Mondex USA Partners Look to Ambitious '97 Tests By VALERIE BLOCK The seven owners of Mondex USA have ambitious plans for 1997. Wells Fargo & Co. and AT&T Universal Card Services -- the two original stakeholders and now owners of 30% and 10%, respectively, of the smart card system -- are furthest along. Wells has issued 800 cards to employees; AT&T, 200; and both plan to expand the pilots next year. Chase Manhattan Corp., with a 20% stake in Mondex USA, had planned to begin testing MasterCard Cash on New York's Upper West Side by March, but its switch to Mondex will force a delay until the fourth quarter. Even so, Janet Hartung Crane, president and chief executive of the joint venture, said, "In 1998, we will roll out" nationally. Chase's pilot, with 50,000 cards and more than 500 merchants, would be by far the biggest. Speaking last week at the Bank Administration Institute's Retail Delivery '96 Conference, where Mondex USA was officially unveiled, Ms. Crane, a Wells Fargo senior vice president, said Wells would expand its San Francisco headquarters pilot in 1997. The bank also plans to test card usage on the Internet, look for a cobranding partner, and install the technology on a university campus. AT&T senior vice president Keith Kendrick said he expects to expand the test at his Jacksonville, Fla., headquarters in the second quarter, along with an Internet pilot, taking advantage of Mondex's ability to download value via smart phones. First Chicago NBD Corp., another 10% owner, will begin testing in the third or fourth quarter with 200 headquarters employees and 12 merchants. Dean Witter, Discover & Co. is "still formulating its plans," said William Simmons, executive vice president of its Novus Services unit. It is looking to get its feet wet on a university or corporate campus. Ironically, Discover is now in bed with MasterCard -- prospective majority owner of Mondex International as well as 10% owner of Mondex USA -- despite Discover's thorny relationship with banks. John R. Mannion, a Novus director, noted that all the Mondex USA partners are fierce competitors. Michigan National Bank -- owned by National Australia Bank, a Mondex global founder -- is planning a test at its headquarters beginning in late spring with a fraction of its 3, 000 employees. Still, winning over merchants and, thus, consumers may be difficult in the United States. The high-quality, low-cost telecommunications infrastructure that underpins magnetic-stripe card systems weakens the case for a costly conversion of point of sale terminals to smart cards. At a BAI seminar just after the Mondex announcement, where Michael J. Shade, vice president of Verifone Inc., and Fred J. Stephens, manager of technology for Shell Oil Co., discussed the migration to smart cards, one observer called them "a solution looking for a problem." Mr. Stephens said the investment, close to $60 million for his company, is hard to justify. While card executives argue that chip cards reduce cash-handling costs and transaction times, Mr. Stephens said it might require reduced interchange fees, personal identification numbers on credit cards to reduce fraud, and cost-sharing to tip the scales in smart cards' favor. Other types of merchants will have other high-priced demands. Visa U.S.A. and its partners in the Visa Cash rollout in Atlanta shared the lessons they had learned at the conference. Michael Love, a First Union Corp. vice president, said merchants are "interested in sales lift." As for the business case, "stored value can ride the railroad, but it will not pay for it," said Richard F. Shaffner, executive vice president at NationsBank Corp. Guardian (Manchester): Saturday, December 7, 1996 Surfing Superhighwaymen By David Gow And Richard Norton-Taylor Carlos Arario, head trader at the Argentinian firm, Invest Capital, picked up the phone and called company director, Roberto Barbosa. "You had better get down here," he said, "we've been raided." Barbosa stared with horror and disbelief at his screen in his Buenos Aires office. Some $ 200,000 had disappeared from his firm's account with Citibank, one of the world's biggest banks, overnight. "We were very, very surprised when we opened the cash management account. There were four wire transfers made out of that account without our authorisation and anonymously sent to four unknown destinations." Barbosa alerted Citibank executives at 111 Wall Street, New York. That was August 1994. For the rest of the year, Citibank's anxiety made its Argentine client's problems appear minor as its executives watched in panic while nearly 20 of their accounts - worth about $ 10 million - were plundered. Citibank's marketing department proudly offers the transfer of funds in any currency straight into a client's account "quickly, easily and cost-effectively" as part of its "wide range of international banking facilities". But the world's fifth-largest bank appeared to have been hoist by its own petard. A hastily-assembled "war-room" on Wall Street watched impotently as its clients' money flowed quickly and easily, and at no cost, into accounts in California, Latin America, Finland, Israel, and the Netherlands. According to US court indictments, Citibank accounts held by Indonesia's Bank Artha Graha, Argentina's Banco del Sud, and Invest Capital SA, were raided with tens of thousands of dollars assigned to accounts set up elsewhere. Citibank's war-room began a global detective hunt as they realised their bank was in danger of acquiring a new image as victim of the world's first grand larceny via cyberspace. Others who have hacked into computerised cash transfer systems were insiders. The hit on Citibank is presented in the US as an outside job. Superhighway Robbery, an Equinox programme to be broadcast on Channel 4 tomorrow night, suggests it was perpetrated by the Russian mafia exploiting the poverty and disenchantment of high-flying technocrats under post-Soviet capitalism. At the centre of a continuing Citibank-FBI investigation is Vladimir Levin, a 29-year-old Russian computer programmer and former biotechnology student from St Petersburg. He is accused by the US authorities of being the person who hacked into the bank's computers and carried out the attempted multi-million-dollar fraud from a laptop at the St Petersburg offices of AO Saturn. That is a shabby software and accountancy firm run by a group of mathematicians and scientists who were losing out on the Croesus-like wealth enjoyed by the entrepreneurial Russian nomenklatura and criminal elite. "The salary at the Institute (St Petersburg's Technological Institute) I was receiving was very low and I was too ashamed to ask for money from my parents," says Levin in an exclusive interview. Computers, he says, were "one of the symbols of perestroika. Unfortunately, since perestroika there was so little money being given to research and science a lot of scientists left Russia and went to other countries where money was more available." Citibank's war-room traced an unauthorised money transfer -- allegedly the result of Levin's hacking -- to banks in Switzerland and St Petersburg. But the saga did not end there. Evgueni Korolkov -- a Russian who moved to the US for a better life -- set up two Californian companies, Shore Co and Primorye. His wife, Ekaterina Korolkova, opened personal accounts at the San Francisco branches of the Sumitomo, Pacific Union, Great Western, and Wells Fargo banks as a conduit for cash from unauthorised Citibank transfers. In August 1994, Ekaterina Korolkova was arrested by FBI agents as she tried to withdraw stolen money from one of her accounts which, they had discovered, was the destination of some of the Argentinian money. She agreed to co-operate with the FBI who persuaded her to enlist her husband, a former employee of AO Saturn, to help track down the perpetrators. The FBI told him they would treat him and his wife leniently if he played ball and gave the name of the hacker. He pointed the finger at Levin. Desperate to find hard evidence linking Levin to the crime, the FBI also contacted the Russian police. An official St Petersburg Special Branch video of what it claims to be the contents of AO Saturn's office shows computers, guns and Levin's passport. Meanwhile, Russian mules -- charged with picking up stolen money from foreign accounts -- were arrested elsewhere as Citibank managed to recover a little over half the $ 10 million loss it initially feared. Among them was Vladimir Voronin, who was arrested in the Netherlands where he was about to collect $ 1 million from Rotterdam's ABN AMRO bank. "It was not because I liked to do it, I had to do it," he says. He was extradited to the US where he pleaded guilty; in return he agreed go cooperate with the investigation. Tomorrow night's programme reveals that, around a year before the alleged Levin conspiracy was plotted, another hacker -- known only as Megazoid -- was the first Russian to break into Citibank's computers. Megazoid, a mathematical wizard obsessed with computers, remains anonymous for fear of criminal gangs anxious to acquire his skills, which he claims enabled him to navigate the Citibank network undetected for months, penetrating secret files, using a computer and modem he bought for $ 10 and a bottle of vodka. But he also claims to know the origin of the attempted $ 10 million-dollar scam. Megazoid, it is alleged, did not work alone. One of his fellow hackers, a regular surfer on the Internet, got drunk and depressed one night -- and sold the secrets of how to break into Citibank for $ 100 and two bottles of vodka. The buyers are said to be the mafia who allegedly used AO Saturn and, claims Janet Reno, the US Attorney General, in a formal extradition request, Vladimir Levin. On March 3 last year, Levin was arrested at Stansted airport. Levin, who proclaims his innocence, has spent the past 21 months in Brixton prison, and yesterday he won a provisional right to appeal to the House of Lords against extradition to the US. He has told his lawyers, who are seeking his return to Russia: "I have never committed any crimes and I do not wish to be sent to America, a country to which I have never been, where I have no home, no relatives, no friends and no money with which to defend myself. I consider my detention here in England to be both illegal and a breach of human rights." The significance of the alleged conspiracy, with some of the players tried and convicted, some released, others on the run and yet more unknown, goes beyond the issue prompted by Megazoid's "career". It highlights the vulnerability of financial institutions' computer systems. Mike McKenna, former Citibank vice-president in charge of technology, talks openly of "years of neglect" during which the bank amassed 10,000 employees in technological services, 1,500 consultants, and, most tellingly of all, 3,400 subsidiaries in almost 100 countries. And, he relates, virtually each daughter-firm, certainly each country, had its own protocol for accessing the network. Five years ago there were 200 home-grown protocols, what he describes as "an orchestra with many people with different violins playing different tunes", rather than a full-scale symphony in which strings, horns and percussion talk to each other. The Bank for International Settlements, Bank of England, and Bundesbank have recently issued warnings about the threat posed by electronic money and open-access computer-networks like the Internet bulletin boards. There is even talk of "off-planet" banking -- banks on Saturn and Jupiter reached by satellite. "These transfers can take place from anywhere," Dietrich Snell, a New York attorney told one of the many US court hearings on the Levin case. "You have the right user ID and the right password and the right computer equipment, the hardware, and so long as you know what you're doing on the computer, you can get into the system literally anywhere." Says Bill Marlow, a banking security consultant: "Let's put it in perspective - the average bank robbery nets you $ 1,900, gets prosecuted 82 per cent of the time and you could get shot. With a computer you see $ 250,000 and get prosecuted less than 2 per cent of the time . . . these figures are staggering. It's safer to go and buy a computer than a gun." Citibank said in a statement last night that it had lost less than $ 400,000 in the scam. "No customers have lost any money," it said, adding that the accounts that were hacked into were not encoded. It has installed an access control system, Des-cards, which uses passwords altered after each time they are used. "Citibank," the statement said, "is a leader in the financial services industry in fraud prevention." American Banker: Tuesday, December 10, 1996 Microsoft Shows It's Catching On and Catching Up By DREW CLARK A year after chairman Bill Gates set out to mend fences with the banking community, Microsoft Corp.'s transformation into a bank ally looked virtually complete at last week's Retail Delivery conference. Through product giveaways, educational efforts, and old-fashioned public relations, Microsoft established its bona fides more convincingly than ever at the Bank Administration Institute conference. And there was evidence that Microsoft is gaining where it really counts -- in the marketplace -through growth in such areas as the NT operating system and Money personal finance software. Microsoft Money appears to be making up ground in the business dominated by Intuit Inc.'s Quicken. One indication was a survey of personal-computer users by Atlanta-based Synergistics Research Corp., showing 13% use Money. Quicken still had a commanding 59%. There was additional, anecdotal evidence of Money's gains. In the three weeks that Community Credit Union in Plano, Tex., has been offering both Money and Quicken, Money downloaders are outnumbering Quicken users two-to- one. Through some partner companies, Microsoft also showed how its computer language, Active-X, could be used to get bank Web pages to function like personal financial software managers. "The Internet provides the opportunity to do exactly what financial institutions have wanted to do for a long time - to get customers to go directly to them," said Lewis Levin, general manager of Microsoft's desktop finance division. "We live and breathe the Web," added Money product manager Matthew Cone. "Bill (Gates) outlined the vision" at last year's Retail Delivery conference, he said. "This year, Microsoft is helping banks build on the Web." Last year's remarks by Mr. Gates came only months after bankers interpreted Microsoft's attempted acquisition of Intuit as a threat. Mr. Gates apologized for what he said was a quotation taken out of context -- that banks are dinosaurs -- and proceeded to say Microsoft is bankers' friend. This year, banks are buying Windows NT over its competitors by a 6-to-1 margin, Microsoft officials said. When demonstrating Internet-related products last week, vendors invariably used Microsoft's Internet browser, Explorer. And Microsoft placed booths throughout the Dallas convention center providing unlimited access to the Internet -- through Explorer, of course. To be sure, Microsoft still faces stiff competition in many areas, including its attempt to set financial data standards with the Open Financial Connectivity protocol it unveiled in March. Others looking to establish similar standards include the Integrion Financial Network (Gold), Visa Interactive (Access Device Messaging Standard), and Intuit (Open Exchange). Representatives from Integrion, Microsoft, and Intuit appeared on stage with panelists from Checkfree Corp. and Security First Technologies in a session dubbed "The Great Debate." The participants generally agreed that their respective standards needed to become interchangeable for on-line consumers to be best served. Some questioned whether Microsoft was geared for such a cooperative effort. In last Wednesday's conference-opening speech, Sun Microsystems Inc. chief executive officer Scott McNealy mocked Mr. Gates as Big Brother. Mr. McNealy touted Sun's Java computer language, citing its ability to operate with a wide variety of computer platforms, including Microsoft Windows, Apple Macintosh, and Unix. But in the exhibition booths, more systems were written in Active-X than in Java. Microsoft collaborators -- such as Vertigo Development Corp., Checkfree Corp., Block Financial Corp., and Ultradata Corp. -- are using Active-X to develop what they promise will be the next generation of banking Web sites. But there were signs that the combat is far from over. During the debate, an audience member asked the panelists which electronic banking technology each uses. Security First Technologies chief executive officer Michael McChesney said he uses a sister company, Security First Network Bank. Microsoft's Mr. Levin said he uses Money. But Quicken still took 60%: Intuit executive vice president William H. Harris, Checkfree's Ken Benvenuto, and Integrion's William M. Fenimore Jr. "We use Quicken, and it has improved our quality of life," said Mr. Fenimore. Financial Times: Tuesday, December 10, 1996 New Smart Card to Be Tried in Russia By George Graham LONDON -- Russian bank customers will be the guinea pigs next year for a new type of smart payment card that could become the standard for emerging markets with inadequate phone networks and weak payments systems. The new Visa card uses a built-in microchip to provide verification in shops and outlets where telephone authorisation is impossible or too expensive. Unlike so-called electronic purses, however, the card is loaded not with money but with a credit limit. Trials will begin in the second quarter of next year by Inkombank, one of Russia's largest commercial banks. Sberbank, which has already issued some smart cards, is also expected to transfer to the pre-authorised system. Ms Anne Cobb, Visa International's president for central and eastern Europe, the Middle East and Africa, said the card provided a way round the infrastructure problems in many countries such as Russia. "If we succeed in Russia, then we will have proved this is the product we need in emerging markets," she said. The card is based on technology developed in South Africa, which, like Russia, has gaps in its telecoms infrastructure. Banks in many countries with still evolving financial systems are often reluctant to issue credit cards, because they do not have enough data on their customers' creditworthiness to judge the risks accurately. But debit cards only work if the telephone network is extensive and cheap enough to allow every transaction to be authorised by the bank's central computer. For small transactions, Visa and its rival MasterCard, along with a number of national payments groups, are developing electronic purses such as the Mondex card. These are loaded with money from a bank account and used instead of cash in shops or machines. But customers are reluctant to load large sums on to them because in many cases they distrust the banks and because if they lose the card they lose the money. The new Chip Off-Line Pre-Authorised Card system to be launched by Visa in Russia is a close cousin of the electronic purse. However, the bank is safe, because it holds the money customers have loaded on to their cards, and customers are safe, because they can still get that money back if they lose the card. Spending limits and personal code numbers are held on the card's microchip, so they can be checked by retailers without a telephone call to a bank computer. Washington Post: Monday, December 9, 1996 Transaction Network Services Faster Than a Speeding Cashier . . . By David S. Hilzenrath If you use a credit card reader in the self-service lane at the gas station, there's a good chance a Reston company called Transaction Network Services Inc. is helping to speed you on your way. Though it's virtually invisible to consumers and retailers alike, Transaction Network Services and companies like it have changed the way people buy things like a tank of gasoline, a bag of groceries or a movie ticket. The company provides a telecommunications network of leased lines that link the credit card terminal to companies that process credit card transactions for banks and other card issuers. By cutting the time and cost required to authorize these transactions electronically, Transaction Network Services and its competitors have helped make plastic the coin of many realms where paper once reigned supreme. "What we've managed to do is reduce the time of a credit card transaction to about the same amount of time it would take the cashier to do a cash transaction," spokesman Karen Kazmark said. Transaction Network Services claims that it is biggest and fastest in the business, but company officials concede that they know of no authoritative data to prove so. This niche accounts for such a small percentage of revenue for rivals Sprint Corp. and AT&T Corp. that they disclose few if any details about it. At the company's largest client, First Data Corp., Vice President George Barby said he has not made a scientific comparison of different carriers' transaction speeds. In terms of reliability, "they're all relatively similar," Barby said. "I believe that in any given situation . . . that we're going to be as fast and as market competitive as any of the providers," said Bart Westberg, director of enterprise services for Sprint. It's a business in which price competition is measured in fractions of a penny: The company's average fee -- paid by the credit card processors -- was about 1.77 cents per transaction during the last quarter, down from 2.3 cents per transaction last year. But it all adds up. Transaction Network Services handles about 5.7 million transactions a day. The company, launched in 1990, capitalized on founder and chief executive John McDonnell Jr.'s idea of using a special type of local telephone service to connect to his network instead of the toll-free 800 lines that were widely used. Along with other innovations, McDonnell's approach cut transaction times by about half, to 9 or 10 seconds, when it debuted in 1991, McDonnell said. Since that time, the company's competitive advantage seems to have narrowed, as rivals such as ATT and Sprint have used a similar approach and as technological improvements have speeded up toll-free 800 service. The company has since diversified by using its network to help authorize food stamps and Medicaid eligibility in some states that automate those benefits. It also sees health insurance as a potential growth area as insurers increasingly automate their benefits systems, enabling doctors' offices to verify patients' coverage on the spot, McDonnell said. Transaction Network Services has developed a second line of business combating telephone fraud by checking calling cards against databases when people place credit card calls from certain pay phones. The company completes the check during the brief pause before the call is put through, remaining just as invisible to the consumer as it is in the retail arena. But that business has been challenged by the growth of prepaid calling card services and other services that use toll-free 800 numbers to "dial around" (bypass) Transaction Network Services' traditional clients, the pay phone operators. The company can't fight the trend, so it plans to join it by helping out in those services, McDonnell said. "We have to become a player in this dial-around business, because that's where this market's headed," he said. The company's revenue rose to $41.4 million last year from $11.5 million in 1993, making it one of the region's fastest-growing companies. Revenue for the first nine months of this year was $38.9 million, up 32 percent from $29.6 million a year earlier. The company earned $4.2 million during the first nine months of the year, up 30 percent from $3.3 million during the same period last year. However, Transaction Network Services sees the increase of its core business slowing. McDonnell said growth in the volume of merchant transactions the company handles will likely slow to 25 percent to 35 percent next year -- faster than the industry as a whole but not as fast as the 50 percent increase the company is logging this year. The company isn't projecting "any real growth" in the phone fraud control area next year, he added. So McDonnell is looking for fresh pastures to plow. "We really need to find a new business that we can create a new growth opportunity," he said. For expansion, the company is looking overseas, to develop network business in Europe. And it is also looking to Wall Street. McDonnell said he hopes to create a new network for brokerage firms and money managers. The network would help the financial firms exchange information about trades over data lines instead of by talking on the phone, he said. "That's the major domestic thing that we're working on." Many firms already are automated, but they rely on a patchwork quilt of networks. "We know that we're not going to just walk in and scoop this thing up," McDonnell said. Christopher Morstatt, a vice president at securities firm Salomon Brothers Inc., said Transaction Network Services' best prospect is to capture firms that are just automating communication functions rather than the larger firms that already are wired, though it could differentiate itself by offering greater privacy and security than existing services. "The reality is that this has been in production . . . for quite a while, and Jack is certainly new to the effort," Morstatt said.