Presentation to

6th CACRInformation Security

WorkshopNovember 10, 2000

Presentation to

6th CACRInformation Security

WorkshopNovember 10, 2000

PRIVACY PROTECTION

MADE SIMPLE: How technical design

can help you meet your commitment to

privacy in the marketplace

PRIVACY PROTECTION

MADE SIMPLE: How technical design

can help you meet your commitment to

privacy in the marketplace

Who and What Is Mondex When & Where will it be

used How does the Mondex

Technology protect privacy of the individual

MONDEX e-cashMONDEX e-cash

An e-cash application on a MULTOS smart card chip

Lockable/re-loadable chip-to-chip Instant transfer of value No POS settlement

MONDEX -e-cashMONDEX -e-cash

Cash alternative Limited record on chip ‘real’ and ‘virtual’ applications Global /Multi-currency Entrè to smart card platform

ImplementationsImplementations

Guelph, Ontario - Sept 96 - December 98

Sherbrooke,Quebec - August 99 - and continuing

Mondex in SherbrookeMondex in Sherbrooke

Mondex e-cash/Interac debit/client combo card

Bishops University &Champlain College Student/Mondex combo card

$500 card load limit

Mondex in SherbrookeMondex in Sherbrooke

Physical world load/purchase

UPOS Internet load/purchase loyalty Community Access Program

Convenience Accessibility On chip record of

recent transactions Home load Internet purchases

CONSUMER

Reliable-Off line payment

Higher security Low transaction

cost Reduced cash

handling

MERCHANT

Strengthen customer relationships

New financial and commercial partnerships

FINANCIAL INSTITUTION

Future of Smart CardsFuture of Smart Cards

Multi-application cards Canadian chip migration

project for payments (Visa/MasterCard /Interac/Mondex)

7-10 year time-frame

Privacy and Smart Cards Privacy and Smart Cards

The reality of smart cards is the carriage of many application and the availability of a large volume of personal data that can be tied to an individual

How does Mondex Protect PrivacyHow does Mondex Protect Privacy

Principles protected:–Limits for collecting personal

information– limits for using, disclosing and

keeping personal information–keeping personal information

accurate– safeguarding personal

information

How does Mondex Protect PrivacyHow does Mondex Protect Privacy

Limits for collecting personal information

– loads from account–deposits into account– lost transactions

How does Mondex Protect PrivacyHow does Mondex Protect Privacy

Limits for using, disclosing and keeping personal information

– safeguard deposits– to re-imburse for non-

performance

How does Mondex Protect PrivacyHow does Mondex Protect Privacy

Keeping personal information accurate

– load and unload are online– rolling 10 transactions

provides exact spend and retailer name

How does Mondex Protect PrivacyHow does Mondex Protect Privacy

Safeguarding personal information

– firewalls in Multos - between applications - ITSEC 6 designation

– transaction data to retailer is deliberately limited

– individual transaction data is not collected by banks - Mondex is an unaudited system

SummarySummary The unique privacy features

of Mondex e-cash were a deliberate design

–unaudited– limited transaction

information to retailer – specific and limited

information collected by FI–accurate rolling record for

customer –firewalls between applications

Thank You______________

www.mondex.ca

Thank You______________

www.mondex.ca