are managed and protected

L LA - Local Authority LASSeO - Local Authority Smartcard Standards e-Service Organisation: Created by local government organisations in the UK to define at the working level the necessary standards, rules and policies needed to provide public services to citizens using smart cards LDAP - Lightweight Directory Access Protocol: A set of protocols (q.v.) for accessing information directories. Because LDAP is an open protocol, applications (q.v.) need not worry about the type of server hosting the directory LGOL - Local Government Online (UK): Internet (q.v.) portal to local government Linux - A freely-distributable open source operating system that runs on a number of hardware platforms LLPG - Local Land and Property Gazeteer (UK): A definitive, local address list that provides unique identification of properties, conforms to a British Standard, BS 7666 and feeds the National Land and Property Gazetteer M Magnetic Stripe Card - A card with a magnetic strip of recording material on which data can be stored MIFARE - A proprietary standard for contactless (q.v.) and dual interface (q.v.) smart cards (q.v.) produced by Philips Semiconductors and extensively deployed worldwide

MIME - Multipurpose Internet Multimedia Extension: An Internet (q.v.) protocol (q.v.) for sending e-mail (q.v.) and attachments

Mondex - An e-cash application for Smart Cards that stores value as electronic information on a microchip, rather than as physical notes and coins enabling cardholders to carry, store and spend cash Multos - A smart card (q.v.) operating system for multi application cards MUSCLE - Movement for the Use of Smart Cards in a Linux Environment: (q.v. Linux) N NBS - A global leader in card personalisation, payment solutions, and secure processing for financial institutions, healthcare, governments, entertainment and retail customers NIC - National Insurance Contributions NIST - National Institute of Standards and Technology (USA): Designs standards and guidelines for Federal computer systems

Not-on-us - Transactions that are carried out in a smart card scheme where one of the parties to the transaction is not a member of the scheme O OCF - Open Card Framework: A Java (q.v.) API (q.v.) for smart card (q.v.) access ODPM - Office of the Deputy Prime Minister (UK) OeE - Office of the e-Envoy (UK): Part of the Delivery and Reform team based in the Cabinet Office whose purpose is to improve the delivery of public services and achieve long-term cost savings OEM - Original Equipment Manufacturers: Misleading term for a company that has a special relationship with computer producers. OEMs buy computers in bulk and customize them for a particular application OID - Operator Identity: An ITSO (q.v.) term for entities performing specified ITSO roles Online - Jargon for the process of obtaining information through access via a computer or terminal to the source Open systems - Systems whose architecture specifications are public. This includes officially approved standards as well as privately designed architectures whose specifications are made public by the designers OS X - Computer operating system developed by Apple Computers P PC/SC - Personal Computer/Smart Card: A standard framework for smart card (q.v.) access on Windows Platforms PCMCIA - Personal Computer Memory Card International Association: An organisation consisting of some 500 companies that has developed a standard for smart cards (q.v.). Originally designed for adding memory to portable computers

PDA - Person Digital Assistant: A handheld device that combines computing, telephone/fax, Internet (q.v.) and networking features

PIN - Personal Identification Number PIN Pad - A small keypad on which a cardholder keys in his/her PIN (q.v.) PIN Verification - The security process that confirms the cardholder's PIN (q.v.) PKCS - Public Key Cryptography Standard: (q.v. "Public Key", "cryptography") PKI - Public Key Infrastructure: A certificate system for obtaining an entity's Public Key. (q.v. "Private Key/Public Key"); a networked system that enables organisations and users to exchange information and money safely and securely PLCC - Plastic Leaded Chip Carrier: Method of packaging computer chips together Protocol - An agreed-upon format for transmitting data between two devices Public Key/Private Key - Cryptographic keys (q.v.) used together. Private Keys are used to encrypt/decrypt messages or files that have been encrypted using a Public Key. The Private Key is only known to the rightful owner. Public Keys are only used in conjunction with the Private Key and are freely available to defined users.

Public Procurement See wp8-05 Appendix 1 for definitions of the following terms in context: Terms BAFO CCTA Consolidated Directive Contract Notice Contracting Authority ECJ G-Cat ITN ITT OGC OJ PFI PIN [Note: In the procurement context this has a different meaning from that which applies in the technical context] PPP Public Procurement Directives Public Services Directive Public Supplies Directive Public Works Directive S-Cat SPV R RA - Registration Authority: q.v. RAM - Random Access Memory: A type of computer memory that can be accessed randomly Registration Authority A registration authority (RA) is an authority in a network that verifies user requests for a digital certificate and tells the certificate authority (CA, q.v.) to issue it. RAs are part of a public key infrastructure (PKI, q.v.) RF - Radio Frequency: Any frequency within the electromagnetic spectrum associated with radio wave propagation

RNG - Random Number Generator ROM - Read Only Memory: Computer memory on which data has been pre-recorded. Once data has been written onto a ROM chip, it cannot be removed and can only be read

S S/MIME - Secure/ Multipurpose Internet Mail Extensions: A new version of MIME (q.v.) that supports encrypted (q.v.) messages

SCNF- Smart Card Networking Forum: Not-for-profit organisation consisting of public sector representatives with an interest in the use of smart cards to provide improved services to their customers SDK - Software Development Kit: A programming package that enables a programmer to develop applications for a specific platform

SET - Secure Electronic Transaction: A security standard that defines how to encrypt (q.v. "encryption") transmissions over public networks SIM - Subscriber Identification Module: A card-based chip that personalises a mobile phone Smart card - A portable programmable device conforming to ISO 7816 dimensions and containing an integrated circuit that stores and processes information SMS - Short Message Service: A service for sending short text messages to mobile phones SSL - Secure Sockets Layer: A protocol (q.v.) developed by Netscape for transmitting private documents via the Internet (q.v.). SSL works by using a private key (q.v.) to encrypt (q.v.) data that is transferred over the SSL connection STIP - Small Terminal Interoperability Platform: The STIP Consortium was founded to develop an interoperable (q.v.) platform specification for secure transaction devices, including, but not limited to, card accepting devices T T=CL - Specification of a contactless interface (q.v.) for a smart card (q.v.) Tag - A command inserted in a document that specifies how the document, or a portion of the document, should be formatted Track - A defined part of a magnetic stripe where data can be written TTP - Trusted Third Party U UML - Unified Modelling Language: A general-purpose notational language for specifying and visualizing complex software, especially large projects UMTS - Universal Mobile Telecommunication System: A 3G (q.v.) mobile technology that will deliver broadband information at speeds up to 2Mbits/sec UNICODE - A standard for representing characters as integers. Unlike ASCII, which uses 7 bits for each character, Unicode uses 16 bits, which means that it can represent more than 65,000 unique characters UNIX - Open source computer operating system, popular for workstations URL - Uniform Resource Locator: Website address USB - Universal Serial Bus: An external bus standard that supports data transfer rates of 12 Mbps. A single USB port can be used to connect up to 127 peripheral devices. USB also supports Plug-and-Play installation USIM - Universal Subscriber Identity Module: (q.v. SIM)

V Visual Basic - A popular programming language; sometimes called an event-driven language because each object can react to different events such as a mouse click VPN - Virtual Private Network: A network that is constructed by using public wires to connect nodes; uses encryption (q.v.) and other security mechanisms to ensure that only authorized users can access the network and the data it carries

WAP - Wireless Application Protocol: A secure specification that allows users to access information instantly via handheld wireless devices such as mobile phones WIM - Wireless Identity Module Windows - A computer operating system developed by Microsoft WPKI - Wireless Public Key Infrastructure: (q.v. PKI) WWW - World Wide Web: Part of the Internet (q.v.)

XML - Extensible Markup Language: Designed especially for Web documents, it allows designers to create their own customized tags (q.v.), enabling the definition, transmission, validation, and interpretation of data between applications (q.v.) and between organizations