Visa is setting a specification for multifunction Java smart cards based its Open Platform and Java Card standards, despite security concerns over the use of Java.
Visa will not be manufacturing the cards itself but expects banks to produce cards to be available to the public within 18 months. Philip Yen, senior vice president for chip platforms at Visa, said Java was chosen because of its capacity for distributed computing. He said card issuers would be able to port new functions, such as an electronic purse or loyalty scheme, on to cards already in circulation.
"Without using Java it could take up to a year for banks to provide cardholders with new functions," he said. "Using dynamic code capabilities on Java cards new functions can be distributed through the Web."
In addition, using Java would allow card vendors to create their own memory and chip specifications, while keeping the JVM (Java virtual machine) standard open, Yen said.
However, security problems make Visa Open Platform unsuitable for applications such as electronic cash, according to Duncan Brown, senior analyst at Ovum.
"Questions about security are far from being resolved on the Java card, which leads me to conclude that Java for electronic cash is not a viable solution," he warned. "I would rather use a proprietary system or Mondex's MultOS for Mastercard."
He said Visa's Open Platform was a paper specification that hardware vendors would interpret in different ways, meaning that an application written for one card would not run on another.
Julien Zuccarelli, marketing director for smart cards with Bull, said Java smart card technology would not be ready for public use until the end of 1999 because of difficulties with security. "The technology is there but it has to be tested and improved by all parties which could take one or two years," he explained.
Yen admitted there could be problems with security on the card but said they would be minimal. "With any financial system there can be security problems and chips on cards are no different," he said. "I believe this is the most secure device available to cardholders and banks."
The Java card specification is to be tested in pilot studies in Singapore and the United States over the next year.
Alphabet's health sciences division Verily have been messing with AI algorithms
North Korea's cyber attack capabilities are expanding fast - and turning their fire on a wider range of targets
IT security? We've heard of it, claim UK local authorities
Researchers claim first in race to manufacture a component able to host Majorana particles