Several of the papers listed on this page are in pdf format and require Acrobat reader.

The Future of PKI Public Key Infrastructures have lost their attractiveness as they have proved difficult to implement.  However public key systems do offer some unique advantages and are in fact being used increasingly widely.  My paper "The Future of PKI" (published in Smart Card News in November 2002) asks how organisations can benefit from using public key structures without the existence of a universal PKI. Chip and PIN The UK will be one of the first countries in the world to roll out EMV payment cards with offline PIN verification.  I am acting as the Technical and Operations Director of the Chip and PIN Programme, an independent organisation answerable to a Steering Committee consisting of equal numbers of banks and retailers.  In that capacity I am responsible not only for producing any UK-specific recommendations and guidelines for chip and PIN use, but also for resolving any technical and operational issues.  See www.chipandpin.co.uk for further details. Low-value cross-border payments In December 2001 the European Parliament published a Regulation requiring banks to charge no more for retail cross-border euro transactions than for domestic transactions.  This poses a challenge to banks and payment schemes, whose current structures impose high costs.  There are several ways in which the technical and commercial issues can be resolved, and I have been involved in at least two alternative solutions.  My paper in ePSO Newsletter no. 14 addresses the issues and considers what schemes may emerge to meet the requirements. Adding Value to EMV Although some banks (mostly in the USA) still dispute the business case for the move to EMV, careful modelling now shows a strong case for issuers in many countries immediately, and in the remaining countries once the first wave has migrated.  Fraud savings are not the only source of benefits: there are direct operational savings and risk management gains also.  For acquirers and merchants, however, the case is much less compelling, and depends on either a firm belief in the added-value opportunities or an incentive programme funded by issuers.  This programme can take many forms, and I have modelled several of these in order to recommend programmes best adapted to different national markets. There are also many opportunities open to issuers, acquirers and processors to provide added value services using the EMV infrastructure.  See "Extracting Maximum Value" (November 2001) EMV transaction times Many retailers, particularly larger retailers with integrated systems, have been concerned that transaction times would be significantly longer with EMV chip cards than with magnetic stripe cards.  Whereas it is true that the processes are more complex, and some additional time is probably inevitable in the short term, we have identified the steps that banks and retailers should take to keep this additional time within acceptable bounds, and to benefit from faster transaction times for PIN-based and offline transactions.  This piece of work appeared to remove the last technical barrier to acceptance of chip cards by major retailers in the UK. The paper is available to qualified parties - please email me if you are interested. Person-to-person (P2P) payments There is a strong trend towards making Internet purchasing a more "inclusive" process by providing mechanisms for more people to pay online for more types of goods and transactions.  Some of the most difficult areas are auction sales, micropayments, sales through mobile phones and overseas cash remittances.  All of these can readily be addressed by a form of server-based account system in which most transactions do not pass through a conventional clearing system.  There are, however, many pitfalls in seeking to set up such a system, not least the need to meet banking and money-laundering regulations in the relevant countries.  I have advised several schemes in this regard. E-commerce payment Businesses are constantly being advised to make their websites "transactional" - to allow people to purchase from them.  In practice, this is not easy - only a minority of adults in Europe has a credit card, and there are no standard methods for accepting debit cards on an international basis.  The under-18s are even less well served, although many have a bank account and they are an attractive target for many websites.  I am advising many merchants and services on acceptance of different card types, bank giro credits and other forms of payment, on an international scale.  See "Internet Payments"  (September 2000) E-commerce fraud Although many companies are excited by the growth and potential of e-commerce, banks and card schemes are concerned about the high levels of disputed transactions.  I have made a study of the categories and causes of these disputes, and am able to make recommendations as to the steps merchants, issuers and acquirers should take in order to minimise the risks and costs to them. "Top-ups" for mobile telephones Pre-paid telephones now account for over 70% of new GSM subscriptions; the success of this new model has surprised the networks and offers opportunities for retailers.  The "scratch card" form of payment is inefficient and many service operators are now seeking to move to direct activation, through retail terminals or websites.  I have designed systems to accommodate several of the business models and technologies now coming on to the market.  See "Pre-paid Mobile Phones - Electronic Top-ups Taking Off" (July 2000) Retailer smart card terminals Every organisation which accepts credit or debit cards in the UK needs to know how the move to chip cards will affect it.  Most large card acceptors use networks and software to process their transactions, whereas most of the solutions proposed for chip cards make use of stand-alone terminals.  I have been closely involved with the British Retail Consortium's efforts to agree a co-ordinated approach to these issues, and acted as Project Manager for the second phase of this work.  The project started by outlining the business, operational, and functional requirements for chip in distributed retail environments, particularly but not limited to EMV credit/debit.  We went on to define a generalised architecture for implementation of these functions, and the interfaces and testing techniques which could be employed.  Specific account was taken in this work of the requirements of the mandatory standards in this area, and of the opportunities afforded by open and semi-open standards such as JavaCard and Visa Open Platform. The British Retail Consortium's discussion paper on this subject is available on this website. Click here to view this paper in HTML format or here to view / download in pdf format (417 kB). Phase 2 of this project was completed in October 1998. Click here to view / download (pdf format: requires Acrobat reader) Electronic purses:  interoperability and business case Although electronic purses such as Mondex and Visa Cash are no longer in favour in most countries, they undoubtedly have a role to play in the development of payment systems, and in the right environment could be profitable.  I have modelled several types of payment system, and am familiar with most of the schemes in use world-wide.  For an organisation considering issuing electronic purses or operating such a scheme, I am able to advise on the characteristics and technologies appropriate to the requirement.  For acceptors and acquirers, interoperability is the key issue, and this is also a subject which I have studied in some depth. See "Electronic Purse Interoperability" June 1998 (pdf format: requires Acrobat Reader) See "The Business Case for Stored Value" February 1999 (pdf format: requires Acrobat Reader) See "Electronic purses - a new weapon for a new strategy"  June 1999 (pdf format: requires Acrobat Reader)