Chip and PIN is the new, more secure way to pay with credit or debit cards in the UK. Instead of using your signature to verify payments, you will be asked to enter a four-digit Personal Identification Number (PIN) known only to you.

EXCEPT, IF YOU ARE OLD &/OR HAVE A BAD MEMORY - OR IF YOU ARE IN A SHOP WITH A NICE BIG QUEUE, pressing up against your back WITH PEOPLE SPYING ON YOU...OR A CAMERA strategically PLACED ABOVE THE TILL which CAN SEE YOU PUNCHING THE NUMBER IN - AND CAN TELL WHICH NUMBERS YOU ARE PUNCHING BECAUSE ALL NUMBER PADS HAVE THE SAME LAYOUT

The RFID Hacking Underground

They can steal your smartcard, lift your passport, jack your car, even clone the chip in your arm. And you won't feel a thing. 5 tales from the RFID-hacking underground.

By Annalee Newitz - Wired

James Van Bokkelen is about to be robbed. A wealthy software entrepreneur, Van Bokkelen will be the latest victim of some punk with a laptop. But this won't be an email scam or bank account hack. A skinny 23-year-old named Jonathan Westhues plans to use a cheap, homemade USB device to swipe the office key out of Van Bokkelen's back pocket.

"I just need to bump into James and get my hand within a few inches of him," Westhues says. We're shivering in the early spring air outside the offices of Sandstorm, the Internet security company Van Bokkelen runs north of Boston. As Van Bokkelen approaches from the parking lot, Westhues brushes past him. A coil of copper wire flashes briefly in Westhues' palm, then disappears.

Van Bokkelen enters the building, and Westhues returns to me. "Let's see if I've got his keys," he says, meaning the signal from Van Bokkelen's smartcard badge. The card contains an RFID sensor chip, which emits a short burst of radio waves when activated by the reader next to Sandstorm's door. If the signal translates into an authorized ID number, the door unlocks.

The coil in Westhues' hand is the antenna for the wallet-sized device he calls a cloner, which is currently shoved up his sleeve. The cloner can elicit, record, and mimic signals from smartcard RFID chips. Westhues takes out the device and, using a USB cable, connects it to his laptop and downloads the data from Van Bokkelen's card for processing. Then, satisfied that he has retrieved the code, Westhues switches the cloner from Record mode to Emit. We head to the locked door.

"Want me to let you in?" Westhues asks. I nod.

He waves the cloner's antenna in front of a black box attached to the wall. The single red LED blinks green. The lock clicks. We walk in and find Van Bokkelen waiting.

"See? I just broke into your office!" Westhues says gleefully. "It's so simple." Van Bokkelen, who arranged the robbery "just to see how it works," stares at the antenna in Westhues' hand. He knows that Westhues could have performed his wireless pickpocket maneuver and then returned with the cloner after hours. Westhues could have walked off with tens of thousands of dollars' worth of computer equipment - and possibly source code worth even more. Van Bokkelen mutters, "I always thought this might be a lousy security system."

RFID chips are everywhere - companies and labs use them as access keys, Prius owners use them to start their cars, and retail giants like Wal-Mart have deployed them as inventory tracking devices. Drug manufacturers like Pfizer rely on chips to track pharmaceuticals. The tags are also about to get a lot more personal: Next-gen US passports and credit cards will contain RFIDs, and the medical industry is exploring the use of implantable chips to manage patients. According to the RFID market analysis firm IDTechEx, the push for digital inventory tracking and personal ID systems will expand the current annual market for RFIDs from $2.7 billion to as much as $26 billion by 2016.

RFID technology dates back to World War II, when the British put radio transponders in Allied aircraft to help early radar system crews detect good guys from bad guys. The first chips were developed in research labs in the 1960s, and by the next decade the US government was using tags to electronically authorize trucks coming into Los Alamos National Laboratory and other secure facilities. Commercialized chips became widely available in the '80s, and RFID tags were being used to track difficult-to-manage property like farm animals and railroad cars. But over the last few years, the market for RFIDs has exploded, driven by advances in computer databases and declining chip prices. Now dozens of companies, from Motorola to Philips to Texas Instruments, manufacture the chips.

The tags work by broadcasting a few bits of information to specialized electronic readers. Most commercial RFID chips are passive emitters, which means they have no onboard battery: They send a signal only when a reader powers them with a squirt of electrons. Once juiced, these chips broadcast their signal indiscriminately within a certain range, usually a few inches to a few feet. Active emitter chips with internal power can send signals hundreds of feet; these are used in the automatic toll-paying devices (with names like FasTrak and

E-ZPass) that sit on car dashboards, pinging tollgates as autos whiz through.

For protection, RFID signals can be encrypted. The chips that will go into US passports, for example, will likely be coded to make it difficult for unauthorized readers to retrieve their onboard information (which will include a person's name, age, nationality, and photo). But most commercial RFID tags don't include security, which is expensive: A typical passive RFID chip costs about a quarter, whereas one with encryption capabilities runs about $5. It's just not cost-effective for your average office building to invest in secure chips.

This leaves most RFIDs vulnerable to cloning or - if the chip has a writable memory area, as many do - data tampering. Chips that track product shipments or expensive equipment, for example, often contain pricing and item information. These writable areas can be locked, but often they aren't, because the companies using RFIDs don't know how the chips work or because the data fields need to be updated frequently. Either way, these chips are open to hacking.

"The world of RFID is like the Internet in its early stages," says Ari Juels, research manager at the high tech security firm RSA Labs. "Nobody thought about building security features into the Internet in advance, and now we're paying for it in viruses and other attacks. We're likely to see the same thing with RFIDs."

David Molnar is a soft-spoken computer science graduate student who studies commercial uses for RFIDs at UC Berkeley. I meet him in a quiet branch of the Oakland Public Library, which, like many modern libraries, tracks most of its inventory with RFID tags glued inside the covers of its books. These tags, made by Libramation, contain several writable memory "pages" that store the books' barcodes and loan status.

Brushing a thatch of dark hair out of his eyes, Molnar explains that about a year ago he discovered he could destroy the data on the books' passive-emitting RFID tags by wandering the aisles with an off-the-shelf RFID reader-writer and his laptop. "I would never actually do something like that, of course," Molnar reassures me in a furtive whisper, as a nonbookish security guard watches us.

Our RFID-enabled checkout is indeed quite convenient. As we leave the library, we stop at a desk equipped with a monitor and arrange our selections, one at a time, face up on a metal plate. The titles instantly appear onscreen. We borrow four books in less than a minute without bothering the librarian, who is busy helping some kids with their homework.

Molnar takes the books to his office, where he uses a commercially available reader about the size and heft of a box of Altoids to scan the data from their RFID tags. The reader feeds the data to his computer, which is running software that Molnar ordered from RFID-maker Tagsys. As he waves the reader over a book's spine, ID numbers pop up on his monitor.

"I can definitely overwrite these tags," Molnar says. He finds an empty page in the RFID's memory and types "AB." When he scans the book again, we see the barcode with the letters "AB" next to it. (Molnar hastily erases the "AB," saying that he despises library vandalism.) He fumes at the Oakland library's failure to lock the writable area. "I could erase the barcodes and then lock the tags. The library would have to replace them all."

Frank Mussche, Libramation's president, acknowledges that the library's tags were left unlocked. "That's the recommended implementation of our tags," he says. "It makes it easier for libraries to change the data."

For the Oakland Public Library, vulnerability is just one more problem in a buggy system. "This was mostly a pilot program, and it was implemented poorly," says administrative librarian Jerry Garzon. "We've decided to move ahead without Libramation and RFIDs."

But hundreds of libraries have deployed the tags. According to Mussche, Libramation has sold 5 million RFID tags in a "convenient" unlocked state.

While it may be hard to imagine why someone other than a determined vandal would take the trouble to change library tags, there are other instances where the small hassle could be worth big bucks. Take the Future Store. Located in Rheinberg, Germany, the Future Store is the world's preeminent test bed of RFID-based retail shopping. All the items in this high tech supermarket have RFID price tags, which allow the store and individual product manufacturers - Gillette, Kraft, Procter & Gamble - to gather instant feedback on what's being bought. Meanwhile, shoppers can check out with a single flash of a reader. In July 2004, Wired hailed the store as the "supermarket of the future." A few months later, German security expert Lukas Grunwald hacked the chips.

Grunwald cowrote a program called RFDump, which let him access and alter price chips using a PDA (with an RFID reader) and a PC card antenna. With the store's permission, he and his colleagues strolled the aisles, downloading information from hundreds of sensors. They then showed how easily they could upload one chip's data onto another. "I could download the price of a cheap wine into RFDump," Grunwald says, "then cut and paste it onto the tag of an expensive bottle." The price-switching stunt drew media attention, but the Future Store still didn't lock its price tags. "What we do in the Future Store is purely a test," says the Future Store spokesperson Albrecht von Truchsess. "We don't expect that retailers will use RFID like this at the product level for at least 10 or 15 years." By then, Truchsess thinks, security will be worked out.

Today, Grunwald continues to pull even more-elaborate pranks with chips from the Future Store. "I was at a hotel that used smartcards, so I copied one and put the data into my computer," Grunwald says. "Then I used RFDump to upload the room key card data to the price chip on a box of cream cheese from the Future Store. And I opened my hotel room with the cream cheese!"

Aside from pranks, vandalism, and thievery, Grunwald has recently discovered another use for RFID chips: espionage. He programmed RFDump with the ability to place cookies on RFID tags the same way Web sites put cookies on browsers to track returning customers. With this, a stalker could, say, place a cookie on his target's E-ZPass, then return to it a few days later to see which toll plazas the car had crossed (and when). Private citizens and the government could likewise place cookies on library books to monitor who's checking them out.

In 1997, ExxonMobil equipped thousands of service stations with SpeedPass, which lets customers wave a small RFID device attached to a key chain in front of a pump to pay for gas. Seven years later, three graduate students - Steve Bono, Matthew Green, and Adam Stubblefield - ripped off a station in Baltimore. Using a laptop and a simple RFID broadcasting device, they tricked the system into letting them fill up for free.

The theft was concocted by Avi Rubin's computer science lab at Johns Hopkins University. Rubin's lab is best known for having found massive, hackable flaws in the code running on Diebold's widely adopted electronic voting machines in 2004. Working with RSA Labs manager Juels, the group figured out how to crack the RFID chip in ExxonMobil's SpeedPass.

Hacking the tag, which is made by Texas Instruments, is not as simple as breaking into Van Bokkelen's Sandstorm offices with a cloner. The radio signals in these chips, dubbed DST tags, are protected by an encryption cipher that only the chip and the reader can decode. Unfortunately, says Juels, "Texas Instruments used an untested cipher." The Johns Hopkins lab found that the code could be broken with what security geeks call a "brute-force attack," in which a special computer known as a cracker is used to try thousands of password combinations per second until it hits on the right one. Using a home-brewed cracker that cost a few hundred dollars, Juels and the Johns Hopkins team successfully performed a brute-force attack on TI's cipher in only 30 minutes. Compare that to the hundreds of years experts estimate it would take for today's computers to break the publicly available encryption tool SHA-1, which is used to secure credit card transactions on the Internet.

ExxonMobil isn't the only company that uses the Texas Instruments tags. The chips are also commonly used in vehicle security systems. If the reader in the car doesn't detect the chip embedded in the rubbery end of the key handle, the engine won't turn over. But disable the chip and the car can be hot-wired like any other.

Bill Allen, director of strategic alliances at Texas Instruments RFID Systems, says he met with the Johns Hopkins team and he isn't worried. "This research was purely academic," Allen says. Nevertheless, he adds, the chips the Johns Hopkins lab tested have already been phased out and replaced with ones that use 128-bit keys, along with stronger public encryption tools, such as SHA-1 and Triple DES.

Juels is now looking into the security of the new US passports, the first of which were issued to diplomats this March. Frank Moss, deputy assistant secretary of state for passport services, claims they are virtually hack-proof. "We've added to the cover an anti-skimming device that prevents anyone from reading the chip unless the passport is open," he says. Data on the chip is encrypted and can't be unlocked without a key printed in machine-readable text on the passport itself.

But Juels still sees problems. While he hasn't been able to work with an actual passport yet, he has studied the government's proposals carefully. "We believe the new US passport is probably vulnerable to a brute-force attack," he says. "The encryption keys in them will depend on passport numbers and birth dates. Because these have a certain degree of structure and guessability, we estimate that the effective key length is at most 52 bits. A special key-cracking machine could probably break a passport key of this length in 10 minutes."

I'm lying facedown on an examination table at UCLA Medical Center, my right arm extended at 90 degrees. Allan Pantuck, a young surgeon wearing running shoes with his lab coat, is inspecting an anesthetized area on the back of my upper arm. He holds up something that looks like a toy gun with a fat silver needle instead of a barrel.

I've decided to personally test-drive what is undoubtedly the most controversial use of RFIDs today - an implantable tag. VeriChip, the only company making FDA-approved tags, boasts on its Web site that "this ~always there' identification can't be lost, stolen, or duplicated." It sells the chips to hospitals as implantable medical ID tags and is starting to promote them as secure-access keys.

Pantuck pierces my skin with the gun, delivering a microchip and antenna combo the size of a grain of long rice. For the rest of my life, a small region on my right arm will emit binary signals that can be converted into a 16-digit number. When Pantuck scans my arm with the VeriChip reader - it looks sort of like the wand clerks use to read barcodes in checkout lines - I hear a quiet beep, and its tiny red LED display shows my ID number.

Three weeks later, I meet the smartcard-intercepting Westhues at a greasy spoon a few blocks from the MIT campus. He's sitting in the corner with a half-finished plate of onion rings, his long blond hair hanging in his face as he hunches over the cloner attached to his computer.

Because the VeriChip uses a frequency close to that of many smartcards, Westhues is pretty sure the cloner will work on my tag. Westhues waves his antenna over my arm and gets some weird readings. Then he presses it lightly against my skin, the way a digital-age pickpocket could in an elevator full of people. He stares at the green waveforms that appear on his computer screen. "Yes, that looks like we got a good reading," he says.

After a few seconds of fiddling, Westhues switches the cloner to Emit and aims its antenna at the reader. Beep! My ID number pops up on its screen. So much for implantable IDs being immune to theft. The whole process took 10 minutes. "If you extended the range of this cloner by boosting its power, you could strap it to your leg, and somebody passing the VeriChip reader over your arm would pick up the ID," Westhues says. "They'd never know they hadn't read it from your arm." Using a clone of my tag, as it were, Westhues could access anything the chip was linked to, such as my office door or my medical records.

John Proctor, VeriChip's director of communications, dismisses this problem. "VeriChip is an excellent security system, but it shouldn't be used as a stand-alone," he says. His recommendation: Have someone also check paper IDs.

But isn't the point of an implantable chip that authentication is automatic? "People should know what level of security they're getting when they inject something into their arm," he says with a half smile.

They should - but they don't. A few weeks after Westhues clones my chip, Cincinnati-based surveillance company CityWatcher announces a plan to implant employees with VeriChips. Sean Darks, the company's CEO, touts the chips as "just like a key card." Indeed.

Here Comes The Wallet Phone

By: John Boyd - spectrum.ieee.org

Japan's DoCoMo gets ready to put your money where your mouth is

NTT DoCoMo, Japan's largest cellphone system operator, best known worldwide for pioneering the wireless Internet in 1999 with its hugely successful i-mode system, looks to have another big winner on its hands. Having recast the cellular handset as an electronic wallet—in effect a prepaid wireless cash card—it's getting ready to make it a full-fledged wireless credit card.

DoCoMo is working with major travel and banking organizations to extend the reach of its e-wallet service. Meanwhile, its two main Japanese rivals, KDDI Corp. and Vodafone K.K., are introducing competing products. (All three companies are based in Tokyo.)

The critical element in DoCoMo's Osaifu-Keitai, or mobile wallet, is a wireless smart card chip, FeliCa (from the English word "felicity"), which was developed by Sony Corp. and Royal Philips Electronics for close proximity, low-data-rate transactions. The wallet phones can be used to make electronic purchases at stores or vending machines equipped with FeliCa readers; can act as boarding passes on certain domestic air flights; and can authorize entry through corporate security doors—all with a wave of the handset [see photo, "Wireless Shopping"].

Already, a year after DoCoMo introduced its first e-wallet, the company has shipped some 6 million of the handsets. "By the end of March 2006 we forecast DoCoMo will have shipped around 10 million mobile wallets," says Shohei Sakaguchi, executive director of DoCoMo's multimedia service department. "And by the end of 2006 we believe the figure will reach 15 million." In addition, he says, competing carriers could ship 5 million more handsets, for a total of some 20 million mobile wallets by the end of next year.

Sony's FeliCa chip originated as the active element in its contactless smart cards, introduced in 1995. They dominate the market for such devices in Japan and are widely used in Asia as commuter passes and for making e-purchases. As of June, Sony had distributed 82 million such chips, including 53 million in Japan, 16 million in Hong Kong, 10 million in Singapore, and 1.5 million in China.

By March, DoCoMo expects to ship around 10 million wallet phones. And by the end of 2006, it projects a figure of 15 million

In January 2004, Sony and DoCoMo formed a joint venture to adapt the chip for mobile phones. Besides supplying DoCoMo with the chip, the venture is also shipping mobile FeliCa integrated circuits to KDDI and Vodafone, which launched their own wallet phones in September and October, respectively.

Users with FeliCa phones who have registered for the e-wallet service can load money onto the phone's chip in two ways. They can feed cash directly into special machines found in convenience stores and other locations, or they can do it by phone, keying in a personal identification number and transferring cash from a credit-card account.

From a technical point of view, the FeliCa chip is part of a transponder system: it receives its power from the waves radiating from read/write devices it communicates with, so a battery is not required. The chip, based on radio-frequency identification (RFID) technology, operates at 13.56 megahertz over a distance of 10 centimeters, communicating at 212 kilobits per second. The communications protocol, called Near Field Communication, was developed by Sony and Philips and has been standardized under ISO/IEC procedures.

A pioneering user of FeliCa technology is East Japan Railway Co. (JR East), the country's largest rail company. Its Suica smart card is used both for e-purchases and as a commuter pass. Users simply flash the card as they go through turnstiles, and instantly the reader displays the cost of the journey and the amount of e-cash remaining on the card. JR East plans to extend the commuter service in January to wallet phones from DoCoMo and KDDI, and it is in discussions with Vodafone [see photo, "Showing Off"].

Mobile FeliCa application files and their data are managed separately in the wallet phone, and they each take up from 0.5 to 1 kilobyte. The number of applications is limited only by the amount of memory on the chip, which is currently 5 KB in DoCoMo's phones.

Mutual authentication between the chip and a reader/writer is based on a key encryption system made up of randomly generated numbers. Information such as transaction histories and account balances can be presented on the phone's display. And should the phone be lost or stolen, a subscriber can block transactions by calling the handset with a preregistered number or calling customer support to have the phone locked. The user can opt for a personal identification number to be entered before transactions are made, an important feature given that up to 50 000 yen (US $450) in e-cash can be stored.

Despite DoCoMo's impressive shipment figures, the actual number of people using the wallet part of the phone might not be so high. Some reports estimate that the number is as low as 550 000; DoCoMo's own figures are more optimistic.

"Some 20 to 30 percent of [the] total [number of owners] are registered to use their phones as wallets," says Sakaguchi, whose boss, Takeshi Natsuno, managing director of DoCoMo's multimedia services, played a major role in creating both i-mode and the i-mode FeliCa service.

To give subscribers more reasons to use their wallet phones, DoCoMo has asked a Sumitomo Mitsui banking group to help it develop its own credit-payment services. By the spring, DoCoMo plans to launch a plastic card in partnership with an international credit card company, and then in the first half of fiscal 2006 it anticipates including the service in its wallet phones.

DoCoMo hopes to help popularize the use of credit cards in a country that still relies mostly on hard cash for conducting everyday business. "Credit cards are usually used [in Japan] only to make large purchases," Sakaguchi says. "But with our service, users will be able to make purchases as small as 100 yen."

In July, DoCoMo teamed up with NTT Data and the rail company JR East to set up a joint venture aimed at covering the cost of installing equipment for companies and stores wanting to implement the Suica e-cash service. They expect their investment costs to be recouped by charging a commission on transactions.

As for introducing the technology overseas, DoCoMo is keeping silent on the subject. Since 2002, however, it has been working with a dozen mobile operators in Europe, Taiwan, and Israel to create local versions of i-mode. Vodafone, though it refrains from commenting on plans for its wallet-phone business, has subsidiaries and alliances in 28 countries across five continents, giving it ample opportunity to introduce an e-wallet service when the time is right.

French road test cashless city

A Caen-do attitude towards mobile services...

By Jo Best Story silicon.com - Published: Thursday 20 April 2006

The tourist city of Caen in Normandy is hosting a major European trial of the use of NFC (near field communication) - a mobile technology that can be used for anything from paying for groceries to finding out about your home town.

NFC is already being used extensively across London, although you might not know it: the Oyster card carried by millions of commuters every day is based on the contactless technology. By placing an NFC chip near a reader, up to a distance of a centimetre or two away, data can be transmitted to and from the chip. In the case of the Oyster card, permission to go through a barrier can be granted and a fee for travelling on the underground deducted.

But the Caen project has a more far-reaching use of NFC in mind, with residents now packing NFC-enabled mobiles to see if using the technology could catch on beyond public transport.

While NFC isn't new - Sony's FeliCa, a variant of NFC, is already big in Japan, where more than 100 million FeliCa chips have been shipped, more than a million of which are carried on mobiles - the Caen trial is one of the largest, both in terms of number of users and applications.

In an experiment involving companies including Orange and Philips and the town's mayor's office, Caen's citizens have been road testing the technology since late last year at a number of locations. Among them is an underground car park; the town hall; a bus stop which can transmit timetable information; a cinema poster which downloads video trailers to users' mobiles; a local supermarket, where people can pay for their groceries with a mobile phone, and a tourist information sign outside the historic Abbaye des Hommes. By touching the mobile against the 'Flytag' logo at each of these locations, users can pay for services or receive information straight to their phone.

The Abbaye is one of the more interesting showcases for the use of this technology - by placing the back of the phone against an NFC reader in the sign, information about the site is sent to the mobile by either an SMS or a phone call, functioning like a cheaper version of the audio guides found at many popular tourist attractions.

Laurent Duchelet, furniture restorer and self-confessed non-techie, is one of Caen's citizens taking part in the trial, using NFC every day when accessing a car park and every week to pay for his groceries. He told silicon.com: "There's a practical side [to NFC]. When I have my phone, I don't need to get out my cash, my card for the car park - and I can make phone calls. It's already normal for me." He added the only problem he has experienced with the technology is the need to remember to keep the phone's battery charged.

Duchelet is one of 200 people taking part in the trial, which is in its first phase. The second stage will see the number of participants increased to 400 or 500 individuals.

According to Luan Le, design manager of NFC at Philips, the feedback from the trial so far has been "very positive" and Philips expects the technology to get its commercial legs in 2007 or 2008. He said the most crucial element in the success or otherwise of NFC is the hardware - making sure phone makers are putting NFC models into the hands of users. "The five main manufacturers are in the process of trying out the technology," he added.

While Samsung may be one of the keenest - its D500 devices are being used in the trial - LG, Motorola, NEC, Nokia and Sony Ericsson are all members of the NFC Forum.

The issue of cost will also doubtless play a part in uptake, although the difference between NFC-enabled handsets and standard handsets was estimated to be $5 to $7, according to Deloitte and Touche in 2004. The question of whether the user will pay to use the service is also yet to be decided. Currently, all the services on offer in Caen are free although they could theoretically be chargeable depending on the service.

More than likely, it will be payment providers such as Visa, merchants and mobile operators that bear the financial brunt of implementing the services. The benefits for them? More services for customers which could cut churn for mobile operators, shops could get customers through the tills faster and payment providers will be keen to shift more small payments away from cash.

There's also the potential for new services. For example, while people might be unwilling to splash out for a full museum audio guide, they might be willing to spend a few pence every time they fancy picking up a titbit of information.

Pre-pay card to help 'unbanked'

By Chris A'Court - BBC NEWS Published: 2006/05/20 12:36:27 GMT

A new payment card aims to help the millions of people who cannot get a bank account or credit card.

It has been designed to allow more widespread access to buying over the phone or internet where prices are usually cheaper.

Although similar cards are already available this one is set to benefit charities too, but consumers need to watch charges closely.

The 360money card is the brainchild of a firm called PrePay Technologies and its chief executive Philippe Dufour told BBC Radio 4's Money Box virtually anyone can have it.

"There is no credit attached to this card so because of that we are not requiring a lot of information," he said. "We are requiring a name; a valid address that we can validate with our database and service providers, and we are working with the Post Office, Paypoint and Mastercard."

Applications for the card can be made online and when a customer receives their card they can take it to a post office or convenience shop with cash to charge it up, ready for spending online, by phone or in shops. Spending is strictly limited to the amount put on the card - like a mobile top-up - so it is impossible to overspend.

The spending limitations could also make it attractive to anyone who currently avoids shopping via the internet because of fears that thieves will steal credit card details.

Drawbacks

Among the drawbacks to the 360money card is a £1.50 charge for all cash machine withdrawals and a monthly management fee of £1.99. Plus buying anything with the card over the phone or internet incurs a two 2.5% fee each time, so for example, spending £50 triggers a fee of £1.25.

Philippe Dufour said his company has to recoup costs somehow and that percentage charging is not always a disadvantage. He pointed out that since internet goods prices are generally cheaper, that 2.5% fee may be fully offset if people calculate purchase prices carefully, when buying large electrical goods for example.

Several charities have already linked with the card, including Mencap and the Samaritans.

However, Anthony Langan from the Samaritans told the programme that he was still unsure exactly how much financial benefit would come to his organisation as a result. He said: "We now have affinity cards out there that are helping with charities and we have some connections with that. "We have to look at getting involved in these things and seeing where it takes us. If it doesn't work out we know that we can withdraw from these relationships."

360 Money says charities should get 25p from each new card account and a few pence from each transaction. And it said the target is to raise £2million for charities over two years.

A comparison between the UK and the US in 2002 may provide us with a clue as to what the UK market can expect although caution is necessary in order to distinguish between these markets, which in some respects are different. While the US is predominantly focused on high street retail distribution, the UK is estimated to be 60% high street over the counter (OTC) and 40% corporate incentives and promotions. Moreover, whilst the US population grew by more than 10% between 1997 and 2002, UK population growth is virtually non-existent. Since the US market moved from paper to plastic, all analyses and observations made by industry professionals have pointed to a common conclusion: plastic has boosted the gift card and gift certificate sales, which have grown at an impressive 370% since 1997, equivalent to a 30% CAGR*(3) . The US gift card and gift certificate industry*(4) almost quadrupled in 6 years, moving from $10.5bn in 1997 to an estimated $38bn in 2002. On a per capita basis both markets are comparable in terms of size and at a similar stage of development. In 1997, just before the industry started to shift from gift vouchers to gift cards, the 268m US citizens were spending $10.5bn*(5) (i.e. £7bn*(6)) while the 59m UK citizens spent £1.4bn ($2.1bn) in 2002*(7). This is a per capita of $39 for the US and $36 for the UK. Adjusted to a population of 290m Americans in 2002, this is an increase from $39 to $131, still a 330% growth between 1997 and 2002, a CAGR of 27%.

PrePay Technologies Ltd. is an international market leader in designing and delivering stored-value card solutions, including prepaid debit cards, retail gift cards, corporate incentive cards and insurance claim cards. MasterCard certified and FSA regulated, PrePay Technologies was also the first company in the UK to acquire an Electronic Money Licence to issue e-money across Europe. From our data centres in the UK, the company creates stored-value programmes and manages several million stored-value card accounts for large brands such as: Debenhams, Comet, the Arcadia Group (Top Shop, Top Man, Burton, Miss Selfridge, Outfit, Evans, Dorothy Perkins, Wallis), Laura Ashley, Western Union and the Grass Roots Group. PrePay Technologies is also the company behind Splash Plastic, a reloadable prepaid debit card targeted at the youth and unbanked markets. Since the programme was launched in 2001, more than 1 million cards have been issued. Robert Potts Chairman Previously CEO of Barclaycard and member of Barclays Group Executive Committee, Potts was also Chairman of the APACS Card Payments Group. He has held Board positions at MasterCard Europay UK Ltd, Visa EU and was a Director of Visa International and its Executive Committee. He also serves on the board of Goldfish. Philippe Dufour Chief Executive Officer Age 40, Philippe Dufour started his career in Australia and New Zealand where he worked as a Production Manager for Rhone-Poulenc (now Aventis). Back in France in 1990, Philippe joined Econocom, a company specialising in leasing large IT infrastructure. He developed an interest in the plastic card market, setting up, as a client, Gemplus, the worldwide leader in smart and plastic card manufacturing. In 1993 he moved into IT consulting services at Groupe Transiciel (now Cap Sogeti) where he developed a division specialising in smart card. He left France in 1996 to study his MBA at the London Business School where he continued developing his interest in the prepayment industry. In 1998 he joined The Parthenon Group, a US strategy Management Consulting firm in their London office. There he was involved in advising large blue chip companies on corporate strategy and conducted a project for the launch of a Chip based credit card in the US market. During his career his main clients have included IBM, Eurocopter, American Express, UPS, Gemplus, Thomson and McDonalds. He set up PrePay Technologies in 2000. Philippe Dufour holds an MBA from London Business School and an MSc. in Economics, University of Aix-Marseilles, France.

Today, we manage large-scale gift card and other major prepay transaction processing for all types of prepay products. To support us in providing a complete stored-value service, together with a range of products, PrePay Technologies have partnered with specialists in their respective fields. Our financial and industrial partners include:

Avantra builds upon the heritage, reliability and trust of LINK (the worlds busiest cash machine network) to deliver innovative and proven payments and processing solutions for acquirers and card issuers. Avantra provides tailored services in the UK and around the world; local and global solutions for today's connected payments markets.

PayPoint is the UK's leading branded national network for collecting payments 'over the counter'. There are already over 13,000 PayPoint outlets located in newsagents, convenience stores, supermarkets, forecourts and off-licences across the UK. Alphyra develop and deliver electronic transaction products, systems and solutions across multiple industry sectors. In the UK, Alphyra's payment network, operating under the PAYzone® brand, ensures our Splash Plastic cardholders can load value onto their prepay debit card at a large network of top up environments.

GE Capital the world's largest supplier of store cards with over 15 million accounts handled. PrePay Technologies were selected by GE Capital Global Consumer Finance to provide gift card and other stored value products to their UK clients. Their UK operation is the leading provider of credit for retailers in the country, providing prestigious retail clients (operating in areas as diverse as department stores, fashion, electrical and electronics, automotive servicing, jewellery, footwear and DIY), with quality products ranging from store cards to "Buy Now Pay Later" to gift card programmes.

GE - credit & debt management? For both consumers and commercial clients, GE Money offers smart, flexible products to do it all – whether it's personal funding for your home, car and retail purchases, or financing to operate and grow a business, or affordable financing options to offer your customers. GE Money has the solution that makes sense for you. Whether you’re looking for a credit card with a low APR, no annual fee and special balance transfer plans, or a card that offers valuable rewards…we have the right credit card for you. Select from the options given below, or go straight to GE Money in your corner of the world. GE Money Credit Cards GE Money offer you value, security and convenience for all of your purchases. We have partnered with MasterCard, Visa, Discover, American Express, and JCB - to ensure a secure, flexible network wherever you go! Rebate Cards Many GE Money credit cards allow you to earn rewards, ranging from cash back to fuel discounts to points toward our partners’ merchandise and services. Start earning cash rewards or rebates for purchases you make every day - fuel, groceries, phone bills and more! Co-branded Credit Cards and Store Cards Did you know - GE Money also provides financial services for a variety of Retailers across the world? You can apply for a store card (also called Private Label Credit Cards) or our Co-Branded Credit Cards, which will allow you to earn rewards for making purchases every day at millions of merchants worldwide. And we're flexible – you choose how much of the account balance to pay off each month. - gemoney.com

General Electric

Run until 2001by "Neutron" Jack Welch, who made it a matter of principle to lay off 10% of his workers per year, the world's biggest company churns out plastics, aircraft engines and nuclear reactors and media spin through NBC, CNBC, Telemundo, and msnbc.com.

CEO: Jeffrey R. Immelt
Military contracts 2003: $2.8 billion

Campaign contributions in 2004: $221,200 (defense related) $1.9 million (total)

The world's largest company by market share, General Electric's revenues in 2003 totaled $134.2 billion. GE was run until 2001 by "Neutron" Jack Welch, who made it a matter of principle to lay off 10% of his workers per year.

General Electric makes household appliances, plastics, water treatment systems, lighting, medical equipment, and commercial financial services. It also makes aircraft engines and nuclear reactors, and keeps criticism at bay with its ownership of media giants NBC, CNBC, Telemundo, Bravo, and, in partnership with Microsoft, msnbc.com. GE's recent partnership with Vivendi added Universal Studios, USA, Trio and Sci-fi cable channels to its $43 billion media empire.

General Electric is one of the world's top three producers of jet engines, supplying Boeing, Lockheed Martin and other military aircraft makers for the powering of airplanes and helicopters.

The "war on terrorism" has seen GE's military contracts rise substantially. But the company's "defense" side has been doing well for a while. GE and other military contractors got a big boost under the Clinton administration from Presidential Directive 41 which stated that it was the job of US diplomats to promote arms sales abroad in order to safeguard American jobs; this directive tied the promotions of diplomats to how effectively they hocked US armaments.

GE has designed 91 nuclear power plants in 11 countries, yet its nuclear reactors around the world have a fatal flaw. In the event of a nuclear meltdown, there is a 90 percent chance that radiation from GE-designed reactors would be discharged directly into the atmosphere. While the US Nuclear Regulatory Commission is aware of the problem, it continues to license GE nuclear reactors.

GE's history with nuclear power is an ugly one. In the 1940s-1960s the company ran experiments on humans with radiation, including irradiating the reproductive organs of prison inmates in Walla Walla, Washington, without warning them of the risk of cancer. Other tests were run on the elderly and hospital patients. General Electric intentionally released large amounts of radiation into the air from the Hanford Nuclear Reservation in Richland, in order to see the distance it would travel. These atrocities were revealed in hearings in 1986 held by Representative Edward Markey of Massachusetts. The company has also been accused of knowingly poisoning its workers at the Knolls Atomic Power Laboratory in Schenectady, New York with radiation and asbestos.

General Electric is currently attempting to overturn the US Superfund Law of 1980, which allows the government to hold polluters responsible for cleaning up their toxic chemicals. GE argues that it is "unconstitutional" for the Environmental Protection Agency to force the company to pay $500 million for the cleanup of the Hudson River, where GE dumped carcinogenic PCBs, or polychlorinated biphenyls, over three decades. In March 2004, a federal appeals court has revived GE's lawsuit. It shouldn't come as a surprise that GE is trying to change the Superfund Law: the company is responsible for 78 Superfund sites around the US.

It's clearly not safe to be a worker for GE either. The US government's Occupational Safety and Health Administration, or OSHA, has cited the company for 858 workplace safety violations from 1990-2001.

General Electric has been involved in so many cases of fraud that in the 1990s the Pentagon's Defense Contract Management Agency created a special investigations office specifically for the company, which indicted GE on 22 criminal counts and recovered $221.7 million. In one case, in 1992, GE entered a guilty plea to criminal and civil charges for defrauding the Pentagon in a case where money was funneled to the Israeli military. GE was fined $69 million for violation of the Foreign Corrupt Practices Act.

GE's financial division has been another area ripe for fraud. GE was fined $100 million for trying to get bankrupt creditors to pay without informing the bankruptcy courts, in effect paying debts that they no longer legally owed. Not surprisingly, General Electric is the financial backer of WorldCom, the telecom company whose massive fraud and creative accounting led to the largest bankruptcy in US history.

The company has been involved in countless scandals, but strangely enough, they don't seem to affect General Electric's ability to win government contracts - but then, this is typical of all military contractors. According to a survey by the Center for Public Integrity, from 1990-2002, 30 of the US government's top contractors were found guilty of fraud in 400 cases, leading to settlements and fines amounting to at least $3.4 billion. General Electric paid $982.9 million for 63 cases in this period.

Such repeated behavior and continued contracts wouldn't be possible without friends in high places, of which General Electric. GE spent more than $31 million in 2001 and 2002 lobbying lawmakers; in 2000 it spent $16 million. Reigning CEO Jack Welch had enormous influence and was consistently ranked CEO of the Year by the slavish business press; he was major Republican donor as well. GE director Sam Nunn was senator for Georgia for 27 years, and also sits on the boards of ChevronTexaco. GE's Senior Vice President and General Counsel and Secretary, Benjamin W. Heineman, used to work for the US government's Department of Health, Education and Welfare. General Electric's defense sector gave $221,200 to political campaigns in the 2004 election cycle, with 50 percent going to Democrats and 50 percent to Republicans. GE Corpwatch- war profiteers