EXECUTIVE INFORMATIONAL OVERVIEW ƒ the U.S

Innovative Card Technologies, Inc. 10880 Wilshire Blvd. Suite 950 Los Angeles, CA 90024 Phone: (310) 312-0700 www.incardtech.com

Powered Cards with Displays for One-Time Passcode (OTP) Authentication in Enterprise, Online Account Management, and Payment Applications

Snapshot June 7, 2007

Innovative Card Technologies, Inc. (“InCard” or “the Company”) researches, develops, and markets powered cards with one-time passcode (OTP) authentication capabilities for payment, identification, and physical and logical access applications. The Company targets identification and access control in an enterprise environment. InCard has combined Radio Frequency Identification (RFID)† access and token technology into a convenient payment card form factor. Besides the enterprise market, InCard also aims to secure “card not present” transactions at financial institutions. InCard intends to enter the enterprise market with its token- replacement card; however, in the future InCard expects to supply payment cards to financial institutions with OTP technology embedded in the card, providing another layer of protection against credit card fraud. Through its proprietary Power Inlay Technology, InCard brings power-based applications into the card. Its principal product, the ICT DisplayCard, looks like a conventional transaction card and fits into a wallet. It contains an embedded chip that employs an algorithm to produce an OTP on a display screen on the front of the card by pressing a button on the card. A user enters the OTP into a keypad or computer, which sends the passcode to a remote processing center for authentication via a secure server. This technology is intended to increase security and decrease or potentially prevent “card not present” credit card fraud, which is rampant in internet and telephone purchases. The technology could also be effective in combating spyware and phishing schemes, since the OTP is only good for a single use. In an enterprise environment, the card’s RFID/magstripe physical access capability provides an employee access to their building and the OTP validates their login—all in one thin card. In March 2007, InCard began trading on the NASDAQ market under the symbol “INVC.” The Company is headquartered in Los Angeles, California.

Recent Financial Data

Ticker (Exchange) INVC (NASDAQ)

Recent Price (06/06/07) $4.40 52-week Range $3.85 - $6.25

Shares Outstanding* 28.4 million

Market Capitalization $125 million

Avg. 50-day Volume 71,800

Insider Owners +5% 37.40%

Institutional Owners 8.31%

EPS (Qtr. ended 03/31/07) ($0.08)

Employees 12 full-time *As of May 8, 2007

Key Points

The Federal Financial Institutions Examination Council (FFIEC) issued guidance requiring banks to incorporate stronger security methods. Techniques such as dual-factor authentication are recommended for institutions offering internet-based financial services. As of January 1, 2007, financial institutions and third-party service providers that do not comply with these standards could be fined or lose their memberships. To InCard’s knowledge, aside from its Power Inlay Technology, there are no other available methods to place power into an International Organization for Standardization (ISO)-certified payment card. There were approximately 2.46 billion credit and debit cards in circulation in 2005, and 45 million tokens issued by enterprise organizations and financial institutions. These tokens provide added security for database and account logins as well as “card not present” transactions. The worldwide hardware authentication token market is forecast to grow to $764 million by 2009 from $493 million in 2004. EXECUTIVE INFORMATIONAL OVERVIEW The U.S. Federal Trade Commission’s (FTC) most recent identity theft survey (released in September 2003), confirmed that over 27.3 million people became victims of identity theft from 1998 to 2003 in the U.S. and, in 2004 approximately 42% of identity theft cases involved credit card fraud.

As of May 9, 2007, InCard had approximately $5.4 million in cash and cash equivalents.

†BOLD WORDS ARE REFERENCED IN THE GLOSSARY ON PAGES 42-43.

Table of Contents

Snapshot ...... 1

Recent Financial Data...... 1

Key Points ...... 1

Executive Overview...... 3

Growth Strategy and Strategic Partnerships...... 6

Company Leadership...... 9

Core Story ...... 12

Enterprise Security...... 12

Transaction Card Fraud ...... 12

Legislative and Regulatory Responses To Credit Card Fraud ...... 19

InCard’s Technology ...... 20

Industry Affiliations ...... 23

Competition ...... 26

Key Points to Consider...... 28

Historical Financial Results...... 29

Risks...... 32

Recent Events...... 40

Glossary ...... 42

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 2

Executive Overview

The ICT DisplayCard

The Company’s principal product, the ICT DisplayCard, has an embedded chip that generates a four-, six-, or eight-digit OTP using a stored algorithm. The chip produces an OTP on the front of the card when a small button on the card is pressed. Once the OTP is generated, a user enters this OTP into a keypad or computer, which sends it to a processing center for authentication. As the technology is built into the card itself, users may carry the card in a wallet or pocket, as they would any credit card. In addition to OTP generation, the card may be configured with payment and/or RFID physical access capabilities.

InCard uses its proprietary Power Inlay Technology (consisting of a battery, circuit, and switch that can drive applications on token-replacement cards, financial transaction cards, and other information-bearing plastic cards) to power an embedded chip to produce an OTP. The OTP is authenticated remotely by a secure server to confirm that the true cardholder is actually the person making the transaction. This is intended to provide a mode of authentication that could be used to increase security and help prevent fraudulent activity on credit cards—specifically “card not present” fraud, where the physical card is not in the actual cardholder’s presence.

InCard’s technology is unique from other currently employed authentication technologies, such as biometrics or smart cards, as the Company’s technology does not require a separate authentication device. Its technology works most like an OTP token, but is built directly into the card and is more portable. Smart cards are credit cards with a built-in microprocessor and memory used for identification or financial transactions that must be inserted into a “smart card reader,” a device that transfers data from the smart card to and from a central computer. Other current technologies employ a separate authentication device that a user must carry concurrently with the transaction card.

Multiple Uses of ICT DisplayCard

While InCard’s ICT DisplayCard technology has multiple potential uses, the principle product in development at this time using this technology is a token-replacement card. The Company’s token- replacement card is in mass production and available for sale.

The Company targets its token-replacement cards to financial institutions and enterprises. In enterprise applications, this technology provides an additional layer of protection to secure physical, as well as logical, access points to valuable corporate data networks. For example, an enterprise may use the card to ensure that only select employees may access highly sensitive information. Employees swipe or wave their card over a reader to get into a secure building, then login to their computers or networks with their static passcodes. An OTP is generated on the ICT DisplayCard, which displays the second passcode needed to access the information. The employee enters the OTP as prompted, and upon verification, access is granted.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 3

In a financial application, the card is used to generate an OTP during an online banking login. The user types the passcode into the interface and it is validated by a remote authentication server. This verification process is targeted at eliminating fraudulent transactions online and over the phone. InCard’s token-replacement cards could provide an effective solution to mitigate damage from spyware and phishing schemes since the OTP is only good for a single use. It is possible that spyware (a computer program that is unknowingly downloaded onto a user’s computer and has the ability to capture keystrokes, passcodes, and account information) could capture a single OTP typed into a computer by that user. Likewise, phishing schemes could convince unwitting users to enter personal information, such as a credit card number or OTP. However, the OTP is valid only once. Therefore, even if thieves acquired a credit card number and OTP using spyware, they would most likely not be able to use either, as they would not have the time or concurrent OTPs to continue to make transactions.

Other InCard Products

In addition to the ICT DisplayCard, which is the Company’s principal product in development, InCard has developed products to enhance the card-user’s experience, improve customer retention rates, and differentiate an issuer’s product. These products include LensCard, which has a magnifying lens embedded within the card to enlarge print to three times the normal size; LightCard, which includes an embedded Light Emitting Diode (LED) to create a mini-flashlight using Power Inlay Technology; LightCard with Lens, which combines the features of the LightCard with the magnifying lens that is used in the LensCard; and SoundCard, which uses the Power Inlay Technology to play music or a message at the press of a button. While each of these products is a part of the Company’s portfolio, InCard is primarily focused on bringing the ICT DisplayCard authentication technology to market.

InCard is also currently developing a method to print directly upon a card onsite at the end-user’s location. This could enable the Company to supply corporate identification cards with employee photos.

Enterprise Security (Network Security)

Large enterprises are becoming increasingly concerned with network security. Although many companies require authentication of users to access their networks, malevolent individuals could steal or hack passcodes and break into less secure networks. In order to protect against these kinds of breaches, companies are looking to different methods to increase their network security, such as dual-factor authentication to access secure points within company networks.

Currently, the enterprise security market is served largely by identification badges with RFID physical access capabilities in addition to key fob-style tokens. The RFID provides physical access, while the key fob token provides the OTP for logon authentication. InCard’s token-replacement card provides both capabilities in one product for a comparable price.

Credit Card Breaches (Fraud/Theft)

Tens of millions of personal records stored electronically have been stolen from banks, employers, and credit card companies. Some of these security breaches have been well-publicized in the news, though many have not been so well exposed. One of the more well-known security breaches occurred in 2005 with CardSystems Solutions, Inc. (a third-party processor of payment card data), when the company’s system was violated and approximately 40 million credit card numbers were compromised. Another well- publicized security breach occurred when a computer hacker stole database information on 1.4 million credit and debit cards and 96,000 checking accounts from shoe-retailer DSW Inc. ([DSW-NYSE] a subsidiary of Retail Ventures, Inc. [RVI-NYSE]) in early 2005. More recently, in January 2007, retailer T.J. Maxx (the TJX Companies, Inc. [TJX-NYSE]) disclosed a security breach that exposed approximately 45.7 million customer credit and debit card numbers.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 4

Dual-Factor Authentication Methods

Due to rampant and extensive security breaches, the Federal Financial Institutions Examination Council (FFIEC) issued guidance stating that as of January 1, 2007, banks are required to incorporate stronger security methods. The FFIEC is the umbrella agency for the following federal banking agencies: the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Office of Thrift Supervision (OTS). Financial institutions and third-party service providers that do not comply with the appropriate bylaws and agreements of bank card associations and clearinghouses can be fined or lose their memberships (Source: www.ffiec.gov/PDF/pr080801.pdf).

Methods such as dual-factor authentication are highly recommended for institutions offering internet- based financial services. Although the FFIEC does not endorse any particular form of authentication, the agency offers four possible methods as a second form of authentication. These methods include biometric authentication, software authentication programs, smart cards/smart card readers, and OTP tokens. Each of these technologies is described in greater detail within the Core Story section (pages 12- 25) of this Executive Informational Overview® (EIO®). InCard’s technology not only abides by the FFIEC recommendations, but also is unique in that it incorporates an OTP generator directly into the card rather than as a standalone device.

Headquarters and Employees

InCard is headquartered in Los Angeles, California, and retains 12 full-time employees.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 5

Growth Strategy and Strategic Partnerships

InCard is focused on leveraging its Power Inlay Technology to gain an advantage in enterprise and financial transaction card security. The Company anticipates deploying and selling ICT DisplayCards through channel partners or partners who already provide security technology to banks, specifically through the use of a token. To disseminate its technology, InCard has partnerships with resellers such as Gemalto, one of the larger participants within the payment card digital security arena (www.gemalto.com), and nCryptone, an e-security and backend solution company based in France (www.audiosmartcard.com). Each of these relationships, along with other partnerships (where information has been made publicly available), is described below and highlighted in Figure 1.

Solution and Channel Partners

Figure 1 Innovative Card Technologies, Inc. STRATEGIC PARTNERS Solution and Channel Partners

Source: Innovative Card Technologies, Inc.

ActivIdentity Corp.

ActivIdentity Corp. (ACTI-NASDAQ) has a reseller agreement with InCard. The company provides a fully- integrated platform that enables organizations to issue, manage, and use identity devices and credentials for secure access, secure communications, legally binding digital transactions, as well as smart citizen services. ActivIdentity’s authentication server, 4Tress™, functions on the Initiative for Open AuTHentication ([OATH] addressed on page 24) verification scheme and works with InCard’s ICT DisplayCard technology. ActivIdentity has a large network of direct sales, partners, and distributors selling its technology in most major markets. This sales effort targets financial, government, healthcare, and enterprise organizations. ActivIdentity is promoting a combination of its core technology with the ICT DisplayCard throughout its sales force and distributors around the globe.

Cryptolog International

Cryptolog International is a software company specializing in providing digital identity management solutions. Cryptolog’s products deliver professional solutions for strong authentication, digital signature, and encryption—three pillars of digital identity management systems that help companies and government bodies fight fraud in the digital world and protect mission-critical, strategic information. The company’s clients include several major banks and insurance organizations, some of the world’s largest telecommunications operators and electronics firms, and various government agencies. Cryptolog provides a backend server for InCard’s ICT DisplayCard technology as well as resells InCard’s products.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 6

DI.GI. Security

DI.GI. Security (a division of DI.GI. International) was founded in the 1980s as a provider of solutions for both medium and large enterprises. Through collaborations and partnerships with international technology providers such as International Business Machines Corp. (IBM-NYSE), Novell, Inc. (NOVL- NASDAQ), Micro Focus International plc (MCRO-LON), and many others, DI.GI. International offers a suite of application solutions and value-added services, as well as hardware and software solutions. In 2003, a new division, DI.GI. Security, was established, dedicated to the world of information security services and solutions. DI.GI. Security’s partnership with international information technology security vendors provides the Italian market with access to high-quality products and solutions. DI.GI. Security’s knowledge center offers the Italian market an opportunity to learn about the importance of information technology security and arm itself with the knowledge to mitigate the risks and threats to business assets, data, applications, and networks. As an Italian-based security and authentication solutions provider, DI.GI. Security’s partnership with InCard allows the Company to deliver a breakthrough technology and convenient form factor to Italian customers. eMue Technologies (funded by Deloitte Touche) eMue Technologies, an Australian company that specializes in end-to-end authentication solutions for both private and federated networks (and in which Deloitte Touche Tohmatsu Australia has recently acquired an interest), is to combine its mutual authentication process with InCard’s secure ICT DisplayCard. The agreement calls for InCard to develop a specialized version of its ICT DisplayCard for eMue. InCard has developed a unique mutual authentication solution that mitigates credit card fraud across multiple business channels, including the internet and telephone, in addition to providing stronger authentication for online transactions. The combination of InCard’s ICT DisplayCard and eMue’s mutual authentication process could provide an unmatched solution for end users: a multi-factor authentication product in the compact size and thin width of a credit card. Upon successful completion of the development agreement, InCard expects to manufacture the specialized ICT DisplayCard exclusively for eMue.

Gemalto

In May 2006, InCard partnered with Gemalto, where Gemalto is to be a reseller of InCard’s ICT DisplayCard and may license the process of making the ICT DisplayCard from InCard to manufacture and distribute these cards. In 2004, Gemalto shipped approximately 1.4 billion financial and non-financial cards. The Company also has relationships with the largest banks in the world.

IdentiPHI, LLC

In November 2006, InCard signed a reseller agreement with IdentiPHI, LLC, a provider of enterprise security solutions. Under the terms of the agreement, IdentiPHI is to resell the ICT DisplayCard to its customers. Headquartered in Austin, Texas, IdentiPHI is a technology company offering a comprehensive suite of enterprise security solutions and consulting services. The Company also provides flexible tools that meet or exceed current legislation requirements to strengthen identity management and authentication systems.

Inex Americana Ltda

In November 2006, InCard partnered with Santiago, Chile-based Inex Americana, where Inex Americana became a reseller of InCard’s products. This partnership provides Inex Americana with a card that works as a payment card with OTP technologies, allowing Inex Americana to provide the technical resources of dual-factor authentication to companies that wish to utilize this technology in Latin America.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 7

Innet Co., Ltd.

In November 2006, InCard signed Seoul, Korea-based Innet Co., Ltd. as a Gold partner distributor. Innet has agreed to purchase 100,000 ICT DisplayCards for resale to financial institutions as well as to information and physical access security providers. Innet focuses on internet infrastructure, network training, and new multimedia technologies. Since its establishment in 1996, Innet has become one of the leading providers of internet networks in the Korean market.

Inteligensa Group

During May 2007, InCard signed the Latin America-based Inteligensa Group as a licensed distributor of the ICT DisplayCard. The distribution is intended to be focused mainly in Latin America, where Inteligensa manufactures 180 million cards annually, or 35% of all bank cards in Latin America. Inteligensa will likely match the ICT DisplayCard with outside companies’ backend servers to form an authentication package for its 150 to 200 financial institution clients. Inteligensa is a leader in providing payment systems and authentication solutions to large-scale businesses. Inteligensa has extensive experience with chip personalization in a secure environment, as well as with RFID and near field communication (NFC) solutions. nCryptone

In June 2006, InCard completed the ICT DisplayCard assets acquisition from co-developer, nCryptone, bringing the entire process in-house at InCard and enabling nCryptone to license the product. Included in the assets acquisition is all intellectual property relating to the ICT DisplayCard under the July 25, 2005, joint development agreement with nCryptone, all nCryptone intellectual property relating to the ICT DisplayCard, as well as all tangible assets relating to the ICT DisplayCard. InCard now holds all rights, including 100% of revenues, relating to the ICT DisplayCard. In exchange, nCryptone gained 4.5 million shares of InCard’s Common Stock and $1.0 million to be paid within one year after the close of the acquisition. Under the terms of the agreement, nCryptone is expected to resell InCard’s products as a channel partner, and InCard has agreed to purchase transitional services from the company, continuing to receive the same level of support from the nCryptone team for one year from the date of the acquisition. This acquisition is intended to enable InCard to move more quickly and efficiently to market with the ICT DisplayCard.

VeriSign, Inc.

In April 2007, InCard entered into a partnership with VeriSign, Inc. (VRSN-NASDAQ), a provider of intelligent infrastructure services to protect electronic and voice transactions. VeriSign operates a digital infrastructure that enables and protects billions of interactions every day across the world’s voice, video, and data networks. Through this partnership, VeriSign is to integrate the ICT DisplayCard into its VIP Authentication infrastructure. Using advanced anomaly detection technology, the VIP Authentication System detects fraudulent logins and transactions in real-time without affecting a legitimate user’s internet experience. The solution takes a self-learning approach to fraud detection, adapting to customer usage habits unique to that individual. Using policies and pattern recognition technology, the service flags potentially fraudulent activities based on known types of fraud and behaviors not associated with the user. The VIP Authentication System will likely use the OTP generated by the ICT DisplayCard to verify the identity of the user.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 8

Company Leadership

InCard’s management team and Board of Directors consists of individuals who are highly capable of driving the Company’s technology from concept to commercialization and facilitating the creation of partnerships for commercialization.

Management

Table 1 summarizes InCard’s key management, followed by detailed biographies.

Table 1 Innovative Card Technologies, Inc. MANAGEMENT John A. Ward, III Chief Executive Officer and Chairman Alan Finkelstein President, Founder, and Director Bennet P. Tchaikovsky Chief Financial Officer Tim Wright Vice President, Sales Source: Innovative Card Technologies, Inc.

John A. Ward, III, Chief Executive Officer and Chairman

Mr. John A. Ward, III has served as Chairman of the Board of Directors since October 2005, and additionally assumed the role of Chief Executive Officer (CEO) in August 2006. Mr. Ward continues to serve on the boards of a diverse group of public, private, and not-for-profit organizations, including Primus Guaranty, Ltd. ([PRS-NYSE] a credit derivative products company), Rewards Network Inc. ([IRN-AMEX] a loyalty and rewards marketing company), CoActive Marketing Group ([CMKG-NASDAQ] a marketing, sales, promotion, and interactive media services and e-commerce provider company), Big Brothers Big Sisters of New York City, New York (mentoring services for children), Downtown Hospital, and St. Peter’s Preparatory School (Jesuit secondary school). Mr. Ward most recently held the positions of Chairman, CEO, and Director of Doral Financial Corporation (DRL-NYSE). He also served as Chairman of the Board and CEO of the American Express Bank (a division of American Express Company [AXP-NYSE]), President of Travelers Cheque Group, and a member of the Planning and Policy Committee of the American Express Company. Prior to joining American Express, Mr. Ward had a 27-year career at the Chase Manhattan Bank (now J.P. Morgan Chase & Co. [JPM-NYSE]), where his last position was as CEO of Chase BankCard Services and as an Executive Vice President of the Bank. In addition, he was the President and CEO of Chase Personal Financial Services, a retail mortgage and home equity lender, the Senior Credit Executive for the Individual Bank, and the Area Credit Executive for the Europe, Middle East, and Africa Areas of the Global Bank. During his career, Mr. Ward has successfully turned around and grown a diverse group of financial services companies, both domestically and internationally. These businesses include credit cards, retail mortgages and home equity, travelers cheques, private banking, affluent financial services, correspondent banking, third party funds distribution, corporate banking, and trade and export finance. He has developed a professional knowledge and expertise in sales management and risk management in wholesale and retail credit.

Alan Finkelstein, President, Founder, and Director

Mr. Alan Finkelstein is one of the Company’s founders. He has served as President since December 2002 and as a Director since InCard’s inception in November 2002. He was Chairman of the Board of Directors from the Company’s inception until October 2005. Prior to November 2002, he was a sole proprietor. Mr. Finkelstein invented the LensCard and developed it from concept in 1991 through design, patent acquisition, formulation of a marketing strategy, and issuance to credit card companies commencing in October 1998. Mr. Finkelstein serves as a member on the Joint Technical Committee on Information Technology for the ISO (detailed on page 22). Since 2000, he has served on the International Electrotechnical Commission ([IEC] addressed on page 24). He is also a member of the National Committee for Information Technology Standards, the U.S. subgroup of the ISO.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 9

Bennet P. Tchaikovsky, Chief Financial Officer

Mr. Bennet P. Tchaikovsky has served as InCard’s Chief Financial Officer (CFO) since July 2004. From January 2003 to November 2003, he acted as the Vice President, Finance of TJR Industries, Inc., a company that produces trade shows for the woodworking industry. From December 2000 to June 2002, Mr. Tchaikovsky worked as interim CFO and CFO of Digital Lava, Inc. From January 2000 to November 2000, he served as the CFO of Harvest Solutions, Inc., a service provider of internet tracking and reporting software solutions for companies. From February 1999 to October 1999, Mr. Tchaikovsky was the Controller with Rainmaker Digital Pictures, a subsidiary of Rainmaker Entertainment Group, a post production and visual effects company. From February 1998 to February 1999, he served as Assistant Controller for Digital Domain, Inc., a provider of visual effects for commercial and film production. During 1996 and 1997, he worked as an independent forensic accountant and financial consultant. Mr. Tchaikovsky previously worked as a Senior Associate at Coopers & Lybrand, LLP and internal auditor with California Federal Bank, Inc. He is a licensed Certified Public Accountant (CPA) and an attorney in the state of California. Mr. Tchaikovsky received a B.A. in business economics from the University of California at Santa Barbara, and a J.D. from Southwestern University School of Law.

Tim Wright, Vice President, Sales

Mr. Tim Wright was previously Vice President of Banking and Retail at Gemalto, a leader in digital security and the world’s largest provider of smart cards and services. In his position at Gemalto, Mr. Wright oversaw payment card business activities for all of North America. His sales career includes serving as the Vice President of Sales with De La Rue Protection (a division of De La Rue plc [DLAR- LON]) in Dulles, Virginia, Manager of Sales and Marketing for secure card products with Dainippon Ink & Chemicals, Inc. in Fort Lee, New Jersey, and Manager of the International Department at Takachiho Technica in Tokyo, Japan. Throughout his 20-plus year career, Mr. Wright has achieved a solid track record of piloting sales growth in vendors of payment cards, smart cards, and payment card security. He also has international business experience. His educational background includes a Master’s of Law degree from Niigata University in Niigata, Japan. He sits on the Board of Directors at International Card Manufacturers Association ([ICMA] detailed on page 23), is a member of the National Committee of Information Technology Standards (NCITS), and is an ISO delegate.

Board of Directors

Table 2 provides a summary of Board members, followed by detailed biographies.

Table 2 Innovative Card Technologies, Inc. BOARD OF DIRECTORS John A. Ward, III Chief Executive Officer and Chairman Alan Finkelstein President, Founder, and Director Donald Joyce, Ph.D. Director George W. Hoover Director Scott V. Ogilvie Director Donald Killian Director Source: Innovative Card Technologies, Inc.

John A. Ward, III, Chief Executive Officer and Chairman

Biography on page 9.

Alan Finkelstein, President, Founder, and Director

Biography on page 9.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 10

Donald Joyce, Ph.D., Director

Dr. Donald Joyce has served as InCard’s Director since November 2003. Since April 2001, Dr. Joyce has served as Deputy Director of the University of Chicago Argonne National Laboratory. From June 2000 to February 2001, Dr. Joyce served as Chief Technology Officer (CTO) for Technology Connect, a technology consulting firm in Massachusetts. From May 1999 to June 2000, he served as Senior Vice President of JDH Technologies, LLC, a software company. Prior to May 1999, Dr. Joyce served as President of Muhlbauer Inc., an equipment supplier to the semiconductor, circuit board assembly, and smart card industries. Dr. Joyce received a Ph.D. in physics from the College of William and Mary and a B.A. in physics from the University of Colorado.

George W. Hoover, Director

Mr. George W. Hoover has served as the Company’s Director since November 2003. Mr. Hoover has been a partner in the intellectual property law firm of Blakely Sokoloff Taylor & Zafman, LLP since 1992. Prior to entering the legal profession, Mr. Hoover was with Hughes Aircraft Company for 15 years as an engineer and manager engaged in the design and development of aerospace electronic systems. He received a B.S. in engineering-physics from the University of California at Berkeley, an MBA from the University of California at Los Angeles, and a J.D. (magna cum laude) from Loyola Law School.

Scott V. Ogilvie, Director

Mr. Scott V. Ogilvie is President and CEO of Gulf Enterprises International, Ltd., a company that represents U.S. technology and infrastructure companies in the Gulf Region, and Managing Director and Chief Operating Officer (COO) of CIC Group, a financial services company. He is a founding Board member of the non-profit American-Kuwaiti Alliance.

Donald Killian, Director

Mr. Donald Killian is a Consultant and private investor. Previous work experience includes serving as the President and Managing Director of James Econn & Co, a Los Angeles, California-based insurance firm. He is also a Board member of Monrovia Growers and serves on the Institutional Review Board (IRB) of the City of Hope National Medical Center.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 11

Core Story

ENTERPRISE SECURITY

Large enterprises have become increasingly concerned with network security. Although many companies already authenticate network users, malevolent individuals could steal or hack passcodes and break into less secure networks. In 2005, 84% of North American enterprises suffered a security breach, a 17% increase in breaches since 2003 (Source: Computer Associates International [CA-NYSE], one of the world’s largest information technology management software companies). These breaches potentially cause decreases in workforce productivity, public embarrassment, loss of trust or confidence, and damage to reputation, as well as a loss of revenues, assets, and customers. As such, network security is often a top priority for enterprise management, as intrusion or damage to a company’s network could be devastating.

As an example of a network breach, in January 2007, hackers accessed the computer systems at the TJX Companies (the parent company of retailers such as T.J. Maxx and Marshalls). These hackers were able to steal approximately 45.7 million credit and debit card numbers. The TJX Companies believe that unauthorized software placed on its computer systems was the cause of the breach. To prevent these kinds of breaches, strong security methods such as dual-factor authentication are becoming increasingly widespread.

This market is currently served by a combination of technologies, such as key fob tokens and identification/physical access cards. Through InCard’s token-replacement card, the Company provides one product that does the job of both the OTP key fob token and the physical access swipe card. The advantage of the InCard product is that both functionalities are contained in one easy-to-carry device. The long-term goal is to provide security for enterprises, as well as an additional layer of protection against credit card fraud, specifically “card not present” fraud (detailed on page 13).

TRANSACTION CARD FRAUD

Scope of the Problem

According to the U.S. Federal Trade Commission (FTC), credit card fraud costs cardholders and issuers hundreds of millions of dollars each year. Creditcards.com (a compiler of credit card statistics) stated that in 2005, approximately 9.2 million U.S. citizens reported loss of credit card information. Furthermore, the FTC noted that 42% of all identity theft cases in 2004 involved credit card fraud. A 2005 study estimates that 1.15% of the U.S. adult population has experienced a misuse of existing non-credit card accounts or account numbers within the past year—estimates that include deposit accounts. In addition, for all internet-related fraud complaints received in 2004, 19% of cases involved a bank account debit. A U.S. FTC survey released in September 2003 also stated that over 27.3 million individuals became victims of identity theft between 1998 and 2003 in the U.S., with 67% of all identity theft victims (more than 6.5 million victims) in 2003 reporting that existing credit card accounts were misused.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 12

The Nilson Report (a source of news and proprietary research on consumer payment systems, www.nilsonreport.com) reported that businesses are losing billions of dollars after charge-offs to credit and debit card fraud. Table 3 lists the estimated net credit and debit card fraud in the U.S. after gross charge-offs from 2004 to 2010, for all cards and for bank cards alone.

Table 3 ESTIMATED NET CREDIT/DEBIT CARD FRAUD IN THE U.S. AFTER GROSS CHARGE-OFFS (in millions) Year All Cards Bank Cards 2004 1,652.48 1,164.96 2005 1,817.68 1,294.09 2006 1,991.96 1,429.68 2007 2,183.70 1,580.86 2008 2,392.40 1,745.45 2009 2,623.31 1,927.38 2010 2,877.21 2,127.87 Source: http://www.epaynews.com/statistics/fraud.html - citing The Nilson Report.

“Card Not Present” Methods of Fraud

Techniques used for “card not present” fraud are continually becoming more sophisticated. Traditional fraud screening tools can only determine whether a credit card is legitimate or if the user-entered account information matches information that the credit card company has on record. With most current methods of online credit card security, those attempting to commit fraud are knowledgeable enough to be able to pose as the legitimate card holder and bypass standard fraud verification methods.

Methods used today to commit “card not present” fraud include spyware and phishing schemes. With spyware, a program is unknowingly downloaded onto a user’s computer. This program can potentially track keystrokes, sites visited, and capture passcodes and account numbers. In a phishing scheme, thieves send an email to induce unwitting users to enter personal information, such as credit card account numbers or bank account numbers. These schemes have been the cause of many people suffering financial losses due to online fraud.

Table 4 illustrates that approximately 79% of the people Table 4 who experienced online fraud in 2002 suffered financial PERCENTAGE OF FINANCIAL losses. In fact, 47% of the people who became victims of online fraud that year had over $100 in losses. LOSSES TO ONLINE FRAUD IN THE U.S. (2002) According to www.epaynews.com (a news portal and Value Percentage research tool focusing on retail payment and transaction reconciliation solutions information), $2.8 billion of e- $0 21% commerce revenues were lost specifically to fraud in $1-25 11% 2005. In addition, 57% of all businesses are currently $26-50 10% losing money to cybercrime. International e-commerce continues to be a high risk, having three times the order $51-75 6% rejection and fraud rates versus the average overall rate. $76-100 5% Since many foreign merchants have not yet moved to $101-250 14% automated review of orders to catch credit card fraud, $251-500 11% they must rely on time-consuming, labor-intensive, $501-1000 10% manual review processes. These manual-review $1001-5000 10% processes do not have the same ability to catch fraudulent transactions as automated solutions designed $5000+ 2% specifically for that purpose. Source: http://www.epaynews.com/statistics/fraud.html - citing the U.S. Federal Trade Commission, Jan. 2003.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 13

Federal Financial Institutions Examination Council (FFIEC) Guidance

In the wake of severe data security breaches, such as those at CardSystems or T.J. Maxx (described on pages 4 and 12, respectively), the Federal Financial Institutions Examination Council (FFIEC) has issued guidance requiring banks to incorporate stronger security methods. Methods such as dual-factor authentication are highly recommended for institutions offering internet-based financial services to mitigate risk. As of January 1, 2007, financial institutions and third-party service providers that do not comply with these standards could be fined or lose their memberships in bank card associations and clearinghouses.

Note: The FFIEC is the formal interagency body that sets the standards and guidelines by which the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Office of Thrift Supervision (OTS) uniformly examine financial institutions.

The term “authentication” is the process of verifying the identity of a person or entity. Single-factor authentication involves the use of one factor to verify customer identity, such as a passcode. Dual-factor authentication requires both something a person knows and something a person has. For example, an automated teller machine (ATM) uses dual-factor authentication, where the person must have both the ATM card and a personal identification number (PIN) to access the account.

According to FFIEC Guidance for Authentication in an Internet Banking Environment, released October 12, 2005, there are a variety of technologies and methodologies that financial institutions can use to authenticate customers (Source: www.fdic.gov/news/news/financial/2005/fil10305.html). These methods include the use of customer passcodes, PINs, digital certificates using a public key infrastructure (PKI), physical devices such as smart cards, OTPs, universal serial bus (USB) plug-ins or other types of tokens, transaction profile scripts, and biometric identification, among others. Generally, the way to authenticate customers is to have a user present some type of factor to prove their identity. Table 5 summarizes standard authentication factors.

Table 5 FACTORS USED TO AUTHENTICATE AN INDIVIDUAL Something a person knows Commonly a password or PIN. If the user types in the correct password or pin, access is granted. Something a person has Most commonly a physical device, referred to as a token. Tokens include self- contained devices that must be physically connected to a computer, or devices that have a small screen where an OTP is displayed, which the user must enter into an interface to be authenticated by a backend server.

Something the person is Most commonly a physical characteristic, such as a fingerprint, voice pattern, hand geometry, or pattern of veins in the user’s eye. This type of authentication is referred to as biometrics and often requires the installation of specific hardware on the system to be accessed.

Source: FFIEC Guidance for Authentication in an Internet Banking Environment.

Technologies Detailed by the FFIEC for Authentication

There are four methods, listed below, that the FFIEC has presented for dual-factor authentication. The positive and negative attributes of each are highlighted in Table 6 (page 15), and greater details are provided on pages 16-18.

(1) biometric authentication

(2) software programs

(3) smart cards/smart card readers

(4) OTP generator

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 14

Table 6 CHARACTERISTICS OF AUTHENTICATION TECHNOLOGIES ADVANTAGES DISADVANTAGES Difficult Protects Protects PortableHigher Vulnerable Requires Requires to "Hack" against against Costs additional additional fraud "card not hardware software with card present" present fraud Biometrics 9 9 9 9 9 9 Smart card 9 9 9 9 Software Programs 9 9 9 OTP Generator 9 9 9 Source: Crystal Research Associates, LLC.

According to the FDIC, both national and international banks have employed or are in the process of developing specific types of dual-factor authentication programs, as depicted in Table 7 and Table 8 (page 16). These tables list the application and the deployment stages as of June 2005. Although these tables are not intended to be an exhaustive list of institutions using dual-factor authentication, they do suggest that the use of such technology is becoming much more widely employed.

Table 7 DOMESTIC INTEREST IN DUAL-FACTOR AUTHENTICATION PROGRAMS Institution Technology Application Deployment Stage E-Trade Bank OTP hardware token Internet banking Pilot Bank of America Corp. Various two-factor Internet access for Internal—summer (BAC-NYSE) technologies employees and corporate 2005; Corporate customers customers—fall/winter 2005 Sovereign Bank OTP hardware token Business banking: Production corporate and institutional customers ABN AMRO (ABN-NYSE) OTP hardware token Online treasury Production management ING Direct Rotating shared secret Internet banking Production Stanford Federal Credit Union Device authentication Internet banking Production Purdue Employees Federal Biometric (fingerprint) Automated service centers Production Credit Union San Antonio City Employees Biometric (palm geometry Safe deposit box access; Production Federal Credit Union and keystroke) employee network access Commerce Bank OTP hardware token Internet banking for Production corporate customers Wachovia Corp. (WB-NYSE) OTP hardware token Internet banking Under consideration Dollar Bank OTP hardware token Internet banking for Production corporate customers

Source: FDIC - Putting an End to Account-Hijacking Identity Theft (Study) - published on December 14, 2004.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 15

Table 8 INTERNATIONAL INTEREST IN DUAL-FACTOR AUTHENTICATION PROGRAMS Institution Technology Application Deployment Stage

Australian Bankers Association* Various two-factor Internet Banking Proposed and pilot technologies programs Bank of Valletta OTP hardware token Internet banking, telephone Production banking, customer service center, mobile banking Rabobank OTP hardware token Internet banking Production SEB Bank OTP hardware token Internet banking Production SwedBank OTP hardware token Internet banking Production Bank of Tokyo–Mitsubishi Biometric (palm geometry) ATM 3/1/2006 Surugo Bank Shizuoka Biometric (palm geometry) ATM Production Prefecture Mizuho Bank Biometric (palm geometry) ATM Research Sumitomo Mitsui Bank Biometric (palm geometry) ATM 3/1/2006 Citibank, UK Division On-screen virtual keyboard Internet banking Production First National Bank of South OTP hardware token Internet banking Production Africa Royal Bank of Scotland OTP hardware token Internet banking Production Loyal Bank OTP hardware token Internet banking Production Fortis, NV OTP hardware token Internet banking Production Grupo Aval Device authentication Internet banking Production July 2005 Barclays (BCS-NYSE) On-screen virtual keyboard Internet banking Production

*According to Australian Bankers Association CEO, David Bell, an industry standard requiring all banks in Australia to use two methods of authentication for Internet customers was introduced in 2005.

Source: FDIC - Putting an End to Account-Hijacking Identity Theft (Study) - published on December 14, 2004.

Biometric Authentication

Biometric authentication (Figure 2 [page 17]) identifies a person based on a physiological or physical characteristic. Physiological characteristics include fingerprints, iris configuration, and facial structure. Physical characteristics include the rate and flow of movements, such as the pattern of data entry on a keyboard. The process of introducing people into a biometrics-based system is called “enrollment.” In enrollment, samples of data are taken from one or more physiological or physical characteristics. The samples are then converted into a mathematical model or template, and the template is registered into a database, which the software application analyzes. The downside to biometrics is that the technology is very costly, as one has to enroll users and have a specialized reader for the biometrics. Additionally, biometrics has historically returned many false positives and false negatives.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 16

Figure 2 SAMPLES OF BIOMETRIC AUTHENTICATION TECHNOLOGIES Palm Identification Iris Configuration Facial Structure

Source: Company websites.

Software Programs

There are a variety of software programs in use today that provide an extra layer of authentication, such as Bank of America Corp SiteKey and RSA Security, Inc.’s (RSAS-NASDAQ) Passmark Security. SiteKey indicates that the website a user is visiting is a real website, and not a phishing site. Passmark Security requires users to enter a static passcode in order to access their account. Downsides of this method are that they can be compromised by hackers, are limited to use over the internet, and are unable to be utilized over phone lines.

Smart Card

A smart card is another example of an authentication method. The size of a credit card, a smart card contains a microprocessor that enables it to store and process data. To be used, a smart card must be inserted into a compatible reader attached to either a computer or some type of electronic reading device. If the smart card is recognized as valid (first factor), the customer is prompted to enter his or her passcode (second factor) to complete the authentication process. Smart cards are difficult to duplicate and have demonstrated to be tamper resistant, creating a relatively secure vehicle for storing sensitive data and credentials. Some limitations of smart cards are that they can only be used in the presence of a smart card reader, which has limited portability, and they require additional software to run on most computers. Illustrations of some of the typical types of smart cards are provided in Figure 3.

Figure 3 EXAMPLES OF SMART CARDS

Source: Versatile Card Technology, Inc.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 17

One-time Passcode (OTP) Generator

An OTP generator, or passcode-generating token, produces a unique passcode or OTP each time it is used. The OTP is generated by an algorithm stored in the token. It is then displayed on a small screen on the token (or card). On a computer, a login interface appears where the user enters the static passcode (first factor). On a second display, the user enters the OTP produced by the token (second factor). The user is authenticated if the static passcode and the OTP generated by the token match the passcode on the authentication server. The backend server reading the passcode ensures that the same OTP is not used consecutively.

Passcode-generating tokens are secure because of the time-sensitive, synchronized nature of the authentication. The unique, random, and unpredictable qualities of OTPs substantially increase the difficulty of a cyber thief capturing and using OTPs gained from keyboard logging. Examples of some of the more well-known token issuers are provided in Figure 4. Greater details on some of the companies currently developing and marketing technology within this space, in addition to InCard, are provided in the Competition section, pages 26-27. InCard’s technology is described on greater detail on pages 20-23.

Figure 4 EXAMPLES OF WELL-KNOWN TOKEN ISSUER TECHNOLOGY (45 million OTP tokens in the market today) VeriSign Inc. (VRSN-NASDAQ)

VeriSign Unified Authentication Token Examples

RSA Security, Inc. (RSAS-NASDAQ)

RSA SecurID Toolbar Token

RSA SecurID Token on the Blackberry Handheld

VASCO (VDSI-NASDAQ) Data Security International

DIGIPASS Token Examples

ActivIdentity Corp. (formerly ActivCard Corp.)

Source: Crystal Research Associates, LLC and company websites.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 18

LEGISLATIVE AND REGULATORY RESPONSES TO CREDIT CARD FRAUD

Many of the statutes designed to combat credit card fraud are included in both federal and various state identity theft statutes. The accompanying section discusses the statutes and regulations encompassing credit card fraud, with information provided as to the overall identity theft statutes where applicable.

Federal Legislation

Since 1998, when identity theft first became a federal crime, a number of statutes and regulations have clarified impermissible use of personal information and offered greater tools for law enforcement. These changes in federal law have either established standards for protecting information, provided consumers with more information about their credit history (so individuals can be more vigilant in protecting their own identity), or increased criminal penalties for credit card fraud and identity theft. The Fair and Accurate Credit Transactions Act ([FACTA] highlighted in Table 9 and described thereafter) is an example of this legislation. Many states have also passed legislation protecting against identity theft. Table 9 summarizes a selection of these laws, both federal and state.

Table 9 LEGISLATION REGARDING VERIFICATION OF IDENTIFICATION Federal Financial Institutions Examination Council (FFIEC) The FFIEC issued guidance requiring banks to incorporate stronger security. As of January 2007, financial institutions and third-party service providers that do not comply with these standards could be fined or lose their memberships. • Suggested methods of authentication: customer passwords, PINS, digital certificates using a public key infrastructure (PKI), smart cards, OTPs, USB plug-ins, tokens, transaction profile scripts, and biometric identification, among others.

The Fair and Accurate Credit Transactions Act (FACTA) According to Fair and Accurate Credit Transactions Act (FACTA) Under Title I, §113 of the Act, only the last five digits of the card account number can be printed on electronically printed receipts provided to the customer. The new truncation requirement does not apply to handwritten receipts or receipts imprinted with a copy of the credit card. This federal legislation prompted some states to follow with their own legislation.

State Legislation At least 40 states have laws to address identity theft. Six states classify identity theft as a misdemeanor, 20 states label it a felony, nine states apply both a misdemeanor and a felony category, and five states adapt the sentence to the seriousness of the crime.

Source: Crystal Research Associates, LLC.

State Legislation

At least 40 states have laws addressing identity theft, protecting against various means and forms of identity theft, including credit card fraud. In many instances, new laws enhance existing statutes. States have various means to manage identity theft, including limiting the use of Social Security numbers, giving consumers more control over their credit report data, providing for civil action remedies and restitution, and mandating enhanced penalties for identity theft crimes. Six states classify identity theft as a misdemeanor, 20 states label it a felony, nine states apply both a misdemeanor and a felony category, and five states adapt the sentence to the seriousness of the crime.

Some of these state identity theft laws include language directly targeting credit card fraud. For instance, new laws in California not only restrict the use of Social Security numbers but also require credit bureaus to develop personal identification numbering systems. Colorado and Virginia enable victims to better manage their credit report data. The Personal Identity Defense Act in Nebraska amends provisions on deception and unauthorized use of a financial transaction device and provides penalties, civil recourse, and restitution.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 19

Other state statutes on identity theft have evolved from laws that addressed fraud, including credit card fraud. For the crime of identity theft, Indiana uses the terms forgery and other deceptions, Maine labels it theft by deception; Massachusetts calls it false impersonation; Texas categorizes it as fraudulent use or possession of identifying information; and in Wisconsin, it is misappropriation of personal identifying information.

Through the Fair and Accurate Credit Transactions Act (FACTA), Congress preempted the states on credit and debit card truncation to set a national standard. Under Title I, §113 of the Act, only the last five digits of the card account number can be visible on electronically printed receipts provided to the customer. The new truncation requirement does not apply to handwritten receipts or receipts imprinted with a copy of the credit card. This federal legislation prompted some states to follow with their own legislation. Table 10 lists the states that enacted this legislation, and the year they enacted it, as of 2005.

Table 10 STATES WITH ENACTED LEGISLATION REQUIRING TRUNCATED CREDIT CARD RECEIPTS 1999 2000 2001 2002 2003 2004 2005 California Washington Arizona Colorado Delaware Kentucky North Dakota Louisiana Florida Georgia Maine Tennessee Kansas Idaho Rhode Island Maine Illinois Virginia Maryland Missouri Missouri Nevada Nebraska New Mexico New Jersey New York New York North Carolina Oklahoma Oregon Virginia Texas

Source: National Conference of State Legislators. http://www.ncsl.org/programs/lis/privacy/CreditCardReceipts.htm.

INCARD’S TECHNOLOGY

Power Inlay Technology

InCard’s Power Inlay Technology is designed to be used as an operating system to add different applications that require power into standard, shaped, or mini cards. This technology integrates a battery, circuit, switch, and output device (such as with the ICT DisplayCard, depicted in Figure 5) into an International Organization for Standardization (ISO)-certified transaction card or other information-bearing plastic card.

Figure 5 Innovative Card Technologies, Inc. POWER INLAY TECHNOLOGY POWER DISPLAY CARD WITH OTP BatteryCircuit Switch Display Card

++=

Source: Innovative Card Technologies, Inc.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 20

Technology’s Functionality

InCard’s technology may easily be used in enterprises to authenticate data systems logon, with an all-in- one approach that combines token capabilities with logical access in a credit card form factor. The technology could also prove to be an effective solution in mitigating damage from credit card fraud, such as spyware and phishing schemes on the internet or via phone, as one must have the physical card in their possession in order to generate the OTP. InCard’s technology could further provide a unique, cost effective, and more convenient security advantage for transaction card providers since it would eliminate the need to carry a cumbersome token.

Token-Replacement Cards

InCard’s principal product in development, the ICT DisplayCard, looks like a conventional payment card and functions like a physical-access swipe card combined with a key fob token. The differentiating factor is its form. Not only does it offer several functionalities in one device, but also the device itself is highly portable, fitting easily into a wallet or pocket.

The Company targets its token-replacement cards toward enterprises, which can use this technology to provide an additional layer of protection to secure access points to valuable corporate data networks. InCard is currently developing a method to print directly on a card onsite at the end-user’s location. This is designed to enable the Company to supply corporate identification cards with employee photos. The cards would be equally usable in new dual-factor authentication applications and as a substitute technology in already established systems. The token-replacement/physical access card could eliminate the need for both the identification badge and key fob token, and is priced less than the combination of the two.

InCard’s other target market is the financial services market. Here the ICT DisplayCard authenticates “card not present” financial transactions. It can do this in the following two ways: (1) as a companion card (token-replacement) that generates the OTP but does not have payment capabilities; and (2) as an integrated OTP generator and payment card (detailed below). Both methods add another layer of security against credit card fraud.

Financial Transaction Cards

InCard is also seeking payment association validation for its financial transaction card with integrated OTP technology. This product is essentially the same as the token-replacement card (described above) but is also a fully functional payment card. Customers could use an ICT DisplayCard at any point-of-sale. This product, when used with a passcode or PIN number, satisfies the FFIEC dual-factor authentication standards (detailed on pages 14-18), and can be used to secure an online banking login as well as internet and phone purchases. Figure 6 (page 22) summarizes InCard’s ICT DisplayCard process for conducting an online purchase.

Another benefit of InCard’s ICT DisplayCard for banks is the cost savings they would likely incur. Currently, bank tokens cost at least $5 each and are used in conjunction with existing credit cards. With InCard’s technology, when a bank creates a new transaction payment card, it can incorporate token capabilities into the card, personalize the card with a magnetic strip, emboss it, and mail it to the customer. A bank is not able to provide this all-in-one service via its external token since shipping an external token is cumbersome and adds an additional shipping cost to the product.

InCard has developed a card that incorporates its Power Inlay Technology in a manner that is ISO-7810 certified (a requirement of all financial transaction cards). To InCard’s knowledge, there are no other available methods to place power into an ISO-certified credit card.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 21

Figure 6 Innovative Card Technologies, Inc. ONLINE PURCHASE VERIFICATION PROCESS FOR ICT DISPLAYCARD WITH OTP A user generates an OTP and At the time of purchase, an OTP is requested. enters it into the computer.

The passcode is verified and the purchase is The OTP is sent to a server for authentication. confirmed.

Source: Innovative Card Technologies, Inc.

ISO Certification

The ISO is a worldwide organization promoting the development of standardization to facilitate the international exchange of goods and services. The ISO sets operational and quality control standards for businesses in over 125 countries around world. ISO Certification is recognized worldwide as an accepted standard of quality, and indicates that a company’s products or services meet standards adopted by businesses, governments, and societies worldwide. A company or organization that has been independently audited and certified to be in conformance with ISO 9001 may publicly state that it is “ISO 9001 certified” or “ISO 9001 registered.”

ISO regulation 35.240.15 specifies regulations for identification cards and related devices, including application of cards for banking, trade, telecommunications, and transport. It is important for any financial transaction card to comply with ISO standards or have a new standard adopted in order to be marketed and accepted globally. There are multiple applications that could employ InCard’s Power Inlay Technology, including display screens, light, security, and other anti-fraud measures.

Potential Additional Uses for InCard’s ICT DisplayCard Technology

Smart cards, such as those described on page 17, contain an EMV chip (EuroPay, MasterCard, and VISA), which includes a holder’s last transaction, balances, and other information. InCard is working toward creating a similar system, which may allow a user, by pressing a second button on the card, to retrieve an account balance, loyalty points (such as for a loyalty card), last transaction, and even convert currency.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 22

Market Opportunity

According to the Nilson Report, there were 2.46 billion credit and debit cards in circulation in 2005 and 45 million tokens issued by enterprises and financial institutions. According to International Data Group Inc. ([IDC Research] a global provider of market intelligence, advisory services, and events for the information technology, telecommunications, and consumer technology markets), the worldwide hardware authentication token market is forecast to grow to $764 million by 2009 from $493 million in 2004. Additionally, companies are projected to issue roughly 30 million tokens in the upcoming year.

Production Capacity

InCard expects to be able to produce 200,000 ICT DisplayCards per month by September 2007, based on estimates provided by InCard’s Original Equipment Manufacturers (OEMs). OEMs produce the entirety of InCard’s product, and InCard does not manufacture any part of the ICT DisplayCard. In the event that the demand for the Company’s product exceeds production capacity, InCard’s OEMs have indicated to the Company that they would be able to increase capacity.

INDUSTRY AFFILIATIONS

InCard has a variety of industry affiliations with organizations promoting different technology and standards for using payment cards. The Company’s affiliations are shown in Figure 7, followed by brief descriptions.

Figure 7 Innovative Card Technologies, Inc. INDUSTRY AFFILIATIONS

Source: Innovative Card Technologies, Inc.

Organization Descriptions

International Card Manufacturers Association (ICMA)

The International Card Manufacturers Association (ICMA) is a global non-profit association of nearly 200 plastic card manufacturers, personalizers, suppliers, and other industry participants that promote the plastic card industry and the value of its products and services. The primary benefits are industry education and access. ICMA achieves this through a wide range of member services, including access to industry publications, exhibits, and attendee discounts to the annual conference and exposition, members-only workshops, Daily Industry News, standards representation, training and education, public relations exposure, referrals, an online Buyer’s Guide and free copies of the Global Market Survey. ICMA promotes the plastic card industry and the value of its products and services, and provides an independent forum to speak for the industry. Mr. Tim Wright (biography on page 10), InCard’s Vice President of Sales, is a member of the Board of ICMA.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 23

International Electrotechnical Commission (IEC) – Joint Technical Committee

The International Electrotechnical Commission (IEC) is the international standards and conformity assessment body for all fields of electrotechnology. The IEC, operating jointly with the ISO, is a global organization that prepares and publishes international standards for all electrical, electronic, and related technologies. These serve as a basis for national standardization and as references when drafting international tenders and contracts. Through its members, the IEC promotes international cooperation on questions of electrotechnical standardization and related matters in the fields of electricity, electronics, and related technologies. The IEC charter embraces all electrotechnologies, including electronics, magnetics and electromagnetics, electroacoustics, multimedia, telecommunication, and energy production and distribution, as well as associated general disciplines, such as terminology and symbols, electromagnetic compatibility, measurement and performance, dependability, design and development, safety, and the environment. Mr. Alan Finkelstein (biography on page 9), InCard’s President and Founder, is a member of the IEC.

Initiative for Open AuTHentication (OATH)

The Initiative for Open AuTHentication (OATH) is a collaboration of device, platform, and application companies. OATH participants foster the use of strong authentication across networks, devices, and applications. This organization’s participants work collectively to facilitate work standards and build a reference architecture for open authentication while promoting the benefits of strong interoperable authentication in a networked world.

The OATH organization also includes two active sub groups: the Technical Focus Group (TFG) and the Marketing Working Group. The TFG is the heart of the OATH initiative and is composed of volunteer members that devote their time and expertise to create the specifications that define an open and interoperable strong authentication architecture. The TFG then delivers these specifications to the relevant standards bodies for industry-wide acceptance and publication. The Marketing Working Group was formed to build awareness for OATH and its initiatives in the industry, recruit new members to OATH, and promote the benefits of strong interoperable authentication to various industry audiences, such as vendors, customers, and industry analysts. InCard is a member of the TFG at OATH.

Payment Card Industry (PCI) Data Security Standards Council

The PCI Data Security Standard, a mandatory standard requiring merchants to make their physical and virtual environments secure to ensure protection of cardholder data, was developed by Visa and Mastercard Inc. (MA-NYSE), and endorsed by payment providers including American Express, Diner’s Club, and Discover. The standard aims to reduce the risk of an attack by mandating the proper use of firewalls, message encryption, computer access controls, and antivirus software. It also requires frequent security audits and network monitoring, and forbids the use of default passcodes. Retailers that do not comply may face penalties, including fines. The PCI includes 12 requirements, listed in Table 11 (page 25).

Smart Card Alliance

The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use, and widespread application of smart card technology. The Alliance invests heavily in education on the appropriate uses of technology for identification, payment, and other applications, as well as advocates the use of smart card technology in a way that protects privacy and enhances data security and integrity. Through specific projects, such as education programs, market research, advocacy, industry relations, and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is a single industry voice for smart card technology, leading industry discussion on the impact and value of smart cards in the U.S. and Latin America.

The Alliance is composed of over 160 members worldwide, including participants from financial, government, enterprise, transportation, mobile telecommunications, healthcare, and retail industries. The four main priorities of the Alliance are as follows: (1) influence standards that are relevant to smart card adoption and implementation; (2) maintain a voice in public policy that affects smart card adoption and implementation; (3) serve as an educational resource to its members and the industry; and (4) provide a forum for discussions and projects on issues surrounding smart cards.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 24

Table 11 PCI DATA SECURITY MANDATORY STANDARDS Install and maintain a firewall configuration to protect data Do not use vendor-supplied defaults for system passwords and other security parameters Protect stored data Encrypt transmission of cardholder data and sensitive information across public networks Use and regularly update anti-virus software Develop and maintain secure systems and applications Restrict access to data by business need-to-know Assign a unique ID to each person with computer access Restrict physical access to cardholder data Track and monitor all access to network resources and cardholder data Regularly test security systems and processes Maintain a policy that addresses information security

Source: VISA.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 25

Competition

InCard is not aware of any product that is being mass produced (or in development) in the same manner as its OTP ICT DisplayCard, incorporating the token technology directly into a financial transaction card itself. However, there are companies creating tokens and methods to randomly generate passcodes for use in dual-factor authentication (generally in key fob or USB token form). For example, RSA, Vasco, and VeriSign token devices may be cost competitive to InCard’s technology. Biometrics and smart cards are also available routes of authentication, as described on pages 16-17. Some of the leading competitive technologies within the field of authentication, which could be considered competitive to InCard’s technology, are listed in Figure 8 and summarized below.

Figure 8 Innovative Card Technologies, Inc. COMPETITION

Source: Crystal Research Associates, LLC.

Aladdin Knowledge Systems Ltd. Aladdin Knowledge Systems Ltd. (ALDN-NASDAQ) of Tel Aviv, Israel, provides security solutions that reduce software theft, authenticate network users, and protect against spam and viruses. The company developed and patented a USB-based eToken hardware solution for authentication and digital identity management using a portable device. The eToken provides for strong authentication by using the following methods: Public Key Infrastructure (PKI), OTP Authentication, Simple Sign-On (SSO), Web Sign-On (WSO), and a Secure Network Logon.

Entrust, Inc. Entrust, Inc. (ENTU-NASDAQ) of Addison, Texas, uses technologies such as encryption, authentication, and advanced content scanning to enable customers to apply security policies and procedures that protect information and help fulfill regulatory demands. Collaborating with SafeNet, Entrust distributes SafeNet iKey 2032 tokens as Entrust USB Tokens, which form an integrated component of the Entrust product portfolio. These security tokens enable strong dual-factor authentication to desktops, Virtual Private Networks (VPNs), Wireless Local Area Networks (WLANs), and internet portals. Entrust USB Tokens are designed to work together with Entrust’s leading PKI product portfolio to provide a comprehensive, scalable security solution that meets customer needs for stronger authentication, encryption, and digital signatures.

IdenTrust Inc. IdenTrust Inc. of San Francisco, California, is involved in identity solutions accepted by global financial institutions, government agencies, and corporations. As the only government- regulated, bank-built identity company, IdenTrust provides a worldwide network of credentials based on global standards. IdenTrust not only addresses the technical aspects of identity management but also provides a legally and globally interoperable environment for using identities. The IdenTrust solution consists of three key components: (1) trusted identity blueprint; (2) proven network and delivery capabilities based on “best of breed” technology; and (3) expertise in establishing and managing a trusted identity infrastructure. The IdenTrust platform enables financial institutions, governments, and commercial entities to effectively manage the risks associated with identity authentication; minimize investment in creating their own legal frameworks; and deploy a Trusted Identity infrastructure smarter, faster, and more cost effectively.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 26

RSA Security Inc. RSA Security Inc. of Bedford, Massachusetts, protects online identities and digital assets. An inventor of security technologies for the internet, the company has technology for authentication, encryption, and anti-fraud protection. RSA Security offers a multi-application smart card solution that is designed to support passcodes, RSA SecurID dual-factor authentication, and digital certificates technology from a single USB device, engineered to deliver ease of use and cost reduction. RSA SecurID 6100 USB Token solution is part of the RSA Smart Card solution. The solution works in conjunction with RSA SecurID Passage software, which is the middleware built to enable certificate authentication to Microsoft® Windows® environments and single sign-on into a variety of certificate-enabled applications, such as VPNs, internet browsers, and email clients.

The RSA SecurID® 6100 USB Token solution is engineered to enable organizations to integrate dual- factor authentication and digital certificates transparently into identity and access management infrastructure, building trust into the e-business environment. The RSA SecurID® 6100 USB Token is designed to plug into the USB port of many personal computers, giving users a single device that can authenticate protected applications. The solution can be easily extended to address any organization’s future requirements, such as employee loyalty programs, e-purse applications, and middleware functionality enhancements, with the simple addition of Java applets. An illustration of this technology is provided in Figure 4 (page 18).

VASCO Data Security International Inc. VASCO Data Security International Inc. of Oakbrook Terrace, Illinois, designs, develops, markets, and supports patented user authentication products for the financial world, remote access, e-business, and e-commerce. VASCO’s user authentication software is delivered via its DIGIPASS hardware and software security products. VASCO has over 440 international financial institutions and approximately 2,300 blue chip corporations and governments located in more than 100 countries using its technology. DIGIPASS provides user authentication and e-Signatures, and is compatible with more than 50 international vendors for e-commerce, e-banking, e-networking, and e-government applications. An illustration of this technology is provided in Figure 4 (page 18).

VeriSign Inc. VeriSign Inc. operates intelligent infrastructure services that enable and protect interactions every day across the world’s voice and data networks. The company also provides the services that help over 3,000 enterprises and 500,000 websites to operate securely, reliably, and efficiently. VeriSign is a global enterprise with offices throughout the Asia-Pacific region, Europe, Latin America, and North America supported by a widespread international network of data centers and operations centers. The VeriSign OTP Token enables strong authentication through a token. The OTP Token supports either a time-based algorithm or an event-based algorithm, depending on one’s business and security needs. The VeriSign® Multipurpose Next-Generation Token is an all-in-one security token. A single token can generate dynamic OTPs and store digital certificates (for PKI- based authentication, encryption, digital signing, and non-repudiation) and smart card information. Using the token’s OTP authentication capabilities, partners, customers, and mobile employees can authenticate themselves from virtually any location or device, whether or not the access point has a USB port.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 27

Key Points to Consider

The Federal Financial Institutions Examination Council (FFIEC) recently issued guidance requiring banks to incorporate stronger security. As of January 1, 2007, financial institutions and third-party service providers that do not comply with increased standards could be fined or lose their memberships. Methods such as dual-factor authentication are highly recommended for institutions offering internet-based financial services.

o According to a Gartner Research study, one-third of banks had not complied with this guidance by January 1, 2007. Additionally, most of the adopted authentication systems are expected to be reevaluated, primarily for customer satisfaction and ease-of-use. This reevaluation is likely to result in banks purchasing replacement authentication systems during the course of 2007.

InCard provides a solution to “card not present” transaction card theft. Its technology incorporates a one-time passcode (OTP) generator directly into the financial transaction card itself, which can fit into a wallet, making it easy to carry. By integrating the OTP generator into a financial transaction card, the step of carrying a separate token is eliminated.

o An OTP generator, or passcode-generating token, produces a unique passcode (or OTP) each time it is used. The OTP is generated by an algorithm stored in the token and is displayed on a small screen on the token (or card). The user enters the number into an interface. This information is sent to a backend server, which ensures that the same OTP is not used consecutively and that the unique OTP matches the user’s card.

As InCard has also added Radio Frequency Identification (RFID) to its cards, it can supply an RFID or magstripe building access card that has token data access capabilities as well, eliminating the need for a separate swipe card and key fob token—a common practice in highly secure enterprises.

The Company may also issue the ICT DisplayCard as a simple token, having no payment card capabilities, for remote data access authentication. InCard’s ICT DisplayCard with OTP is effective in combating spyware and phishing schemes. Although a user may be tricked into entering an OTP, this passcode is good for a one-time use only.

According to the Nilson Report, there were 2.46 billion credit and debit cards in circulation in 2005, and 45 million tokens issued by banks and financial institutions. According to International Data Group Inc. ([IDC Research] a global provider of market intelligence and services for the information technology, telecommunications, and consumer technology markets), the worldwide hardware authentication token market is forecast to grow to $764 million by 2009 from $493 million in 2004.

According to www.epaynews.com, a news portal and research tool focusing on retail payment and transaction reconciliation solutions information, $2.7 billion e-commerce revenues were lost to fraud in 2005, and 57% of all businesses with an online presence lost money to cybercrime.

InCard intends to focus initially on getting its cards, which could be used as token-replacement cards, to market through various resellers. InCard has entered into a reseller agreement with Gemalto, a provider of financial transaction cards, to distribute the card to its wide array of bank card clients. Other partnerships include ActivIdentity Corp. and VeriSign, Inc., both leading providers of electronic security and authentication solutions.

InCard’s technology is International Organization for Standardization (ISO)-7810 compliant. To the Company’s knowledge, its methods are the only available means of placing power into an ISO- compliant credit card. It is important for financial transaction cards to comply with ISO standards in order to be marketed and accepted globally. There are multiple applications that could use InCard’s Power Inlay Technology, including display screens, light, security, and other anti-fraud measures.

In March 2007, InCard began trading on the NASDAQ market under the symbol “INVC.”

As of May 9, 2007, InCard had approximately $5.4 million in cash and cash equivalents.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 28

Historical Financial Results

Tables 12, 13, and 14 provide a summary of InCard’s key historical financial statements—its Consolidated Statements of Operations, Balance Sheets, and Statements of Cash Flows as of its most recently reported quarter, ending March 31, 2007.

Table 12 Innovative Card Technologies, Inc. CONSOLIDATED STATEMENTS OF OPERATIONS Three months Three months ended ended March 31, March 31, 2007 2006 (Unaudited) (Unaudited)

Revenues $ 1,420 $ 250 Cost of Goods Sold — —

Gross Margin 1,420 250 Operating expenses Administrative 1,605,717 424,926 Consulting fees 21,250 21,250 Professional fees 363,523 182,379 Research and development 296,329 163,678

Total operating expenses 2,286,819 792,233

Loss from operations (2,285,399) (791,983)

Other income (expense) Interest income 79,540 24,011 Interest expense (148) (512)

Total other income (expense) 79,392 (768,484)

Loss before provision for income taxes (2,206,007) (768,484) Provision for income taxes (800) —

Net loss$ (2,206,807) $ (768,484)

Basic and diluted loss per share$ (0.08) $ (0.04) Weighted-average Common Shares outstanding 28,410,689 17,981,788

Source: Innovative Card Technologies, Inc.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 29

Table 13 Innovative Card Technologies, Inc. CONSOLIDATED BALANCE SHEETS

March 31, December 31, 2007 2006 (Unaudited) ASSETS CURRENT ASSETS Cash and cash equivalents$ 6,887,875 $ 8,270,096 Accounts receivable 24,381 14,836 Prepaids and other current assets 47,657 42,658 Deposits on raw materials held for production 1,151,212 1,199,453 Work in progress inventory 1,292,778 1,098,553 Total current assets 9,403,903 10,625,596 PROPERTY AND EQUIPMENT, NET 336,224 360,920 DEPOSITS 174,125 71,244 INTANGIBLE ASSETS, NET 3,490,375 3,666,343 Total assets$ 13,404,627 $ 14,724,103

LIABILITIES AND STOCKHOLDERS' EQUITY CURRENT LIABILITIES Accounts payable and accrued expenses$ 821,034 $ 460,162 Accounts payable - related parties 1,184,112 1,322,159 Short-term portion of capital lease 5,906 8,355 Deferred revenue 692,835 340,010 Total current liabilities 2,703,887 2,130,686

Total liabilities 2,703,887 2,130,686

STOCKHOLDERS' EQUITY Preferred Stock $0.001 par value, 5,000,000 shares Authorized, 0 (unaudited) and 0 shares issued and outstanding — — Common Stock $0.001 par value, 50,000,000 shares Authorized, 28,420,616 (unaudited) and 28,372,308 shares issued and outstanding 28,420 28,372 Additional paid-in capital 26,612,688 26,298,606 Accumulated deficit (15,940,368) (13,733,561) Total stockholders' equity 10,700,740 12,593,417 Total liabilities and stockholders' equity$ 13,404,627 $ 14,724,103

Source: Innovative Card Technologies, Inc.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 30

Table 14 Innovative Card Technologies, Inc. CONSOLIDATED STATEMENTS OF CASH FLOWS For the Three Months Ended March 31, 2007 2006 (Unaudited) (Unaudited) Cash flows from operating activities Net loss$ (2,206,807) $ (768,484) Adjustments to reconcile net loss to net cash used in operating activities Depreciation and amortization 220,643 24,360 Stock compensation expense 289,755 73,750 (Increase) decrease in Accounts receivable (9,545) 18,297 (Increase) decrease in Prepaid expenses and other current assets (4,999) (184) (Increase) decrease in Deposits on raw materials held for production 48,241 (23,400) (Increase) decrease in Raw materials held for production (194,225) (56,420) (Increase) decrease in Deposits, Rent, and other (102,881) — Increase (decrease) in Accounts payable and accrued expenses 360,872 13,215 Increase (decrease) in Accounts payable - related parties (138,047) 29,471 Increase (decrease) in Deferred revenue 352,825 (251) Net cash used in operating activities (1,384,168) (689,646) Cash flows from investing activities Purchase of Property and Equipment (19,979) (31,544) Net cash used in investing activities (19,979) (31,544) Cash flows from financing activities Proceeds from exercise of Warrants 24,375 50,000 Payments on capital lease (2,449) (2,264) Net cash provided by financing activities 21,926 47,736 Net decrease in cash and cash equivalents (1,382,221) (673,454) Cash and cash equivalents, beginning of year 8,270,096 3,277,532 Cash and cash equivalents, end of period$ 6,887,875 $ 2,604,078

Supplemental disclosures of cash flow information Interest paid $ 148 $ 512 Income tax paid$ 800 $ 800

Source: Innovative Card Technologies, Inc.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 31

Risks

Some of the information in this report relates to future events or future business and financial performance. Such statements can be only predictions and the actual events or results may differ from those discussed due to, among other things, the risks described in InCard’s Risk section on Forms 10- KSB, 10-QSB, 8-K, and other forms filed with the Securities and Exchange Commission (SEC) from time to time. The content of this report with respect to InCard has been compiled primarily from information available to the public and released by InCard through news releases and SEC filings. InCard is solely responsible for the accuracy of that information. Information about other companies has been prepared from publicly available documents and has not been independently verified by InCard. For more complete information about InCard, please refer to the Company’s website at www.incardtech.com.

The risks and uncertainties described below are not the only ones the Company faces. Additional risks and uncertainties not presently known or those it currently considers immaterial may also have an adverse effect on its business. If any of the matters discussed in the accompanying risk factors were to occur, InCard’s business, financial condition, results of operations, cash flows, or prospects could be materially adversely affected.

RISK FACTORS

InCard is an early stage company with an unproven business strategy. Its limited history of operations makes evaluation of its business and prospects difficult.

The Company’s business prospects are difficult to predict because of its limited operating history, early stage of development, and unproven business strategy. Since InCard’s incorporation on November 22, 2002, it has primarily been, and continues to be, involved in development of products using its Power Inlay Technology, and marketing these products to industry partners. In 1998, Mr. Alan Finkelstein commenced commercialization of the Company’s first product, the LensCard, and entered into license agreements with banks and credit card issuers, most of which have terminated. After discovering the possibility of placing power into an International Organization of Standardization (ISO)-compliant card, InCard began to focus its efforts on the development of its Power Inlay Technology and not on the marketing of the LensCard. For these reasons, the Company expects that future orders for the LensCard will be insignificant. Although management believes that InCard’s Power Inlay Technology and products under development have significant profit potential, the Company may not attain profitable operations and InCard’s management may not succeed in realizing its business objectives. Based on the size of the market for one-time passcode (OTP) tokens and related market research, management believes that demand for OTP technology to enhance the security of networks and online transactions, and specifically for the unique form factor of the ICT DisplayCard, will likely continue to grow and provide a climate conducive to adoption of the ICT DisplayCard.

The Company had an accumulated deficit of $13,733,561 as of December 31, 2006, and it may never achieve profitability.

InCard has incurred significant net losses every year since its inception, including net losses of $6,866,614 and $2,565,008 for the fiscal years ending December 31, 2006, and 2005, respectively. As of December 31, 2006, the Company had an accumulated deficit of $13,733,561. These losses have resulted principally from expenses incurred in InCard’s research and development (R&D) programs and general and administrative expenses. To date, the Company has not generated significant revenues. InCard intends to use capital raised in October 2005 and May 2006 to sustain operations through 2007. The Company anticipates that it will continue to incur substantial operating losses based on projected sales revenues less manufacturing, general and administrative, and other operating costs for an indefinite period of time. InCard expects that its current resources, including anticipated revenues, will likely be sufficient to sustain its operations through April 2008. However, InCard cannot assure an investor that it will ever be profitable.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 32

To be successful, the Company may require additional capital.

Assuming that InCard continues to operate at its existing cost structure, its current resources will be sufficient to fund operations through April 2008, assuming that the Company generates sales from the ICT DisplayCard with OTP during 2007. As InCard is in the early stage of manufacturing and has not sold substantial quantities of its products, it is unable to determine the amount of additional capital that the Company will need to become successful. InCard currently does not have any binding commitments for, or readily available sources of, additional financing. Unless the Company is able to generate significant sales from the ICT DisplayCard that covers the manufacturing costs and operating overhead, it will continue to incur net losses that exceed its revenue.

The Company depends on a limited number of suppliers, and it will be unable to manufacture or deliver its products if shipments from these suppliers stop, are late, or are otherwise interrupted.

InCard obtains the battery, a key component for its Power Inlay Technology, from a single source on a purchase order basis from Solicore, Inc. In the event of a disruption or discontinuation in supply, the Company could not obtain replacement batteries on a timely basis, which would disrupt its operations, delay production for up to six months, and impair its ability to manufacture and sell its products.

InCard obtains the display, a key component for the ICT DisplayCard, from a single source, SmartDisplayer, under a written agreement. In the event of a disruption or discontinuation in supply, the Company could not obtain replacement displays on a timely basis, which would disrupt its operations, delay production for up to six months, and impair its ability to manufacture and sell its ICT DisplayCard.

The Company assembles its ICT DisplayCard using a single source, NagraID, under a written agreement by issuing written purchase orders that InCard pays in advance. The Company believes that alternative sources for assembly in the event of a disruption would not be available on a timely basis, which would disrupt its operations, delay production for up to six months, and impair its ability to manufacture and sell its ICT DisplayCard.

InCard’s dependence upon outside suppliers exposes the Company to risks, including the following:

the possibility that InCard’s suppliers experience major disruptions in production, which is exacerbated by the fact that the Company is the major customer of its suppliers;

the solvency of the Company’s suppliers and the potential that its suppliers will be solely dependent upon InCard;

the potential inability of the Company’s suppliers to obtain required components or products;

reduced control over pricing, quality, and timely delivery, due to the difficulties in switching to alternative suppliers;

the potential delays and expenses of seeking alternative sources of suppliers; and

increases in prices of key components.

If the Company is not able to devote adequate resources to product development and commercialization, it may not be able to develop its products.

InCard’s business strategy is to develop and market new products that can enhance payment and other information-bearing plastic cards using its Power Inlay Technology. The Company believes that its revenue growth and profitability, if any, will substantially depend upon its ability to accomplish the following:

continue to fund R&D endeavors;

complete development of new products; and

successfully introduce and commercialize new products.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 33

Acquisitions could result in operating difficulties, dilution, and other harmful consequences.

InCard has no experience acquiring entire companies. The Company has evaluated and expects to continue to evaluate potential strategic transactions. Any of these transactions could be material to InCard’s financial condition and results of operations. In addition, the process of integrating an acquired company, business, or technology may create unforeseen operating difficulties and expenditures. The areas where the Company may face risks include the following:

difficulty in realizing the potential technological benefits of the transaction;

difficulty in integrating the technology, operations, or work force of the acquired business with InCard’s existing business;

retaining employees from the business that the Company acquires;

disruption of InCard’s ongoing business; and

difficulty in maintaining uniform standards, controls, procedures, and policies.

Foreign acquisitions involve unique risks in addition to those mentioned above, including those related to integration of operations across different cultures and languages, currency risks, and the particular economic, political, and regulatory risks associated with specific countries. In addition, future acquisitions or dispositions could result in potentially dilutive issuances of the Company’s equity securities, the incurrence of debt, contingent liabilities or amortization expenses, or write-offs of goodwill, any of which could harm the Company’s financial condition. Future acquisitions may require InCard to obtain additional equity or debt financing, which may not be available on favorable terms or at all.

Failure to adequately protect its proprietary rights by InCard or its suppliers could enable third parties to use its technology, or very similar technology, and could reduce the Company’s ability to compete in the market. Furthermore, any proprietary rights litigation could be time consuming and costly to prosecute and defend.

Establishment of patents and other proprietary rights by InCard and its suppliers is important to the Company’s success and its competitive position. Performance in the payment card industry can depend, among other factors, on patent protection. InCard’s policy is to identify patentable inventions developed by the Company, and to seek to acquire patent rights for such inventions. InCard mainly develops and patents technology in the fields of card enhancements and methods of card manufacturing. The Company seeks to obtain a reasonably broad territorial protection for its patented technologies. InCard usually files initial patent applications in the U.S., and subsequently files corresponding applications in foreign countries depending on the relevant circumstances. The Company may elect to forego patent protection for some of its proprietary technologies and treat such technologies as trade secrets.

Despite InCard’s efforts to establish and protect its patents, trade secrets, or other proprietary rights, unauthorized parties may attempt to copy aspects of the Company’s technology or to obtain and use information that InCard regards as proprietary. In addition, the laws of some foreign countries do not protect the Company’s proprietary rights to as great an extent as do the laws of the U.S. InCard’s means of establishing and protecting its proprietary rights may not be adequate and its competitors may independently develop similar technology, duplicate the Company’s products, or design around InCard’s patents or its other proprietary rights.

Due to the importance of proprietary technology in the payment card industry, the Company’s business involves a risk of overlap with third-party patents and subsequent litigation with competitors or patent holders. Any claims, with or without merit, could be time-consuming, result in costly litigation, or cause InCard to enter into licensing agreements.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 34

The Company depends on key personnel in a competitive market for skilled employees, and failure to retain and attract qualified personnel could substantially harm its business.

InCard relies to a substantial extent on the management, marketing, and product development skills of its key employees and consultants—particularly, John A. Ward, III, the Company’s Chief Executive Officer (CEO) and Chairman of its Board of Directors; Alan Finkelstein, InCard’s Co-Founder and President; Bennet P. Tchaikovsky, the Company’s Chief Financial Officer (CFO); Philippe Guillaud, who supervises software and firmware development of the ICT DisplayCard; and Craig Nelson, who supervises the manufacturing and testing of the ICT DisplayCard—to formulate and implement the Company’s business plan, including the development of its Power Inlay Technology. InCard’s success depends to a significant extent upon its ability to retain and attract key personnel. Competition for employees can be intense in the payment card industry, and the process of locating key personnel with the right combination of skills is often lengthy. The loss of the services of the Company’s key personnel may significantly delay or prevent the achievement of product development and could have a material adverse effect on InCard.

If the Company’s future products do not achieve a significant level of market acceptance, it is highly unlikely that the Company ever will become profitable.

To InCard’s knowledge, no enterprise or online banking token issuers have adopted power-based card enhancements to date using the Company’s Power Inlay Technology on a mass quantity basis. As a result, InCard’s ability to enable enterprise to improve and add card functionality, reduce attrition and increase acquisition rates, and enhance security and anti-fraud protection for customers through power- based card enhancements has yet to be proven. The commercial success of the Company’s future products will depend upon the adoption its Power Inlay Technology as a preferred method of applying card enhancements to payment cards. In order to be successful, InCard’s future products must meet the technical and cost requirements for card enhancements within the payment card industry. Market acceptance will depend on many factors, including the following:

the Company’s ability to convince prospective strategic partners and customers to adopt its products;

the willingness and ability of prospective strategic partners and customers to adopt InCard’s products; and

the Company’s ability to sell and service sufficient quantities of its products.

Because of these and other factors, InCard’s products may not achieve market acceptance. If the Company’s products do not achieve a significant level of market acceptance, demand for its future products will not develop as expected and it is highly unlikely that InCard ever will become profitable.

The Company has granted third parties substantial marketing rights to certain of its products and products under development. If the third parties are not successful in marketing InCard’s products, the Company may not be able to commercialize its products.

Some of the Company’s agreements with its corporate marketing partners contain no minimum purchase requirements in order for them to maintain their exclusive marketing rights. In the future, third-party marketing assistance may not be available on reasonable terms, if at all. If any of these events occur, InCard may not be able to commercialize its products, which could negatively impact its results of operations or substantially limit its ability to execute its business strategy.

The Company may experience customer concentration in the enterprise and online banking marketplace, which may expose it to all of the risks faced by InCard’s potential material customers.

Until and unless the Company secures multiple customer relationships in the enterprise and online banking marketplaces, it may experience periods during which it will be highly dependent on one or a limited number of customers. Dependence on a single or a few customers will make it difficult to satisfactorily negotiate attractive prices for InCard’s products and will expose the Company to the risk of substantial losses if a single dominant customer stops conducting business with InCard. Moreover, to the

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 35

extent that the Company may be dependent on any single customer, it could be subject to the risks faced by that customer to the extent that such risks impede the customer’s ability to stay in business and make timely payments to InCard.

The Power Inlay Technology has not been proven in full-scale production. Failure to develop the prototype scale into mass production may have a material negative effect on the Company’s business strategy and operations.

InCard’s Power Inlay Technology has been proven solely during the manufacture of cards in prototype quantities. The Company has developed an automated process in its laboratory and is now working on mass production. However, InCard’s product has yet to be proven to be manufactured in full-scale mass production. The Company is applying its own resources and is working in cooperation with other companies that have the specialized technical expertise related to the Power Inlay Technology for thin, flexible, non-payment cards. InCard expects to enter into agreements that will grant it ownership or exclusive license rights to the manufacturing process of the Power Inlay Technology for use in credit and other information-bearing plastic cards. Failure to secure or maintain exclusive rights or failure of the prototype technology to successfully transfer to full-scale production, without the use of proprietary technology of others, may have a material negative effect on the Company’s business strategy and operations.

InCard relies substantially on third-party manufacturers. The loss of any third-party manufacturer could limit the Company’s ability to launch its products in a timely manner, or at all.

To be successful, InCard must manufacture, or contract for the manufacture of, its future products in compliance with industry standards and on a timely basis, while maintaining product quality and acceptable manufacturing costs. As detailed above, the Company is working in cooperation with other companies that have the specialized technical expertise related to the manufacturing process of InCard’s Power Inlay Technology for the ICT DisplayCard. The Company also currently uses a limited number of sources for most of the supplies and services that it uses in the manufacturing of its Power Inlay Technology and prototypes. InCards manufacturing strategy presents the following risks:

delays in the quantities needed for product development could delay commercialization of products in development;

if the Company needs to change to other commercial manufacturers, any new manufacturer would have to be educated in, or develop substantially equivalent processes necessary for, the production of its products;

if market demand for InCard’s products increases suddenly, its current manufacturers may not be able to fulfill its commercial needs, which would require the Company to seek new manufacturing arrangements and could result in substantial delays in meeting market demand; and

InCard may not have intellectual property rights, or may have to share intellectual property rights, to any improvements in the manufacturing processes or new manufacturing processes for its products.

Any of these factors could delay commercialization of the Company’s products under development, entail higher costs, and result in InCard’s being unable to effectively sell its products.

RISKS RELATED TO INCARD’S SECURITIES

The application of the penny stock rules could adversely affect trading in InCard’s Common Stock.

As long as the trading price of InCard’s Common Stock is below $5.00 per share, the open-market trading of the Company’s Common Stock will be a “low-priced” security under the “penny stock” rules promulgated under the Securities Exchange Act of 1934. The “penny stock” rules impose additional sales practice requirements on broker-dealers who sell securities to persons other than established customers and accredited investors (generally those with assets in excess of $1,000,000 or annual income

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 36

exceeding $200,000 or $300,000 together with their spouse). In accordance with these rules, broker- dealers participating in transactions in low-priced securities must first deliver a risk disclosure document, which describes the risks associated with such stocks, the broker-dealer’s duties in selling the stock, the customer’s rights and remedies, and certain market and other information. Furthermore, the broker-dealer must make a suitability determination approving the customer for low-priced stock transactions based on the customer’s financial situation, investment experience, and objectives. Broker-dealers must also disclose these restrictions in writing to the customer, obtain specific written consent from the customer, and provide monthly account statements to the customer. The effect of these restrictions will probably decrease the willingness of broker-dealers to make a market in InCard’s Common Stock, decrease liquidity of the Company’s Common Stock, and increase transaction costs for sales and purchases of InCard’s Common Stock versus other securities.

Stockholders should be aware that, according to SEC Release No. 34-29093, the market for penny stocks has suffered in recent years from patterns of fraud and abuse. Such patterns include the following: (1) control of the market for the security by one or a few broker-dealers that are often related to the promoter or issuer; (2) manipulation of prices through prearranged matching of purchases and sales and false and misleading press releases; (3) boiler room practices involving high-pressure sales tactics and unrealistic price projections by inexperienced sales persons; (4) excessive and undisclosed bid-ask differential and markups by selling broker-dealers; and (5) the wholesale dumping of the same securities by promoters and broker-dealers after prices have been manipulated to a desired level, along with the resulting inevitable collapse of those prices and consequent investor losses. The Company’s management is aware of the abuses that have occurred historically in the penny stock market. Although InCard does not expect to be in a position to dictate the behavior of the market or of broker-dealers who participate in the market, management will strive within the confines of practical limitations to prevent the described patterns from being established with respect to the Company’s securities.

The National Association of Securities Dealers (NASD) sales practice requirements may also limit a stockholder’s ability to buy and sell the Company’s stock.

In addition to the “penny stock” rules described above, if InCard’s stock trades below $5.00 per share, the NASD has adopted rules that require that in recommending an investment to a customer, a broker-dealer must have reasonable grounds for believing that the investment is suitable for that customer. Prior to recommending speculative low-priced securities to their non-institutional customers, broker-dealers must make reasonable efforts to obtain information about the customer’s financial status, tax status, investment objectives, and other information. The NASD requirements make it more difficult for broker-dealers to recommend that their customers buy the Company’s Common Stock, which may limit an investor’s ability to buy and sell InCard’s stock and have an adverse effect on the market for the Company’s shares.

InCard does not anticipate paying any cash dividends in the foreseeable future, which may reduce an investor’s return on an investment in the Company’s Common Stock.

The Company plans to use all of its earnings, to the extent it has earnings, to fund its operations. InCard does not plan to pay any cash dividends in the foreseeable future. The Company cannot guarantee that it will, at any time, generate sufficient surplus cash that would be available for distribution as a dividend to the holders of its Common Stock. Therefore, any return on an investor’s investment would derive from an increase in the price of InCard’s stock, which may or may not occur.

Substantial future sales of InCard’s Common Stock in the public market may depress its stock price.

As of March 23, 2007, the Company had 28,420,616 shares of Common Stock outstanding. Of these shares, 25,584,169 can be traded pursuant to a prospectus or via a rule 144(k) transaction. Of InCard’s 4,627,098 Warrants outstanding, 4,525,223 have been registered and Common Stock issued on exercise can be sold pursuant to a prospectus. 2,351,000 shares issuable upon exercise of Options issued under the Company’s 2004 Stock Incentive Plan were registered as well.

If InCard’s stockholders sell substantial amounts of Common Stock in the public market, or the market perceives that such sales may occur, the market price of its Common Stock could fall. The sale of a large

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 37

number of shares could impair the Company’s ability to raise needed capital by depressing the price at which InCard could sell its Common Stock.

The Company may raise additional capital through a securities offering that could dilute an investor’s ownership interest and voting rights.

InCard’s certificate of incorporation currently authorizes its Board of Directors to issue up to 50,000,000 shares of Common Stock and 5,000,000 shares of Preferred Stock. As of March 26, 2007, after taking into consideration its outstanding Common and Preferred Shares, the Company’s Board of Directors was entitled to issue up to 21,579,384 additional Common Shares and 5,000,000 Preferred Shares. The power of the Board of Directors to issue these shares of Common Stock, Preferred Stock, Warrants, or Options to purchase shares of its stock is generally not subject to stockholder approval.

The Company may require additional working capital to fund its business. If InCard raises additional funds through the issuance of equity, equity-related, or convertible debt securities, these securities may have rights, preferences, or privileges senior to those of the holders of the Company’s Common Stock. The issuance of additional Common Stock or securities convertible into Common Stock by InCard’s Board of Directors will also have the effect of diluting the proportionate equity interest and voting power of holders of its Common Stock.

InCard is controlled by its principal stockholders, executive officers, and directors, and as a result, the trading price for the Company’s shares may be depressed, and these stockholders can take actions that may be adverse to an investor’s interests.

The Company’s principal stockholders, executive officers, and directors, in the aggregate, beneficially owned approximately 40.34% of InCard’s Common Stock, including Options held by each principal stockholder, executive officer, and director that were exercisable within 60 days of March 26, 2007. As of June 5, 2007, the Company’s insider ownership was approximately 37.40%. These stockholders, acting together, will have the ability to exert substantial influence over all matters requiring approval by the Company’s stockholders, including the election and removal of directors and any proposed merger, consolidation, or sale of all or substantially all of InCard’s assets. In addition, they could dictate the management of the Company’s business and affairs. This concentration of ownership could have the effect of delaying, deferring, or preventing a change in control, or impeding a merger, consolidation, takeover, or other business combination that could be favorable to an investor. This significant concentration of share ownership may also adversely affect the trading price for InCard’s Common Stock because investors may perceive disadvantages in owning stock in companies with controlling stockholders.

InCard’s incorporation documents and Delaware law may inhibit a takeover that stockholders consider favorable, and could also limit the market price of an investor’s stock, which may inhibit an attempt by the Company’s stockholders to change its direction or management.

InCard’s amended and restated certificate of incorporation and bylaws contain provisions that could delay or prevent a change in control of the Company. Some of these provisions are as follows:

authorize InCard’s Board of Directors to determine the rights, preferences, privileges, and restrictions granted to, or imposed upon, the Preferred Stock, and to fix the number of shares constituting any series and the designation of such series without further action by the Company’s stockholders;

prohibit stockholders from calling special meetings;

prohibit cumulative voting in the election of directors, which would otherwise allow less than a majority of stockholders to elect director candidates;

establish advance notice requirements for submitting nominations for election to the Board of Directors and for proposing matters that can be acted upon by stockholders at a meeting; and

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 38

prohibit stockholder action by written consent, requiring all stockholder actions to be taken at a meeting of InCard’s stockholders.

In addition, the Company is governed by the provisions of Section 203 of Delaware General Corporate Law. These provisions may prohibit large stockholders, in particular those owning 15% or more of InCard’s outstanding voting stock, from merging or combining with the Company, which may prevent or frustrate any attempt by InCard’s stockholders to change the Company’s management or the direction in which InCard is heading. These and other provisions in the Company’s amended and restated certificate of incorporation and bylaws and under Delaware law could reduce the price that investors might be willing to pay for shares of InCard’s Common Stock in the future, and result in the market price being lower than it would be without these provisions.

New rules, including those contained in and issued under the Sarbanes-Oxley Act of 2002, may make it difficult for InCard to retain or attract qualified officers and directors, which could adversely affect the management of its business and its ability to obtain or retain listing of the Company’s Common Stock.

InCard may be unable to attract and retain qualified officers, directors, and members of Board Committees required to provide for its effective management as a result of the recent and currently proposed changes in the rules and regulations that govern publicly held companies, including, but not limited to, certifications from executive officers and requirements for financial experts on the Board of Directors. The perceived increased personal risk associated with these recent changes may deter qualified individuals from accepting these roles. The enactment of the Sarbanes-Oxley Act of 2002 has resulted in the issuance of a series of new rules and regulations and the strengthening of existing rules and regulations by the SEC. Further, certain of these recent and proposed changes heighten the requirements for Board or Committee membership, particularly with respect to an individual’s independence from the corporation and level of experience in finance and accounting matters. The Company may have difficulty attracting and retaining directors with the requisite qualifications. If InCard is unable to attract and retain qualified officers and directors, the management of its business could be adversely affected.

InCard’s internal controls over financial reporting may not be effective, and its independent auditors may not be able to certify as to their effectiveness, which could have a significant and adverse effect on InCard’s business.

The Company is subject to various regulatory requirements, including the Sarbanes-Oxley Act of 2002. InCard, like all other public companies, must incur additional expenses and, to a lesser extent, diversion of its management’s time in its efforts to comply with Section 404 of the Sarbanes-Oxley Act of 2002 regarding internal controls over financial reporting. The Company has not evaluated its internal controls over financial reporting in order to allow management to report on, and its independent auditors to attest to, its internal controls over financial reporting, as required by Section 404 of the Sarbanes-Oxley Act of 2002 and the rules and regulations of the SEC, which InCard collectively refers to as Section 404. The Company has never performed the system and process evaluation and testing required in an effort to comply with the management assessment and auditor certification requirements of Section 404, which may initially apply to InCard as of December 31, 2006. The Company’s lack of familiarity with Section 404 may unduly divert management’s time and resources in executing the business plan. If, in the future, management identifies one or more material weaknesses, or InCard’s external auditors are unable to attest that its management’s report is fairly stated, or to express an opinion on the effectiveness of the Company’s internal controls, this could result in a loss of investor confidence in InCard’s financial reports, have an adverse effect on the Company’s stock price, or subject InCard to sanctions or investigation by regulatory authorities.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 39

Recent Events

05/29/2007—Innovative Card Technologies, Inc. announced that Ms. Sandra Peres joined the Company as Vice President of Sales for Latin America. Ms. Peres was a 16-year executive at Banco Bradesco, Brazil’s largest private bank. Her most recent position there was as Executive Superintendent of Research and Innovations, where she introduced the first one-time passcode (OTP) to Latin America; rolled out Bradesco’s online banking service (fifth in the world at the time); and developed and instituted many other technological advances.

05/14/2007—Announced a reseller agreement with Inteligensa Group, a leading card manufacturer in Latin America. Inteligensa is expected to pair InCard’s ICT DisplayCard with a third-party backend server to provide authentication solutions to its 150 to 200 client financial institutions. Further details of this agreement are on page 8.

05/08/2007—Announced that the Company received a letter from NASDAQ Listing Qualifications on May 1, 2007, stating that solely because of the resignation of Mr. Robert Sutcliffe from the Board of Directors, InCard is not currently in compliance with listing requirements. InCard must evidence compliance by October 23, 2007, and has commenced a search for a replacement Director.

05/01/2007—Announced a partnership with VeriSign, Inc., a leading provider of intelligent infrastructure services to protect electronic and voice transactions. The two companies are offering a layered security solution to protect consumer data during online banking sessions. VeriSign is to integrate the ICT DisplayCard into its VIP Authentication infrastructure. VeriSign is a provider of authentication services to over 500,000 websites: 93% of the Fortune 500, 40 of the largest banks, and 47 out of the top 50 e- commerce sites.

04/10/2007—Announced that Meritz Securities Co., Ltd. of Korea is conducting a test using the ICT DisplayCard to authenticate online trading and automated teller machine (ATM) transactions. The company is receiving its cards through Korea-based reseller Innet Co., Ltd. Meritz Securities is the first financial institution to publicly announce testing of the ICT DisplayCard. Meritz Securities handles $360 billion in transactions annually and has ATMs in 31 branches nationwide.

03/08/2007—Announced that InCard commenced trading on the NASDAQ Capital Market on March 9, 2007, under the symbol “INVC.”

12/12/2006—Announced that Messrs. Donald Killian, Scott Ogilvie, and Robert Sutcliffe were to serve as independent directors on the Company’s Board of Directors. The addition of three independent Board members increased the total Board membership to seven. With a majority of the Board independent, InCard applied for listing on the NASDAQ Capital Market.

11/20/2006—Signed a reseller agreement with IdentiPHI LLC, a leading provider of enterprise security solutions. Under the agreement terms, IdentiPHI is to resell the ICT DisplayCard to its customers. Headquartered in Austin, Texas, IdentiPHI is an innovative technology company offering a comprehensive suite of enterprise security solutions and consulting services. IdentiPHI provides tools that meet or exceed legislation requirements to strengthen identity management and authentication systems.

11/13/2006—Announced that InCard signed Innet Co., Ltd. as a Gold partner distributor. Innet has agreed to purchase 100,000 ICT DisplayCards for resale to financial institutions, as well as to information and physical access security providers. Innet focuses on internet infrastructure, network training, and new multimedia technologies.

11/02/2006—Announced that Mr. Wright joined the Company as Vice President of Sales. Mr. Wright was previously Vice President of Banking and Retail at Gemalto, a leader in digital security and the world’s largest provider of smart cards and services.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 40

08/23/2006—Announced that the Company has joined the Initiative for Open AuTHentication (OATH) as a coordinating member. OATH is the industry’s leading collaboration of device, platform, and application companies, and end-users of authentication technologies. OATH participants aim to foster use of strong authentication across networks, devices, and applications.

08/10/2006—Announced that the Chairman of the Board of Directors, Mr. John A. Ward, III, is assuming the responsibilities of CEO. Mr. Ward is replacing Founder Alan Finkelstein, who is to remain the Company’s President and Director.

06/29/2006—Announced that InCard has completed the OTP ICT DisplayCard assets acquisition from co-developer nCryptone. InCard now holds all rights, including 100% of revenues, relating to the OTP ICT DisplayCard. In exchange, French company nCryptone gains 4.5 million shares of the Company’s Common Stock and $1.0 million to be paid within one year after the close of the acquisition. Under the terms of the agreement, nCryptone is expected to resell InCard’s products as a channel partner. Additionally, InCard has agreed to purchase transitional services from the company and continue to receive the same level of support from nCryptone for a year from the date of the acquisition.

06/28/2006—Announced the closing of its previously announced purchase of nCryptone. The Company purchased all intellectual property relating to the ICT DisplayCard under the July 25, 2005, Joint Development Agreement with nCryptone, all nCryptone intellectual property relating to the ICT DisplayCard, all tangible assets relating to the ICT DisplayCard, and assumed select accounts payable directly allocable to the ICT DisplayCard.

06/19/2006—Announced the signing of an agreement with eMue Technologies of Australia. The agreement calls for InCard to develop a specialized version of its OTP ICT DisplayCard for the company. The combination of InCard’s ICT DisplayCard and eMue’s mutual authentication process provides a unique solution for end users: a multi-factor authentication product in the compact size and thin width of a credit card. Upon successful completion of the development agreement, InCard is expected to manufacture the specialized ICT DisplayCard exclusively for eMue.

05/30/2006—Announced the closing of an $11.3 million private equity financing. The Company issued 3,785,500 shares of Common Stock to a select group of institutional investors in the private placement for a price of $3.00 per share. T.R. Winston & Company acted as placement agent for the securities in this transaction. The $11.3 million is to be used to retain and extend global exclusivity agreements with strategic partners and vendors, research and develop new applications using the Company’s proprietary Power Inlay Technology, secure materials for ICT DisplayCard production, finance the Company’s acquisition of the ICT DisplayCard assets from nCryptone, and for general corporate purposes.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 41

Glossary

Algorithm—A finite set of unambiguous instructions performed in a prescribed sequence to achieve a goal, especially a mathematical rule or procedure used to compute a desired result. Algorithms are the basis for most computer programming.

Biometrics—The science of using biological properties to identify individuals (e.g., fingerprints, retina scan, and voice recognition). Also referred to as biometric identification.

Card Not Present—A transaction where the merchant does not have physical access to the card (e.g., telephone, mail order, and the internet).

Charge-Off—The balance on a credit obligation that a lender no longer expects to be repaid and writes off as a bad debt.

Digital Certificate—An electronic “credit card” that establishes one’s credentials when doing business or other transactions on the internet. It is issued by a certification authority (CA). It contains one’s name, a serial number, expiration dates, a copy of the certificate holder’s public key (used for encrypting and decrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is authentic.

Dual-Factor Authentication—A system that typically uses a passcode and some kind of hardware security device, such as a smart card or token that issues temporary passcodes.

EMV Chip—Europay-, MasterCard-, and Visa-compatible (or –approved) chip.

Fair and Accurate Credit Transactions Act (FACTA)—An act passed by Congress in December 2003 as an amendment to the Fair Credit Reporting Act. FACTA allows consumers to request and obtain a free credit report once every 12 months from each of the three nationwide consumer credit reporting companies (Equifax, Experian, and TransUnion). This act also contains provisions to help reduce identity theft, such as the ability for individuals to place alerts on their credit histories if identity theft is suspected or if deploying overseas in the military, thereby making fraudulent applications for credit more difficult.

False Negative—Test result implying a condition does not exist when in fact it does.

False Positive—Test result implying a condition exists when in fact it does not.

Federal Financial Institutions Examination Council (FFIEC)—An organization established by Congress in 1987 to coordinate and unify regulations, standards, and report forms among the five member federal agencies that regulate savings institutions, commercial banks, and credit unions: Office of Thrift Supervision (OTS), Office of the Comptroller of the Currency (OCC), Board of Governors of the Federal Reserve System (FRS), Federal Deposit Insurance Corporation (FDIC), and National Credit Union Administration (NCUA).

Form Factor—The physical size of a device as measured by outside dimensions.

International Organization for Standardization (ISO)—An international standard-setting body composed of representatives from national standards bodies. Founded on February 23, 1947, the organization produces worldwide industrial and commercial standards.

ISO 9001—Specifies requirements for a quality management system for any organization that needs to demonstrate its ability to consistently provide products that meet customer and applicable regulatory requirements, with the aim to enhance customer satisfaction. This certification is within the family of ISO 9000 certifications, and is very closely related. For further details, please visit www.iso.org.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 42

Key Fob—A small hardware device with built-in authentication mechanisms. Just as the keys held on a typical key chain or fob control access the owner’s home or car, the mechanisms in the key fob control access network services and information.

Loyalty Card—Usually a plastic card issued by a company to a customer that is used to record the frequency of the customer’s purchases and calculate resulting discounts, rewards, or allowances.

Magstripe—A magnetic stripe. It refers to a band of magnetic material on credit cards, transit fare cards, or identification cards to store information. The magnetic stripe is read by physical contact and swiping past a reading head.

Near Field Communication (NFC)—A short-range wireless technology mainly aimed at usage in mobile phones.

OTP Generator—A computational or physical device designed to generate a sequence of numbers (through the computations of an algorithm) that does not have any easily discernable pattern, so that the sequence can be treated as random.

Phishing—A type of fraud whereby a criminal attempts to trick their victim into accepting a false identity presented by the criminal. The common application of this approach is to send fake emails (email spoofing) to a victim purporting to come from a legitimate source and requesting information (such as a bank account number and passcode) or directing the victim to a fake internet website where this information can be captured (webpage spoofing).

Power Inlay Technology—A small, thin, and flexible inlay containing a battery, circuit, and switch.

Public Key Infrastructure (PKI)—Software that enables users of an unsecured public network, such as the internet, to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority.

Radio Frequency Identification (RFID)—An identification system that employs radio frequency transmissions to activate transponders contained in tags attached to objects. These transponders respond with identification of or information about the object.

Smart Card—A plastic card (of identical dimensions to a credit card) that has electronic logic embedded in it in the case of a stored data card, or a microprocessor in the case of cards with processing ability. Smartcards are commonly used to perform digital signatures, authenticate users for access control purposes, and encrypt or decrypt messages.

Spyware—Any software that covertly gathers user information through the user’s internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the internet. Once installed, the spyware monitors user activity on the internet and transmits that information in the background to someone else.

Strong Authentication—Refers to systems that require multiple factors to identify users when they access private networks and applications.

Tokens—A small hardware device that the owner carries to authorize access to a network service. The device may be in the form of a smart card or may be embedded in a commonly used object, such as a key fob.

Universal Serial Bus (USB) Plug-Ins—A hardware interface for low-speed peripherals, such as the keyboard, mouse, joystick, scanner, printer, and telephony devices.

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 43

Jeffrey J. Kraws and Karen B. Goldfarb Phone: (609) 306-2274 Fax: (609) 395-9339 Email: [email protected] Web: www.crystalra.com

Legal Notes and Disclosures: This report has been prepared by Innovative Card Technologies, Inc. (“InCard” or “the Company”) with the assistance of Crystal Research Associates, LLC (“CRA”) based upon information provided by the Company. CRA has not independently verified such information. In addition, CRA has been compensated by the Company in cash of thirty-five thousand dollars and one hundred thousand Options/Warrants for its services in creating this base report, for updates, and for printing costs.

Some of the information in this report relates to future events or future business and financial performance. Such statements constitute forward-looking information within the meaning of the Private Securities Litigation Act of 1995. Such statements can be only predictions and the actual events or results may differ from those discussed due to, among other things, the risks described in Innovative Card’s reports on 10-KSB, 10-QSB, 8-K, press releases, and other forms filed from time to time. The content of this report with respect to InCard has been compiled primarily from information available to the public released by InCard. InCard is solely responsible for the accuracy of that information. Information as to other companies has been prepared from publicly available information and has not been independently verified by Innovative Card or CRA. For more complete information about InCard, the reader is directed to the Company’s website at www.incardtech.com. This report is published solely for information purposes and is not to be construed as an offer to sell or the solicitation of an offer to buy any security in any state. Past performance does not guarantee future performance. Free additional information about InCard and its public filings, as well as free copies of this report can, be obtained in either a paper or electronic format by calling (310) 312-0700. .

CRYSTAL RESEARCH ASSOCIATES, LLC EXECUTIVE INFORMATIONAL OVERVIEW® PAGE 44