Computer Counselor - June 1996
Get Ready to Pass the Cyber-Buck
Following the "Electronic" Money
By Joseph Kornowski
Joseph Kornowski is associate executive director and general counsel for the Los Angeles county Bar Association. He can be reached on the Internet at JKornowski@msn.com.
Why? For one thing, high-quality color copiers seriously threaten the security of paper money. The costs of adequately improving the security of paper money to guard against this threat, as well as the increasing costs and inconvenience of physically guarding hard currency and moving it (i.e., vending machines, vaults, armed transport personnel and vehicles), are sounding the death knell for paper and coin money. One estimate puts the cost of handling money in the U.S. alone at $60 billion a year. Moreover, money needs to move as fast as the commercial transactions in which it is used if we are to succeed in leveraging the efficiency of current technology into increased productivity and profitability.
Up until now, the great electronic commerce gold rush of the nineties has been missing one thing: the gold. One speaker at the c/net Electronic Commerce Conference held in Newport Beach in March described the Internet as a $0 billion marketplace. One of the impediments to cyber-commerce over the Internet, it seems, is the inability to push money (as opposed to just credit card numbers) through the wires. But that is quickly changing.
For most of the banking and investment industries, electronic money is hardly a new concept. After all, that is how all interbank transfers of funds have occurred for years; and that is what has given us global, round-the-clock currency and investment markets.
So far, however, people still walk about the planet with coins and paper money in their pockets, wallets and purses, supplemented by credit and debit cards and a checkbook or two. This personal, tangible money is what will be replaced over time with electronic or digital money. This money will take multiple forms including credit (or debits), checks or currency that can be exchanged through electronic media, such as a computer or a so-called Smart Card-a device about the size of a credit card with a computer chip in it that stores and transfers electronic information with monetary value. The hardware and software used for such storage and transfer of electronic currency will be less important than the attributes of the currency itself.
On the Internet, where you can no more slip a $20 bill into your modem than you can get a pizza out of it, the credit card is king--for now. Companies such as CyberCash already offer an online form of secured credit card transaction, which they call "Secure Card Transport," over the Internet. To conduct such transactions, CyberCash provides software, known as a CyberCash Wallet, free through its Web site. After downloading the Wallet to his or her personal computer, the consumer enters into the Wallet information relative to all credit cards that he or she wants to use for online purchasing (American Express, Discover, MasterCard, VISA). The Wallet must then be configured to work with the consumer's Web browser (e.g., Netscape Navigator, Microsoft Internet Explorer, etc.), which is not exactly a simple task. This allows the CyberCash Wallet to act as a "helper application" to the Web browser so that the Wallet launches automatically when the consumer is using the Web browser to shop on the Internet and submits an online order for merchandise from one of the vendors that uses the CyberCash Secure Internet Payment System. A recent check of participating merchants and banks on the CyberCash Web page revealed approximately 40 merchants and 120 U.S. banks using the CyberCash system.
The CyberCash Wallet software uses a strong public key encryption system that secures your credit card information and details about a purchase in a secure electronic envelope from you to the merchant, to the bank, and back. When the consumer makes a purchase over the Internet and sends the transaction to the merchant, the merchant (automatically, through its software program) adds transactional information to the purchase and then forwards it to CyberCash, where the transaction is reformatted and sent to the merchant's bank over dedicated lines (not over the Internet). The merchant's bank then sends the authorization request to the issuing bank through the card associations (or directly to American Express or Discover, for their cards). Once the issuing bank approves the purchase (again, electronically), the transaction is then sent back through the CyberCash server for secure encryption and on to the merchant, who sends the consumer an electronic receipt and fills the order. According to CyberCash, this whole process takes about 15 to 20 seconds. The consumer receives an electronic receipt and the order is sent out by mail or other ground or air delivery.
Another company, First Virtual, offers an alternative that does not involve downloading special software, encryption of your credit card information, or configuring of your Web browser or other software. All the consumer needs is a VISA or MasterCard and an e-mail account.
The way the First Virtual system works is that you first sign up for a First Virtual account through their Web page, which involves giving First Virtual your credit card account number. In return, they give you a unique account identifier, a PIN, that you can send over the Internet whenever you want to purchase something from a vendor using the First Virtual system. After you have ordered the item, First Virtual sends you an e-mail message requesting an authorization to process payment on your credit card. With this virtual credit card escrow service, First Virtual claims that they provide good security without the need for complex encryption and software hassles. Of course, this assumes that the person ordering the merchandise is the same person who is the authorized credit card holder and the same person who will respond to the e-mail verification. Neither First Virtual nor CyberCash charge the consumer any fees (other than the First Virtual one-time account set-up fee of $2.00). Like other transaction fees, the merchants are charged and pass through the charges to the consumer.
Digital Dollars & Cents
When it comes to the electronic equivalent of cash, rather than credits or debits, the world of electronic commerce gets more interesting. As distinguished from online bill payment or credit card transactions, electronic cash is money which must be fungible, securely backed, universally accepted (ubiquitous) and in a format capable of being passed peer-to-peer among many individuals--your friends, colleagues, business associates and strangers--retaining its value.
From your PC, for example, you might dial up your bank online and download (withdraw) a specified amount of digital cash, which will be debited from your bank account. Whenever you purchase any goods or services from vendors online--Dominos, let's say--you activate your cyber-wallet program in your PC and the appropriate amount of e-money that was downloaded previously into your computer is transferred to the vendor for the purchase, and you can verify a corresponding reduction in the balance remaining in your computer cash wallet. CyberCash is working on just such a system, which they call "Secure Money Messaging."
To be sure, getting cash delivered right to your computer in the security and comfort of your home or office beats looking nervously over your shoulder on a Saturday night in the rain while standing at the ATM machine outside of your bank and then getting back in your car to drive down the street to the pizza parlor. Although the place where you get and spend your new electronic cash may feel more comfortable and secure, you unknowingly may be sacrificing a different kind of comfort and security that we all now take for granted in using cold, hard cash.
When you trade in your paper and metal currency to use mathematically complex bits and bytes of information as legal tender, a number of important questions already will have been answered that potentially will forever alter the world in which you use that legal tender. For example, who will regulate electronic currency? What kind of security will be needed to prevent the copying of digital cash like any software program? Who will assign and back its monetary value? And, perhaps the most important question we will face as an open society: do we want cyber-currency to be traceable or should it be at least as anonymous as coin and bills?
The answer to that last question, in particular, will determine how easy it is for someone that you have not specifically authorized-the government, a private company-- to find out about every pizza you order, every magazine you buy, every telephone call you make, every door you open, and every toll road you enter. "They" will know where you have been, when, and how much you paid for what-assuming that you use fully traceable cyber-bucks. If the response of a majority of us to this specter is "No way!", then what about its opposite? That is, should electronic currency be so anonymous that no one could record serial numbers or mark bills the way that banks and law enforcement now do to track money when it is stolen or used as ransom? Would truly untraceable electronic cash cause a virtual explosion in money laundering, drug dealing, kidnapping and other assorted crimes that would benefit?
DigiCash is a company that pioneered development of electronic payment systems which provide security and privacy for open, closed and network systems. With its Ecash product, DigiCash has created anonymous electronic cash, using public key encryption, through what they call a blinding technology. The way it works is that a user must have an ecash account at a digital bank on the Internet which is used to withdraw and deposit ecash. Digital money is implemented by digital signatures that represent a certain fixed amount of money; DigiCash calls such a digital signature a "coin." For an ecash withdrawal, the user's PC calculates how many digital coins of what denominations are required to withdraw the requested amount. Random serial numbers are then generated and the "blinding factor" included, and then the result is sent to the digital bank. The bank encodes the blinded numbers with its own digital signature (secret key) and simultaneously debits the user's account for the same amount. The now-authenticated "coins" are sent back to the user, who takes out the blinding factor, and the resulting serial numbers plus their signatures are now digital coins, with a value guaranteed by the bank. The coins then can be stored on the user's PC, and when used as payment, the receiver send them to the bank, which verifies the value and that they have not previously been spent. Each coin is thus used only once. Criminality is thwarted by the fact that all coins must be deposited into a digital bank, and the payee is always known even though the payer remains unknown.
"Follow the money!" was what Deep Throat purportedly advised those who wanted to know the truth about the Watergate scandal. In the coming world of digital currency, will we pay the price of reduced privacy by allowing those who would follow the money simultaneously to follow us?