SafeDebit is NYCE's answer to smart cards

The NYCE Corp. expects to launch its own technology for secure online shopping that it said will rival smart cards because it will use automated teller machine (ATM) networks, is cheaper for merchants and doesn't require member banks to install a single piece of software.

The Woodcliff, New Jersey-based electronic-payments network company plans to offer its SafeDebit cards to its more than 2,300 member banks, credit unions and other financial institutions this fall. The technology allows an online shopper to use a mini-compact disc that works on a standard CD-ROM drive to authenticate a purchase while on a merchant's Web site.

The software specification promises to save banks months of time that would otherwise be spent reconfiguring their Web servers and databases as some have done to accept emerging credit card technologies that allow secure online sales. It's also cheaper because NYCE is charging merchants lower basis points than its credit card competitors.

Merchants would still have to hire an application service provider to install the software to run the SafeDebit transactions.

"What we did was take the ATM infrastructure and planted it on the Internet, but at the same time we highly encrypted the [personal identification number]," said Jehan Humayun, strategic analysis manager at NYCE.

SafeDebit technology works by using a two-token system: a compact disc, and a password or PIN. When an online shopper is ready to pay for merchandise, he selects the SafeDebit icon that would prompt him to place the CD in the computer's drive. An applet would then ask for the user's PIN.

The merchant then retrieves the encrypted data on the card and the entire transaction goes to the payment processor, which routes it through the debit card network to the issuing bank. The bank then approves or disapproves the purchase based on the cardholder's account balance and sends that authorization back to the merchant through the same ATM network.

"We wanted zero to minimum infrastructure changes for banks. We wanted them to use legacy platforms. All the changes needed to support this transaction are being supported by payment or ATM processors that are already familiar with the technology," Humayun said. He added that a test transaction routed through three continents took less than 10 seconds over a T1 line.

Earlier this month, Foster City, California-based Visa International Inc. went public with its new technical specification to support payment authentication services for online credit card transactions worldwide.

Visa International's new 3-D Secure 1.0 allows Visa cardholders to make secure online purchases using digital certificate technology, but the service requires both banks and merchants to install software.

For Fleet Credit Services Inc. in Boston, installing the payment specification was an eight-month process that included adding Web servers both on-site and off-site for redundancy and backup capability. For merchants, it generally takes less than three weeks.

MasterCard International Inc. and American Express Co. have both released silicone-chip embedded smart card technology that can also encrypt online transaction data but requires the consumer and the merchant to installed a special card reader.

NYCE, which provides ATM and other financial services to financial institutions in the Northeast that boast approximately 45 million cardholders, said it plans to charge merchants 165 basis points and 10 cents for each online transaction (100 basis points are equal to 1 percent of the purchase price). By comparison, credit card companies charge from 185 to 300 basis points, according to Ken Kerr, an analyst at Gartner Inc. in Stamford, Connecticut.

Kerr said the single most limiting factor with SafeDebit is that it's a tool designed for Internet purchases only. To shop at brick-and-mortar stores, you need its counterpart, a debit card, "whereas a smart card can be used for Internet [shopping] and eventually for in-store purchases.

"The smart card is not very effective for either [purchasing methods] now, but at least it has that advantage," he continued.

SafeDebit also hasn't received backing from the nation's largest banks, as has Visa's payment authentication technology.

"The big thing is banks have to see there is demand for use of debit cards online," Kerr said.

While debit card use on the Internet is new, the cards are hugely popular among consumers in brick-and-mortar stores. Last year, there were 3.04 billion PIN debit transactions in the U.S., representing US$88.9 billion in point of sale purchases, according to the "Nilson Report," a newsletter on the credit industry.