- Email: [email protected]
Gemplus win and lose
news
company news
Contact: Rémi Calvet, Tel: +33 4 42 36 57 20, email: [email protected]
Gemplus win and lose Gemplus lawyers have been kept extremely busy in recent months with two major legal battles coming to a head. Good news for the smart card manufacturer, and its indirect subsidiary Zenzus Holdings, is that it has prevailed in an international arbitration proceeding seeking repayment of a loan made to former chairman and co-founder Marc Lassus. According to the companies, Zenzus had provided a loan to Lassus in September 2000 to pay the subscription price of stock options granted by Gemplus. In January 2003, Gemplus and Zenzus brought arbitration proceedings seeking repayment due to Lassus’s breach of his obligations. At this point Lassus denied the existence of the loan and argued that the funds granted were a reward or gift. The arbitration tribunal ruled unanimously in Gemplus’ favour, saying they had “no doubt” that there was a loan based upon “abundant evidence” and no contrary evidence of a gift or reward. The tribunal ordered Lassus to make repayment in full of the loan in the amount of Euro 71.9 million, plus interest of approximately Euro 7.0 million to date, attorneys’ fees and costs as well as the costs of the arbitration. Altogether the bill comes to approximately Euro 80.9 million as of today. On top of the bill, the arbitrators said that payment of Lassus’s claim for US$10 million in severance compensation was to be deferred until he had made full payment to Zenzus and Gemplus. It is not clear if Lassus has the funds to pay the bill. Accordingly, Gemplus has been maintaining a provision for the entire principal of the loan plus accrued interest. Until there is reason to change this analysis, Gemplus said the arbitration decision will not affect its financial statements. Meanwhile, on the down side, the company’s ongoing lawsuit surrounding an alleged breach of contract regarding the promotion of smart cards solution for casino slot machines will affect its company statements. The Marseille Commercial Court had ordered Gemplus to make a direct payment to the plaintiffs of approximately 22 million euros. Gemplus’ protests led to a decision by the Aixen-Provence Court of Appeal that the smart card manufacturer must instead make a cash deposit for 22 million euros into an escrow account as security pending the decision of the appeal. Following this decision, and based on the company’s analysis and advice of counsel, Gemplus has decided to increase the provision made for this case in its first quarter 2003 (Euros 1.8 million) by an amount of Euros 3.4 million. This results in a total provision for this case of Euros 5.2 million in Gemplus’ consolidated accounts at the end of 2003.
Card Technology Today May 2004
in brief
passwords
Chocolate for password! A new survey has found that a staggering 71% of office workers polled were willing to reveal their passwords when offered a chocolate bar as a bribe. While this was a less-than-scientific survey, it does demonstrate the real problem facing IT administrators and the benefits to security that a more secure smart card system could bring. The poll was conducted at London’s Liverpool Street Station, and also found that the majority of workers would take confidential information with them when they change jobs and would not keep salary details confidential if they found them. Of the people surveyed 37% of workers immediately gave their password. If they initially refused, researchers used social engineering tactics, suggesting that the password has to do with a pet or child’s name. 34% then revealed their passwords. The most common passwords were based on partners or children’s names (15%), followed by football teams (11%), and pets (8%). The most common password was ‘admin’. One interviewee said: “I work in a financial call center, our password changes daily, but I do not have a problem remembering it as it is written on the board so that everyone can see it...I think they rub it off before the cleaners arrive.” Other findings in the study found that: •
53% of users said they would not give their password to a telephone caller claiming to be calling from their IT department;
•
4 out of 10 knew their colleagues’ passwords;
•
55% would give their password to their boss;
•
two-thirds of workers use the same password for work and for personal access such as online banking and Web site access;
•
workers used an average of four passwords;
•
51% of passwords were changed on a monthly basis and 20% never change them; Another oft quoted fact also turned out to be close to the truth – many of the workers who regularly had to change their passwords kept them on piece of paper or stored on Word documents.
company news
ACG ends card business ACG AG is withdrawing entirely from the smart card business. It announced the sale of all its remaining smart card activities that were left over following the sale of its ACG Identification Technologies division to Assa Abloy last year. Logos Smart Card, a software development house, and Bluefish Technologies group, were
• Omnikey, a manufacturer of smart card readers, has begun shipping its new CardMan 4040 PCMCIA smart card reader. Based on chip technology, which it jointly developed with Atmel, the 4040 supports reader-to-card data transmission rates of up to 420 KB per second, the supplier claims. The smart card reader is designed as a PC-Card to connect to portable computers, notebooks, PDAs or even set-top-boxes via a PCMCIA slot. Applications for the new reader include logical access control, PKI, digital signature, secure mobile banking and online transactions, loyalty programs and healthcare solutions. The supplier says the reader meets all relevant standards such as ISO 7816, EMV 2000 Level 1 (Europay, MasterCard, Visa), Microsoft WHQL, PC/SC, HBCI (Home Banking Computer Interface) and PC-2001 specifications. • Drexler Technology Corporation has announced that it successfully concluded the acquisition of two related German card companies, Challenge Card Design Plastikkarten and cards & more, including their sales operations in the USA and Korea. The company said that these acquisitions provide Drexler with a strong card manufacturing base to serve the European, Middle Eastern, African and Asian markets, and supplement the company’s newly expanded manufacturing operations in California. • A new type of smart credit card has been developed that will not work unless it hears a spoken password given by its owner. The card authenticates its owner using a built-in speaker verification chip, helping to prevent thieves using a stolen card or credit card details to buy goods online. Engineers at Beepcard in California, USA, built the prototype, which is based on an earlier version that was also designed prevent fraud in online transactions. This earlier card had no microphone, but did have a built-in loudspeaker which it used to “squawk” an acoustic ID signal via a computer’s microphone to an online server. The problem with the earlier version is that it could not guard against the fraudulent use of stolen cards as there was no way to guarantee the authenticity of the cardholder. The card does not yet conform to ISO card specifications, with the card still being about three times thicker than normal. To maximise battery life, the electronics only switch on when the card is in use. The company is aims to make the card capable of 10 transactions per day for two years before its non-replaceable battery runs out.
5
company news
Contact: Rémi Calvet, Tel: +33 4 42 36 57 20, email: [email protected]
Gemplus win and lose Gemplus lawyers have been kept extremely busy in recent months with two major legal battles coming to a head. Good news for the smart card manufacturer, and its indirect subsidiary Zenzus Holdings, is that it has prevailed in an international arbitration proceeding seeking repayment of a loan made to former chairman and co-founder Marc Lassus. According to the companies, Zenzus had provided a loan to Lassus in September 2000 to pay the subscription price of stock options granted by Gemplus. In January 2003, Gemplus and Zenzus brought arbitration proceedings seeking repayment due to Lassus’s breach of his obligations. At this point Lassus denied the existence of the loan and argued that the funds granted were a reward or gift. The arbitration tribunal ruled unanimously in Gemplus’ favour, saying they had “no doubt” that there was a loan based upon “abundant evidence” and no contrary evidence of a gift or reward. The tribunal ordered Lassus to make repayment in full of the loan in the amount of Euro 71.9 million, plus interest of approximately Euro 7.0 million to date, attorneys’ fees and costs as well as the costs of the arbitration. Altogether the bill comes to approximately Euro 80.9 million as of today. On top of the bill, the arbitrators said that payment of Lassus’s claim for US$10 million in severance compensation was to be deferred until he had made full payment to Zenzus and Gemplus. It is not clear if Lassus has the funds to pay the bill. Accordingly, Gemplus has been maintaining a provision for the entire principal of the loan plus accrued interest. Until there is reason to change this analysis, Gemplus said the arbitration decision will not affect its financial statements. Meanwhile, on the down side, the company’s ongoing lawsuit surrounding an alleged breach of contract regarding the promotion of smart cards solution for casino slot machines will affect its company statements. The Marseille Commercial Court had ordered Gemplus to make a direct payment to the plaintiffs of approximately 22 million euros. Gemplus’ protests led to a decision by the Aixen-Provence Court of Appeal that the smart card manufacturer must instead make a cash deposit for 22 million euros into an escrow account as security pending the decision of the appeal. Following this decision, and based on the company’s analysis and advice of counsel, Gemplus has decided to increase the provision made for this case in its first quarter 2003 (Euros 1.8 million) by an amount of Euros 3.4 million. This results in a total provision for this case of Euros 5.2 million in Gemplus’ consolidated accounts at the end of 2003.
Card Technology Today May 2004
in brief
passwords
Chocolate for password! A new survey has found that a staggering 71% of office workers polled were willing to reveal their passwords when offered a chocolate bar as a bribe. While this was a less-than-scientific survey, it does demonstrate the real problem facing IT administrators and the benefits to security that a more secure smart card system could bring. The poll was conducted at London’s Liverpool Street Station, and also found that the majority of workers would take confidential information with them when they change jobs and would not keep salary details confidential if they found them. Of the people surveyed 37% of workers immediately gave their password. If they initially refused, researchers used social engineering tactics, suggesting that the password has to do with a pet or child’s name. 34% then revealed their passwords. The most common passwords were based on partners or children’s names (15%), followed by football teams (11%), and pets (8%). The most common password was ‘admin’. One interviewee said: “I work in a financial call center, our password changes daily, but I do not have a problem remembering it as it is written on the board so that everyone can see it...I think they rub it off before the cleaners arrive.” Other findings in the study found that: •
53% of users said they would not give their password to a telephone caller claiming to be calling from their IT department;
•
4 out of 10 knew their colleagues’ passwords;
•
55% would give their password to their boss;
•
two-thirds of workers use the same password for work and for personal access such as online banking and Web site access;
•
workers used an average of four passwords;
•
51% of passwords were changed on a monthly basis and 20% never change them; Another oft quoted fact also turned out to be close to the truth – many of the workers who regularly had to change their passwords kept them on piece of paper or stored on Word documents.
company news
ACG ends card business ACG AG is withdrawing entirely from the smart card business. It announced the sale of all its remaining smart card activities that were left over following the sale of its ACG Identification Technologies division to Assa Abloy last year. Logos Smart Card, a software development house, and Bluefish Technologies group, were
• Omnikey, a manufacturer of smart card readers, has begun shipping its new CardMan 4040 PCMCIA smart card reader. Based on chip technology, which it jointly developed with Atmel, the 4040 supports reader-to-card data transmission rates of up to 420 KB per second, the supplier claims. The smart card reader is designed as a PC-Card to connect to portable computers, notebooks, PDAs or even set-top-boxes via a PCMCIA slot. Applications for the new reader include logical access control, PKI, digital signature, secure mobile banking and online transactions, loyalty programs and healthcare solutions. The supplier says the reader meets all relevant standards such as ISO 7816, EMV 2000 Level 1 (Europay, MasterCard, Visa), Microsoft WHQL, PC/SC, HBCI (Home Banking Computer Interface) and PC-2001 specifications. • Drexler Technology Corporation has announced that it successfully concluded the acquisition of two related German card companies, Challenge Card Design Plastikkarten and cards & more, including their sales operations in the USA and Korea. The company said that these acquisitions provide Drexler with a strong card manufacturing base to serve the European, Middle Eastern, African and Asian markets, and supplement the company’s newly expanded manufacturing operations in California. • A new type of smart credit card has been developed that will not work unless it hears a spoken password given by its owner. The card authenticates its owner using a built-in speaker verification chip, helping to prevent thieves using a stolen card or credit card details to buy goods online. Engineers at Beepcard in California, USA, built the prototype, which is based on an earlier version that was also designed prevent fraud in online transactions. This earlier card had no microphone, but did have a built-in loudspeaker which it used to “squawk” an acoustic ID signal via a computer’s microphone to an online server. The problem with the earlier version is that it could not guard against the fraudulent use of stolen cards as there was no way to guarantee the authenticity of the cardholder. The card does not yet conform to ISO card specifications, with the card still being about three times thicker than normal. To maximise battery life, the electronics only switch on when the card is in use. The company is aims to make the card capable of 10 transactions per day for two years before its non-replaceable battery runs out.
5