p resentation to 6th cacr information security workshop november 10, 2000
TRANSCRIPT
Presentation to
6th CACRInformation Security
WorkshopNovember 10, 2000
Presentation to
6th CACRInformation Security
WorkshopNovember 10, 2000
PRIVACY PROTECTION
MADE SIMPLE: How technical design
can help you meet your commitment to
privacy in the marketplace
PRIVACY PROTECTION
MADE SIMPLE: How technical design
can help you meet your commitment to
privacy in the marketplace
Who and What Is Mondex When & Where will it be
used How does the Mondex
Technology protect privacy of the individual
MONDEX e-cashMONDEX e-cash
An e-cash application on a MULTOS smart card chip
Lockable/re-loadable chip-to-chip Instant transfer of value No POS settlement
MONDEX -e-cashMONDEX -e-cash
Cash alternative Limited record on chip ‘real’ and ‘virtual’ applications Global /Multi-currency Entrè to smart card platform
ImplementationsImplementations
Guelph, Ontario - Sept 96 - December 98
Sherbrooke,Quebec - August 99 - and continuing
Mondex in SherbrookeMondex in Sherbrooke
Mondex e-cash/Interac debit/client combo card
Bishops University &Champlain College Student/Mondex combo card
$500 card load limit
Mondex in SherbrookeMondex in Sherbrooke
Physical world load/purchase
UPOS Internet load/purchase loyalty Community Access Program
Convenience Accessibility On chip record of
recent transactions Home load Internet purchases
CONSUMER
Reliable-Off line payment
Higher security Low transaction
cost Reduced cash
handling
MERCHANT
Strengthen customer relationships
New financial and commercial partnerships
FINANCIAL INSTITUTION
Future of Smart CardsFuture of Smart Cards
Multi-application cards Canadian chip migration
project for payments (Visa/MasterCard /Interac/Mondex)
7-10 year time-frame
Privacy and Smart Cards Privacy and Smart Cards
The reality of smart cards is the carriage of many application and the availability of a large volume of personal data that can be tied to an individual
How does Mondex Protect PrivacyHow does Mondex Protect Privacy
Principles protected:–Limits for collecting personal
information– limits for using, disclosing and
keeping personal information–keeping personal information
accurate– safeguarding personal
information
How does Mondex Protect PrivacyHow does Mondex Protect Privacy
Limits for collecting personal information
– loads from account–deposits into account– lost transactions
How does Mondex Protect PrivacyHow does Mondex Protect Privacy
Limits for using, disclosing and keeping personal information
– safeguard deposits– to re-imburse for non-
performance
How does Mondex Protect PrivacyHow does Mondex Protect Privacy
Keeping personal information accurate
– load and unload are online– rolling 10 transactions
provides exact spend and retailer name
How does Mondex Protect PrivacyHow does Mondex Protect Privacy
Safeguarding personal information
– firewalls in Multos - between applications - ITSEC 6 designation
– transaction data to retailer is deliberately limited
– individual transaction data is not collected by banks - Mondex is an unaudited system
SummarySummary The unique privacy features
of Mondex e-cash were a deliberate design
–unaudited– limited transaction
information to retailer – specific and limited
information collected by FI–accurate rolling record for
customer –firewalls between applications
Thank You______________
www.mondex.ca
Thank You______________
www.mondex.ca