AUCKLAND-- Mondex International is running a public relations campaign to emphasise positive aspects of its security after acknowledging in a confidential document that customers may not be protected if its electronic cash scheme is "compromised".
Holders of Mondex smartcards will not be protected by Mondex and will not necessarily be able to redeem the value held on their cards if the scheme is successfully attacked, according to an agenda item on security PR prepared for a Mondex board of directors' meeting in July.
The document, leaked to Computerworld, describes a plan to counter "this obvious weakness" and cites the need to step up security PR in light of "recent events", namely the series of articles in Computerworld (New Zealand).
Potential adverse impacts on Mondex of fears about its security are listed. These include attacks from consumer groups and pressure on governments "to act to protect the consumer against products like Mondex, either by insisting that Mondex accepts liability or that it is not allowed to be developed". Mondex also fears adverse impacts on the other brands held by MasterCard, Mondex's 51% owner.
Six New Zealand banks - ANZ, National, Westpac Trust, BNZ, Countrywide, and ASB - are also shareholders in Mondex and recently confirmed their intention to launch the smartcard-based system in October next year.
"Given our assertion that Mondex is 'tamper resistant' and not 'tamper proof', any stepping up of PR security must include clear statements of the basis upon which consumers will be protected in the event of a security breach",” the document says.
"Without these statements, we are in danger of exposing the fact that the system is not tamper-proof, and should it be compromised, we will not protect cardholders."
"Until this issue is resolved, we cannot afford to take a pro-active stance on security because it will cause more problems than it will solve, in particular with consumer lobby groups."
The author notes that issuers of Mondex's two leading competitors, Visa Cash and Proton, do "appear to provide the means for cardholders to redeem value held on the cards".
Visa is planning a Visa Cash pilot here and in Australia next year. Visa spokesman Bruce Mansfield confirmed to Computerworld that Visa would protect cardholders in its Visa Cash scheme in the event of fraud or of loss or damage to cards.
"Because we have a fully accountable stored-value system which keeps transaction dates and balances, we are able to deal with customer service enquiries and refunds where appropriate", said Mansfield.