Dublin City University MSc. in Electronic Commerce

Dublin City University
MSc. in Electronic Commerce
Business School & School of Computing
Practicum Report for FingerPal Biometric Payment System
August 2009
Authors:
Olga Bzdawka (MECB)
58212509
Zaneta Babko (MECB)
58210580
Francisco Canovas (MECT)
58211843
Supervisors:
Howard Duncan School of Computing
PJ Byrne Business School
Chapter 1 Business Purpose
Table of Content
Acknowledgements............................................................................................................ 5
Executive Summary ............................................................................................................ 6
Introduction ....................................................................................................................... 7
Chapter 1 Business Purpose...........................................................................................8
1.1 FingerPal Description ................................................................................................... 8
1.2 The Structure of FingerPal Transaction........................................................................ 8
1.3 Value proposition ......................................................................................................... 9
1.4 Advantages of FingerPal............................................................................................. 10
1.5 Value Chain ................................................................................................................ 11
Chapter 2 Business Model .......................................................................................... 12
2.1 The structure of Business Model ............................................................................... 12
2.2 Revenue Model .......................................................................................................... 13
2.3 Facilitators .................................................................................................................. 14
2.4 Growth Strategy ......................................................................................................... 15
2.5 Key Milestones ........................................................................................................... 16
Chapter 3 Market Research ......................................................................................... 18
3.1 SWOT Analysis............................................................................................................ 18
3.2 Market Analysis and Trends ....................................................................................... 19
3.2.1 Industry Revenue Forecast by Sector ................................................................. 21
3.2.2 Applications......................................................................................................... 23
3.3 Future trends ............................................................................................................. 26
3.4 Growth Drivers ........................................................................................................... 27
3.5 Market segmentation ................................................................................................ 27
3.6 Promotion .................................................................................................................. 29
3.7 Pricing......................................................................................................................... 30
3.8 PEST Analysis .............................................................................................................. 30
3.9 Overview of end users ............................................................................................... 32
3.9.1 End-users: Survey analysis .................................................................................. 34
3.9.2 Feedback from the customers ............................................................................ 35
Chapter 4 Competitive Review .................................................................................... 36
4.1 Industry Forces ........................................................................................................... 36
4.2 Competitors Analysis ................................................................................................. 37
4.2.1 Competitive Advantage....................................................................................... 38
4.2.2 Competitors and their products.......................................................................... 38
4.3 Intellectual Property .................................................................................................. 39
Masters in eCommerce 2009 – Dublin City University
2
Chapter 1 Business Purpose
Chapter 5 - Technology................................................................................................ 41
5.1 Technical Solution ...................................................................................................... 41
5.2 Technical overview and analysis ................................................................................ 41
5.2.1 Optical Scanner ................................................................................................... 42
5.2.2 Capacitance Scanner ........................................................................................... 43
5.2.3 Matching ............................................................................................................. 44
5.2.4 Bottom line.......................................................................................................... 45
5.3 Technology roadmap ................................................................................................. 46
5.4 Infrastructure ............................................................................................................. 48
5.4.1 Point of Sale ........................................................................................................ 48
5.4.2 Server side ........................................................................................................... 49
5.4.3 Web Service ........................................................................................................ 49
5.5 Process description .................................................................................................... 51
5.5.1 Enrol a customer in a Point of Sale ..................................................................... 51
5.5.2 Enrol a merchant into the system ....................................................................... 52
5.5.3 Enrol a customer using the online service .......................................................... 53
5.5.4 Perform a transaction ......................................................................................... 55
5.6 Technologies .............................................................................................................. 57
5.6.1 Client side ............................................................................................................ 57
5.6.2 Server side ........................................................................................................... 57
5.6.3 Point of Sale ........................................................................................................ 57
5.7 Security....................................................................................................................... 58
5.8 System Architecture ................................................................................................... 59
5.8.1 Application server ............................................................................................... 60
5.8.2 Web server .......................................................................................................... 60
5.8.3 Database server .................................................................................................. 61
5.8.4 Networks and Internets ...................................................................................... 61
5.8.5 Ecommerce server .............................................................................................. 61
Chapter 6 - Technical Solution ..................................................................................... 62
6.1 Prototype ................................................................................................................... 62
6.2 Description ................................................................................................................. 63
6.3 Database model ......................................................................................................... 64
6.4 Technologies used...................................................................................................... 65
Cascade Style Sheet ..................................................................................................... 65
HTML ............................................................................................................................ 65
MySQL 5 ....................................................................................................................... 65
Apache Tomcat 5.5 ...................................................................................................... 65
6.5 Testing ........................................................................................................................ 66
6.5.1 Functionality........................................................................................................ 66
6.5.2 Usability............................................................................................................... 67
Masters in eCommerce 2009 – Dublin City University
3
Chapter 1 Business Purpose
6.5.3 Server Side Interfaces: ........................................................................................ 68
6.5.4 Client Side Compatibility: .................................................................................... 68
6.5.5 Performance........................................................................................................ 69
6.5.6 Security................................................................................................................ 70
Chapter 7 Financial Projections ................................................................................... 71
7.1 Funding....................................................................................................................... 71
7.2 Sales Explanation ....................................................................................................... 72
7.3 Calculations ................................................................................................................ 73
7.4 Expenses..................................................................................................................... 74
7.5 Loss & Profit Projection.............................................................................................. 75
7.6 Cash Flow ................................................................................................................... 76
Chapter 8 Management Team ..................................................................................... 79
Appendixes ................................................................................................................. 80
Appendix 1 Competitive Analysis..................................................................................... 80
Appendix 2 Survey ........................................................................................................... 82
Appendix 3 Survey Results ............................................................................................... 85
Appendix 4 Legislation on Biometrical Information,European Directive : ...................... 88
Appendix 5 Potential Partners: Irish Merchant Banks (Acquirers) ................................. 89
Appendix 6 Historical Adoption Rates of Credit/Debit Cards .......................................... 90
Appendix 7 Merchant’s Terminal ..................................................................................... 91
Appendix 8 Individuals Contacted ................................................................................... 93
References .................................................................................................................. 94
Masters in eCommerce 2009 – Dublin City University
4
Chapter 1 Business Purpose
Acknowledgements
Out team would like to thank all the people who participated or supported us in
conducting the project. We would like to appreciate the help of our supervisors, PJ Byrne and
Howard Duncan who contributed to the completion of this report.
Our group would like to thank also Prof. Alan Smeaton, Brian Stone and other members of
School of Computing who guided us in technical issues of the report. We appreciate the help of
practicum coordinator Cathal Gurrin and Maria Johnston from Invent for useful advice and
support.
We appreciate the support of companies who provided us with feedback. Moreover, we
want to thank our friends and survey participants for their contribution to the market
research. Many thanks to Niamh O'Neill from AIB, Mark McGoldrick from Bank of Ireland,
Eddie Cullen from Ulster Bank, William Christie from Spar, Seamus Banim from Tesco and
Natalie Danaher from Super Valu for their feedback.
Many thanks also to our families for all the support received during these months.
Masters in eCommerce 2009 – Dublin City University
5
Chapter 1 Business Purpose
Executive Summary
•
The aim of this project is to examine the potential of fingerprint-based payment method
on the Irish market.
•
The biometrics industry is experiencing a steady growth and is becoming more
technologically advanced, the cost of fingerprint-enabled devices is dropping.
•
Studies show that consumers show acceptance to new methods of payment and that
there is a need for new methods of payment and innovation.
•
The FingerPal system will be a new method of tokenless payment.
•
FingerPal has no exisitng competitors on the Irish market who provide similar solutions.
•
Biometric method of payment will provide security, faster throughput and convenience;
the system will provide benefits for merchants, banks and the end users.
•
The process of retrieving fingerprint information is presented in the demo to prove it
effectiveness.
Masters in eCommerce 2009 – Dublin City University
6
Chapter 1 Business Purpose
Introduction
This project outlines the business and technical aspects related to the successful
development and implementation of FingerPal solutions on the market. The report is based on
the theoretical business knowledge as well as detailed technology description and its practical
version. The first section of the report provides the description of the offering, including its
originality, strenghts and value chain. It also outlines the business purpose of the product,
mission statement and the process of transaction. The section focuses also on the competitive
advantage and highlights the benefits of FingerPal for potential partners and end-users.
Chapter 2 presents the business model with a detailed description of the transaction
process. This section shows the value chain of FingerPal including partners and facilitators
involved in the process. Finally, it presents the growth strategy of the comapny and crucial
milestones to be achieved in the next three years. Chapter 3 is an extensive market research
which gives an overview of the biometric industry and further provides details of the size of
the financial sector of biometric market and its forecasts. What is more, the section provides
the details of political, legal, economic and social factors that are present in the business
environment as well as a WSOT analysis. The chapter gives also a description of the end user
supported by data from surveys and interviews’ analysis. Chapter 4 looks at the companies
who may be considered competitors to FingerPal or present a threat of developing similar
solutions. This part of report involves the analysis of the industry forces. Chapter 5 provides a
detailed description of the technological solution, including the technology roadmap, current
stage of developmet, hardware requirements. Chapter 6 defines the prototpe and demo
description. Chapter 7 is a detailed financial plan with cash flow and loss & profit analysis.
Chapter 8 presents the management team. The list of appendixes presents research findings,
surveys and other relevant information.
Masters in eCommerce 2009 – Dublin City University
7
Chapter 1 Business Purpose
Chapter 1 Business Purpose
1.1 FingerPal Description
FingerPal is a new, innovative method of conducting financial transactions. It is a solution
that allows consumers to pay for goods or services without the need of carrying a token, such
as plastic card,, cash or cheque. Instead of traditional methods of payment, FingerPal will
enable the users to use their biometric information, which is the fingerprint, to carry out
transactions. The new biometric method of payment
payment will be utilized in retail, petrol stations
and restaurants. The merchants will benefit from faster transactions and greater customers’
satisfaction. Banks will benefit from fees involved in transactions, and, finally, the end users
will be able to pay in a more secure, smarter and faster way.
Our mission statement:
“To deliver a new, innovative payment solution. To enhance the security of transactions
and its throughput thanks to unique and unconventional technology solutions. To achieve
recognition and
nd wide acceptance as a new payment processing provider”.
1.2 The Structure of FingerPal Transaction
The process of FingerPal’s transaction involves several steps that involve the merchants,
banks, and end-users.
users. The first step includes enrollment of merchant
merchant and the end-user
end
to the
system. Basically, the merchant registers with FingerPal online. The end-user
end user of the system
enrolls only once, either online from home (providing that their computer is equiped with a
fingerprint scanner) or at merchant POS terminal.
terminal. Since enrollment, the consumer can pay by
fingerprint in any retail outlets that use FingerPal’s system.
The Transaction Process can begin when both, the merchant and the consumer are
registered with FingerPal. The transaction inloves the following stages:
s
Masters in eCommerce 2009 – Dublin City University
8
Chapter 1 Business Purpose
1. Transaction starts
A customer buys products from the merchant
2. Payment processed
The acquirer (merchant’s bank) receives the transaction. The acquirer subtracts the discount
fee from the amount received and the final merchant’s transaction earning.
3. Submission
The transaction is passed to the bank who provides the customer’s account. It is submitted
first to FingerPal who determines the interchange fee and then directly to customer’s bank.
4. Payment received
The customer’s bank pays the acquirer. The acquirer receives amount which is subtracted by
the interchange fee. The interchange fee goes partially to the customer’s bank and to
FingerPal.
5. Customer’s payment
The customer’s bank account is charged by the sum of transaction.
1.3 Value proposition
Our product will provide more advantages over the conventional payment methods such
as cash or plastic cards.
s. We consider that our product will provide a multi-sided
multi sided advantages for
both, the customers, the merchants
merchant and the banks. The members of FingerPal’s value chain
are presented in the graph:
Masters in eCommerce 2009 – Dublin City University
9
Chapter 1 Business Purpose
1.4 Advantages of FingerPal
BioPay will provide benefits for the following entities:
Consumers
Convenience
Customers will be able to pay for goods by fingerprint. Thus, there will be no need of carrying
cash, plastic cards or cheques. Transactions will be performed in a quicker and more
convenient way. The queuing time will be decreased and transaction performance enhanced.
Security
There will be an increased security of transactions as there will no longer be the risk of losing
plastic card or cash. With a fingerprint, each individual will not have to worry about the
possibility of losing financial resources.
Lack of Charge
Customers will not be charged for the transactions. Compared to some of the plastic card
companies or banks who charge for each transactions, BioPay will be completely free for
customers.
Ease-of-use
Customers will be required to enroll one time and their personal account will be created.
There is no need for setting up a new bank account.
Merchants:
Increased earnings
The merchants who will implement FingerPal method of payment will benefit from more
frequent transactions. The conveniece for customers will be increased, thus, merchants will
provide higher standards and meet the expectations of customers. These will result in
increased transactions and greater cusotmers’ satisfaction.
Quicker processing of transactions
FingerPal does not require plastic cards or cash. Thus, the time spent in each transaction to
insert plastic card or money will be eliminated. Consequently, the transactions will be
performed quicker. Merchants will be able to increase customers’ satisfaction and
convenience.
Masters in eCommerce 2009 – Dublin City University
10
Chapter 1 Business Purpose
11
Convenience
Customers satisfaction will be increased. Moreover,
Moreover, the merchants who will provide the
FingerPal methods will be perceived as more innovative and more attrcative for customers.
Thus, the general image of merchants will be enhanced.
Savings/Increased revenue
FingerPal will provide competitive prices for each transaction processed. Thus, our product will
be charged less than the standard charges for plastic card payments. Currently, the average
plastic card transaction fees range from 1 % to 3%. FingerPal will decrease this amount by at
least three times. Thus, merchants may benefit from savings.
Banks:
Increased Revenues
Banks will benefit from a new way of conducting transactions through the interchange fees.
This will provide banks with the opportunity to increase their revenues.
1.5 Value Chain
The value chain of FingerPal will aim to deliver the best possible value to our customers
and, at the same time, generate revenue that exceeds the cost of activities within the firm,
and, therefore, results in a profit margin. The key aspects of the value chain
chain are presented in
the graph 1.5.
Inbound
Logistics:
Equipment
from
Hardware
Manufacturers
Operations:
Builiding Design
& Operations
Testing
Transactions
Processing
Database
Maintenance
Marketing &
Sales:
Outbound
Logistics:
Distribution
To Retailers
Promotions
Mix:
Online /Offline
Advertising
Brochures
Seminars/Trade
Shows
Firm Infrastructure: Management of Information Systems
Technology Development:Innovation
Innovation - R&D, Security Enhancements
Human Resource Management: Recruitment, Training, Payroll
Procurement: Components from Suppliers, Bank Agreements
Masters in eCommerce 2009 – Dublin City University
After Sales
Service:
Complaints
Handling
Customer
Support
Margin
Chapter 2 Business Model
Chapter 2 Business Model
There are several aspects of our business model that make it successful. First of all, BioPay will
allow for a new way of concluding transactions. It will rely on a network that will enable
transactions on a global scale. Our product will provide the merchants and financial
institutions with the opportunity to grow and deliver new methods of payments to the
customers. Thus, our business model will be beneficial for customers, merchants and the
banks. Customers will be able to make more secure and convenient payments without the
need of carrying a “token” such as cash or plastic card. Merchants will improve their image,
lower transaction costs and attract more customers whereas financial institutions will have the
possibility to grow their revenues from transactions through a new method of payment.
2.1 The structure of Business Model
FingerPal’s business model is determined by the so called interchange rate. It is a fee involved
in processing a transaction between the merchant, merchant account provider (acquirer bank)
and the customer account provider (any bank). The merchant bank is the bank who has an
agreement with a merchant . It accepts the deposits from transactions. Interchange fees are
paid to the customer’s bank account by the acquirer. Part of that fee will be charged by
FingerPal. The rate will be determined by various factors, such as the type of merchant (shop,
restaurant, etc.) or the volume of transactions. However, in the first years of activity we will
focus on a flat fee for the retail sector.
In order to proceed the transactions FingerPal will be required to sign an agreement with the
bank that is the merchant’s acquirer and the bank that provides bank account to the customer.
The agreement will authorize FingerPal to perform transactions between the banks. Moreover,
the agreement will contain the rights , terms and condition, and rules with regard to the
transaction process.
The interchange fee will be determined by the type of industry, processing environment.
Nevertheless, our transaction fees will be competitive compared to current plastic card
networks such as VISA or Mastercard.
The business model of FingerPal will be similar to plastic card associations such as VISA or
Mastercard. As stated in the companies’ websites, both of the organizations generate high
revenues through interchange fees. Both firms managed to earn $26 billion in 2004 from
interchange fees. The revenue grew to $ 30.7 billion in 2005 which accounted for 85 percent of
increase from 20011.
1
www.visa.com, www.mastercard.com
Masters in eCommerce 2009 – Dublin City University
12
Chapter 2 Business Model
13
The interchange fee of FingerPal will be highly competitive compared to plastic card
companies’ fees. Currently, the interchange fees are very complex and differ. There are about
270 types of interchange fees. For instance, VISA determines the interchange fee rate
depending on where transaction takes place, whether it is an online transaction or over the
phone.
FingerPal will suggest the most beneficial fees for merchants and banks. Our pricing model
will be more satisfactory for merchants as interchange fees will be set lower than common
plastic card fees. We consider that the interchange fee cannot be too high so as to gain
acceptance to FingerPal service. On the other hand, the interchange fees cannot be too low so
as to retain the interest of customer’s bank to cooperate with FingerPal. Consequently, we will
strive to provide the best and most convenient fees for both merchants and banks.
2.2 Revenue Model
FingerPal will provide an interchange fee lower than the current plastic card transactions
fees. The revenue will be based on the number of transactions within FingerPal network.The
low cost of transaction process will offer competitve choice for merchants.
The table presents current average interchange rates for VISA, MasterCard in Ireland
compared to FingerPal transactions’ fees2.
Card Type
Chip & Pin
MasterCard
Electronic/
Consumer
VISA Commercial Retail
0.80%
2.30% + 0.10
FingerPal
0.70%
2.20% + 0.10
2.10% + 0.10
Pay Pass
0.80%
---------------
-------------
Enhanced
Electronic
0.95%
-----------------
--------------
2
www.interchangefees.com/Compare.html, visa.com, mastercard.com
Masters in eCommerce 2009 – Dublin City University
Chapter 2 Business Model
2.3 Facilitators
Banks
FingerPal aims to form strategic partnerships with banks who will be involved in
transactions processing. The company’s device will be purchased by merchants. This will allow
FingerPal to connect retailers to our network. These includes Irish merchant’s banks and
consumers’ banks3.
Hardware manufacturers
Secondly, FingerPal aims to form partnerships with biometrics hardware manufacturers
who will provide devices for POS systems. We plan to cooperate with the following company:
Biometric Access Company (BAC) - the company was established in 1996 and its main
base is located in Round Rock in Texas. BAC provides various fingerprint technology solutions
for lowering risks in organizations . The company’s products include hardware and software
applications of biometric technologies.
One of the BAC’s offering that can be competitive for FingerPal is SecureTouch Solutions.
The product is based on a terminal SecureTouch Advanced Modular (STAm™)4.The device
provides the opportunity of adding features that are neccessary for certain industries. For
instance, the terminal can serve various purposes such as payroll check cashing, Credit/Debit
Transaction Processing, Pharmacy Controlled Substance Tracking, Pharmacy Physical Access
Control, Time & Attendance, Age Verification. The device can be extented depending on the
customers needs. Options include a barcode scanner, printer, camera, document scanner,
modem and finger imager. Thus, the customers can add extra features and utilize, among
others, a biometric technology in concluding retail transactions.The scanner is built of an
optical imager. It can be utilized as a ID verification, digital signature for authorization of
transactions, electronic payment by means of a fingerprint, or cashier logon. The device is
secure thanks to encryption that is provided when the data is transferred to the server. The
advantages of the system is the fact that every seller can keep up with changes and easily
adjust a simple plastic card processing device to changing businesses and customers
requirements.Thus, the device can never become outdated.
The other product offered by the company is Secure Payroll Check Cashing. The product
provides the opportunity to verify the identity of customers and provides authorization of
transactions by a fingerprint scanning process. A customer’s fingerprint image is enrolled and
then utilized as a method of verification in check transactions. Such a way reduces the check
losses and provides security for check fraud. The solution can be implemented in the exisitng
3
4
See Appendix 5 for details.
See Appendix 7 for details
Masters in eCommerce 2009 – Dublin City University
14
Chapter 2 Business Model
POS systems or be utilized a s a separate application. This resuslts in no requirements for an ID
in check transactions. The customers are only required to swipe their finger for authorization.
ID card has to only be presented at enrollment.
VeriFone – The company was founded in 1981 in Hawaii and provides point-of-sale
devices. The company delivers their products to various industries, including financial,
hospitality, petroleum, retail, helthcare. In 2005 Verifone merged with BAC to incorporate
biometric solutions into their equipment. In particular, their devices can be added extra
features such as a fingerprint scanner for processing payment transactions .
2.4 Growth Strategy
The growth strategy of FingerPal involves several stages:
Stage 1 Prototype development and Funds Raising
This stage will focus mostly on developing the software for fingerprint recognition and
image retrieval. The company will also gather funds neccessary for the technology
improvements and the creation of the company. Once the software is completed we would
like to have all patents filed so as to protect the IP rights of our product.
Stage 2 Forming Strategic Partnerships
Stage 2 will be performed concurrently with stage 1. FingerPal will form strategic
partnerships with the members of its value chain, including banks, merchants and biometric
hardware manufacturers.
Stage 3 Market Penetration
This phase will concentrate on market penetration, marketing and advertising. This phase
is a crucial point in the growth strategy as it involves gaining recognition on the market and
reaching customers. FingerPal will distribute its infrastructure in small retail chains such as
spar and Centra. We aim to subsequently extend the value chain by supermarkets and other
retail outlets. Next step will involve the penetration of restaurants and petrol stations in order
to enhance the volume of transactions.
Stage 4 Extension of Customerbase
Once FingerPal position on the market is established, we will extend the scope of the
business. FingerPal will allocate financial resources to research & devlopment of utilizing our
service in online transactions. We will develop the infrastructure for making online transaction
by fingerprint.
Masters in eCommerce 2009 – Dublin City University
15
Chapter 2 Business Model
16
2.5 Key Milestones
FingerPal aims to develop the business in several phases in the first years of operation.
The key milestones include:
1. Patents filed by March 2010.
2. The financial resources for the start-up raised by the end of 2009.
3. Tested, approved, working software fully intergrated with hardware and the network by
February 2010.
4. Agreements with the Irish banks and merchants signed by January 2010.
5. Partnerships withb hardware providers formed by the end of 2009.
6. February 2010 FingerPal transaction systems appear in the retail sector.
7. August 2010 FingerPal system appears in petrol stations.
8. February 2011 the implementation of the system in restaurants and canteens.
9. By the end of 2011 research and development for the online transactions.
10. Early 2012 implementation of the system in online transactions.
Milestones Chart
START DATE
END DATE
Business Plan Completed
20/05/2009
31/07/2009
Software/Applications Working
20/05/2009
31/12/2009
Start-up Financial Investment Raised
20/05/2009
20/01/2010
Patents Filed
31/11/2009
31/12/2009
Banks Agreements Signed
20/10/2009
01/01/2010
Partnerships with Merchants Formed
20/10/2009
01/03/2010
Masters in eCommerce 2009 – Dublin City University
17
Partnerships with Hardware Manufacturers Formed
20/10/2009
01/01/2010
First FingerPal Transactions in Retail
01/02/2010
n/a
Implemenation of FingerPal in Restaurants, Petrol Stations
01/08/2010
n/a
Research&Development Investment
01/05/2010
01/12/2010
FingerPal in Online Transactions
01/04/2011
n/a
Masters in eCommerce 2009 – Dublin City University
Chapter 3 Market Research
18
Chapter 3 Market Research
3.1 SWOT Analysis
Internal
Strengths
Weaknesses
Convenient and easy to use way of
payment- no need for carrying cash,
checks or plastic cards
Reduction of queue times- quick and
effective way of processing query
Advanced technology for extraction
of features from the fingerprint
Convenient and safe way of signing
for the service
Reduction of identity fraud
Lower cost per transaction for the
merchant, compared to standard
debit or charge card fees
Enhanced merchant’s image
Storage of the fingerprint template,
not the actual image:
Enhances security-compatible with
law enforcement authorities’
systems
Reduces the processing product
price - less memory and processing
power required
Long term guarantee for accurate
user authentication- fingerprints do
not change over time (compared to
other biometric methods)
Free for customers
External
Possible forgery, the cryptographic
keys are vulnerable to attack.
Privacy and trust issues - people are
very protective about their personal
information
Costs of implementing new system
(new equipment, software,
integration issues, staff education)
Balance between the security of the
system and acceptable error ratefingerprint is not an exact match
only with certain probability.
Denied access to the financial
fingerprint is affected by cuts, dirt,
chemical solution etc.
Opportunities
Threats
Wide variety of possible applications
across a range of vertical sectors
Alternative way of payment or even
replacement of plastic/smart cards
payment
Extensive scope for biometric
devices manufacturers and software
Resistance to accepting the new
payment method by public
Slow take off of the technology
Intensive competition from different
biometric solutions providers and
non-biometric technologies
providers (tokens, RFID, smart cards)
Masters in eCommerce 2009 – Dublin City University
Chapter 3 Market Research
developers offered by the biometric
market to improve the quality of
service at affordable price for the
mass market
Beneficial state of biometric market rapidly growing rate of the biometric
market and development of
biometrics solutions
No biometric payment methods
implemented on the Irish market
Worldwide trends in the financial
and retail sectors and growing
acceptance of new way of payment
A threat that other biometric
companies develop similar solutions
Difficulties in demonstrating clear
value proposition for biometric
implementation – ROI for
corporations; merchants run a risk
that FingerPal will not acquire a
beneficial number of users
3.2 Market Analysis and Trends
Industry overview
During the last two decades there is visible rapid development of the payment methods.
The first approach to replace “real” money by their “virtual” equivalent is presented by Chaum
(1985). He introduced the system that employs small card computer which are utilized by user
to process all kinds of payment. Using this solution consumer does not need to carry cash any
more, because all the transactions would be performed virtually through the card computer.
Smart card based payment system was also implemented in Germany. User could upload
money directly from personal bank account using the EC-Karte with inserted chip or magnetic
stripe and then pay with the collected money at the POS terminal.
Nowadays, the most attractive and innovative approach in payment systems includes the
mobile payment and biometric payment. Mobile payment solution utilizes mobile phones as a
payment instrument. The German provider of these services- Paybox, had to liquidate the
business in 2003 though because the gained customers base was not sufficient in order to
break even. The second solution implements biometry to manage the personal financial
resources in the new and innovative way. The biometric payment system is described by Van
der Ploeg (1999) as the example of the ATM that utilizes the voice recognition and the iris
scanning to perform the user’s authentication process. Marshall (2003) reports discuss the
supermarkets in United States that introduced the finger based payment solution.
According to the report “Global Biometric Market - New Opportunities (2007-2010)”
provided by leading market research company RNCOS, the growth of biometric market is
expected to be at a CAGR of over 24% in the period from 2007 to 2010.
Masters in eCommerce 2009 – Dublin City University
19
Chapter 3 Market Research
Increasing concerns for personal and global security and appearance of innovative
technologies will drive the remarkable growth of the biometric industry.
Other growth factors are low ownership costs, comfortable and simple usage, and easy
compatibility with existing networks infrastructure and internal systems, easy application of
developed IT security solutions, rising engagement of established corporations.
Biometrics solutions has been already implemented in several areas such as enterprisewide network security infrastructures, secure electronic banking and insurance, health and
social services, low enforcement for security and privacy solutions.
Percent of Biometric Market by Vertical Sector
Figures from IBG’s Biometric Market and Industry Report 2006-2010
Several organizations like banks, security monitoring providers, driver licenses, passport
programs, retail shops, petrol stations, restaurants, enterprise and government networks
gaining already from applications of biometrics industry.
The government and law enforcement sectors appear as major biometric industry users
with the market share of approximately 37% and 25% respectively. The financial and health
care sectors become increasingly important users with the rapid rate of biometric utilization.
The growth represents CAGR at the level of around 45% and over 31% respectively from 2008
to 20125.
5
“Global Biometric Forecast to 2012”./sept 2008
Masters in eCommerce 2009 – Dublin City University
20
Chapter 3 Market Research
The most popular among biometrics techniques are facial recognition, fingerprint, iris,
AFIS and they are expected to constitute over 80% of the global biometric market by 20126.
3.2.1 Industry Revenue Forecast by Sector
Figures from Development of a Bi-Modal Biometrics Business Solutions for Physical Access Control
Report, Frost and Sullivan, March 2007
The most revenue ($81.5 million) for the non-AFIS fingerprint recognition comes from the
financial sector fallowed by government sector ($58.7 million). According to the latest report
from Frost & Sullivan the financial sector contributes to more than a third of the fingerprint
biometric market revenues globally and is expected to grow for about $866.9 million achieving
the revenue of $948.4 million in 2011 that accounts for CAGR of 63.37% during the period
2006 to 2011.
The revenue from government sector is expected to grow from $58.7 in 2006 million to
$434.5 million in 2011. The growth represents CAGR at the level of 49.23%.
The healthcare biometric market is anticipated to growth at the most rapid growth rate
with the CAGR of 67.89% increasing revenue from $14.5 million in 2006 to $193.4 million in
2011.
Government
The demand for fingerprint biometrics systems is stimulated by rising implementation of
physical access control in government properties. The controlled access includes both entrance
into the buildings and restricted access sites within buildings.
6
“Global Biometric Forecast to 2012”./sept 2008
Masters in eCommerce 2009 – Dublin City University
21
Chapter 3 Market Research
The demand for face recognition is driven by execution of government programs such as
the mandatory requirement of biometrically-enabled passports (e-passports) applicable for
particular countries in Europe and Asia-Pacific. The revenue is also generated by meeting the
requirements of more comprehensive government programs such as HSPD-12 introduced in
North America that utilizes fingerprint biometrics for physical and logical access control.
Financial
The financial services become increasingly important target market for fingerprint
recognition although civil identity and government sectors are the early adopters of
biometrics. The trend appeared due to the undertaken activities to reduce identity fraud or
identity theft. The financial institutions adopt biometric solutions to comply with the
regulations of specific government programs in Europe and North America. The superior
government programs include:
o
The 2005 Federal Financial Institutions Examination Council (FFIEC) guidelines
o
The Sarbanes-Oxley Act of 2002 (Section 404)
o
The Basel II Accord7.
The requirements caused the increased demand for risk limitation, more precise
employee audit processing and secure authentication of banking accounts. The ATM machines
with embedded biometrics sensors are gaining popularity, in particular in the developing
regions. The customers can withdraw money from personal bank account using only
fingerprints instead of carrying an ATM card. The ATM’s with biometric sensors can also serve
more unique purposes. The relief organisations such as WHO can use the biometricallyenabled kiosks and ATMs to expand the aid. The provided biometric systems guarantee the
access to the funds only for the legitimate recipients.
The demand is also driven by adoption of physical access control in financial institutions
and to entry into secured data centers. The logical access control applicable for employees log
on and online trading is stimulating further revenue generating opportunities.
Healthcare
The requirement for physical access control to enter the healthcare institutions such as
the intensive care is stimulating the popularisation of biometrics solutions, especially
fingerprint recognition.
7
Strong Growth for Biometrics in Financial Institutions Expected Globally, Frost & Sullivan May-30-
0
8. Press release: Findbiometrics, Global identity management
Masters in eCommerce 2009 – Dublin City University
22
Chapter 3 Market Research
The restricted access to the patient confidential records that can only be entered by
authorized medical staff also stimulates the fingerprint systems implementation at the shared
workstation in hospitals. The Health Insurance Portability and Accountability Act (HIPAA) have
determined the need for enhanced security solutions in North America.
3.2.2 Applications
Percent of biometric market by technology
Figures from IBG’s Biometric Market and Industry Report 2006-2010
Fingerprint recognition
Fingerprint recognition is the most popular biometric solution with the market share of
43.6%. It is also the most mature form of biometric identification. Wide scale implementation
lowered the product price making the technology the lowest cost solution on the current
market. It is deployed for physical access control, logical access control, civil identification,
time and attendance and is also becoming increasingly utilized for customer identification. The
vertical sectors that need to enhance security standards and comply with the legal regulations
and such as government, financial services and healthcare sectors are the common users of
fingerprint readers. Newly developed sensors allow deploying fingerprint readers even under
difficult conditions.
Masters in eCommerce 2009 – Dublin City University
23
Chapter 3 Market Research
Face recognition
Face recognition fallow fingerprint recognition biometrics as the second most popular
solution with the 19% of the market share. New trend- 3D face recognition is successfully
deployed in physical access control and time and attendance applications for verification. Law
enforcement sector has utilized 2D face recognition systems for verification. Face recognition
is suitable to apply in environment where employees have busy, dirty or greasy hands when
entering or leaving buildings or where there is a high volume of traffic- for example
transportation sector. The technique is also increasingly adoptable by the civil ID market.
Hand geometry recognition
Hand geometry is the longest utilized biometric modality. The technique is implemented
in physical access control, time and attendance, and personal verification systems. It can be
utilizes in very harsh environment. Hand geometry applications are able to process 1:1
verification though 1: N match capability development is currently in progress. This biometrics
is does not have so wide-scale deployment as fingerprint that resulted in higher processing
costs and lower level of accuracy.
Iris recognition
Iris recognition is also biometric solution at mature stage of development. This technology
has the smallest scope of environments of all biometric solutions where it can not be used.
Single enrollment is usually sufficient for a lifetime, because of the template longevity. Iris
biometrics has been already implemented for access and border and immigration control
systems. It is also considered for deployment in future e-passports and authentication onto
mobile devices.
Vein recognition
Vein recognition solution is still an emerging technique. The prime target markets for vein
biometrics are the healthcare and financial services sectors and also transportation sector
shows interest. It is already deployed in high-risk facilities such as nuclear reactor and
biohazard lab. The universities and casinos with their cash room security systems are also
among the users. The technology can be utilized in a high volume of traffic environments and
has low data storage requirements.
Voice recognition
Voice recognition biometrics is implemented in call centers and financial institutions’
systems for physical access entry and where the remote customer identification is required
over a phone or online. The solution is not implemented in such a wide scale like the other
biometrics modalities.
Masters in eCommerce 2009 – Dublin City University
24
Chapter 3 Market Research
Summary
The fingerprint recognition biometrics is the most mature and developed technology with
the market share. The economic scope lowered the prices for fingerprint recognition devices.
The infrastructure and operation methods are well defined. This biometrics solution was
already successfully implemented in few sectors in worldwide markets for payments or similar
operations. As a result we decided that fingerprint recognition solution will be the most useful
and convenient to implement for FingerPal business activity.
There are different kinds of biometrics systems that have been applied in financial sector.
The technologies include face, non-AFIS fingerprint, vein, voice, iris, hand geometry and
signature recognition. The degree of acceptance varies among these technologies. The chart
above illustrates the distribution and level of utilization across the most popular biometrics
applications in financial services- Transaction authentication, logical access control, physical
access control.
Clearly the non-AFIS fingerprint recognition occupied a dominant position on the market
in 2006. It is the most mature technology with the lowest cost and high accuracy as the key
advantages. It is commonly used in physical access control and logical access control as well as
in transactional authentication. The non-AFIS fingerprint technology is widely used across
financial institutions to manage funds at the ATM machines, to access to the bank vaults,
internal bank management or the business PC’s.
Other biometric solutions that are gaining popularity are the voice verification and vein
recognition. The voice verification technology was implemented in several banks in Europe for
telephone banking purposes in order to allow for remote user’s authentication. Large-scale
Masters in eCommerce 2009 – Dublin City University
25
Chapter 3 Market Research
26
commercial deployment of voice biometrics was made by the ABN-AMRO Group based in
Netherlands in its contact centers for telephone-banking client verification in 2006.
Vein recognition that consists of recognition of the vein patterns in the palm and finger
commonly deployed in Japan and South Korea until 2005. In 2007 it has begun to appear as an
increasingly important alternative to non-AFIS fingerprint recognition solution, in particular for
biometrically-enabled ATM’s and gradually for physical access control.
According to Hitachi by mid of 2007, vein recognition was utilized in about 85 percent of
Japan’s ATM’s for customer’s authentication8.
3.3 Future trends
According to the survey about the future perspectives of fingerprint based payment
systems conducted by the German supermarket chain EDEKA respondents are quite optimistic.
35% have no doubts that the fingerprint solution will be prevalent in the future. 52% assign
good chances to it and only 13% consider that the fingerprint payment systems will be rejected
by the majority9.
According to the survey from TNS, Market Research Company, 60% of respondents
worldwide think that payment for the transaction just with the use of fingerprints will be
possible by 2015.
The survey (2008) from Unisys, the information technology consulting company, reveals
that more than 70% of consumers will provide banks and government agencies with their
personal biometric data for identity verification.
Global Revenue Forecast of Fingerprint Technology
Revenues ($) mlns
2500
2000
1500
non-AFIS
1000
500
0
2006
2008
2011
Years
8
Vein Recognition Use Grows, John Wagley, January 2008.
A Case study on digiPROOF, a Fingerprint Based Payment System, M.Mayer, N.Bridgeman,
L.Muller, NACCQ Conference 2006.
9
Masters in eCommerce 2009 – Dublin City University
Chapter 3 Market Research
The revenue of the non-AFIS fingerprint biometrics market is predicted to reach the level
of $2.2 billion in 2011 from $178.0 million in 2006, which accounts for compound annual
growth rate (CAGR) of 65.7 percent between 2006 and 201110.
3.4 Growth Drivers
1) National security concerns
•
Increased deployment of biometric solutions for citizens, employees and
foreigners initiated by government
•
Further development of already implemented national security programs including
(US-VISIT, EU-VIS/ Schengen VISA, Registered Traveler Program)
2) Identity management
•
Increased demand for biometric solutions that can provide identification,
authentication and authorization of individuals to the secured resources
3) Identity theft concerns
4) Popularization of wireless devices to confirm the physical presence or/and access sensitive
resources
5) Availability of the devices with increasing functionality at the decreasing prices- better
value proposition
6)
Standardization
•
Limited confidence in proprietary hardware and software
•
Improved interoperability across algorithms, devices and infrastructures
7) Enhanced manufacturers’ and developers’ equipment
8) Increased interest and involvement of well-known organizations (IT firms, electronics
providers, system developers and integrators)
3.5 Market segmentation
For the purpose of segmentation of the target market we have classified (retail providers),
who are likely to adopt biometric payment in order to provide better service to the earlier
described end users. The segmentation is based on the structure of the current retail market in
10
Development of a Bi-Modal Biometrics Business Solutions for Physical Access Control, Frost and
Sullivan, March 2007
Masters in eCommerce 2009 – Dublin City University
27
Chapter 3 Market Research
Ireland. Our research confirmed that retailers that use plastic card infrastructure for payment
would implement another innovative and convenient alternative for finalizing the transactions
to gain the competitive advantage and follow the trends on the market. We identified a
distinctive group of retailers that represent FingerPal potential customers.
Retail Sector
FingerPal primer customers are the retail sector businesses in Ireland. FingerPal will
target them in the first years of the business activity. The Irish retail sector may be
divided into the following subsectors:
1 Supermarkets
Our main customers will be the major supermarket chains in Ireland. These are the main
customers for us because payments for consumer goods account for majority of
transaction on the daily basis. Particulary, we would like to target Tesco (91 stores
across Ireland), Dunnes Stores (123 stores), Superquinn (21 stores), Marks and Spencer,
Aldi and Lidl11. The reduction of queue times and lower fee per transaction is of a great
imporatnce to the supermarket chains considering the number of customers and card
payment transactions conducting every day. Especially chains with cut-price brand
image (Tesko, Aldi, Lidl) might be interested in fees reduction per transaction.We
consider beneficial targetting the chains of stores as this will provide us with the access
to a bigger number of consumers, and, consequently, higher revenues from transactions.
2 Convenience Stores and Newsagents
We would also like to target smaller merchants including SuperValu (182 stores), Spar
(430 stores), Londis, Centra (450 stores), Mace, XL Stop and Shop, CostCutter and Vivo.
FingerPal system would be attractive to the convenience stores because of the opportunity of
adding value to the customer service by introducing convenient and easy to use way of
payment. The customers of these kinds of shops are usually interested in quick shopping, so
the biometrics payment advantage would be also saving time for busy customers. FingerPal
could gain access to the different type of customers. The grocery shops would be also
important revenue stream for FingerPal, because the purchases include usually more
expensive products (mostly beer, liquor, cigarettes) and the time of opening our is usually
extended.
11
Retail in Ireland, in Global Oneness, August 10, 2006
Masters in eCommerce 2009 – Dublin City University
28
Chapter 3 Market Research
2.1 Petrol stations
The subsection is also petrol stations that have alliances to provide convenience stores in
the station area. Few brands fall into this category such as: Maxol stations and Mace, TOP
stations with Londis outlets Esso stations with On the Run stores, Statoil with Fareplay stores.
FingerPal payment system has the possibility to reduce the card payment fraud. It is the
important advantage to increase customer confidence after a spate of card cloning cases.
There is opportunity to retrieve electronic payment user and increase amount of users utilizing
electronic payment.
4 Department/Clothing Stores
We aim to also target clothing shops, in particular, the largest chains of shops in Ireland.
These include Dunnes Stores (123 stores), Primark, Debenhams, River Island (17 stores), Clerys,
Arnotts, Heatons (57 stores nationwide). The stores would be attracted to the alternative
payment systems in order to add value for the customers. The clients of these shops are more
likely to use electronic payment methods, because the value of the transaction is usually
higher than for daily customer goods.
5 Shopping Centres
The Square, Tallaght, Blanchardstown Centre, Liffey Valley Shopping Centre, and Dundrum
Town Centre. This sector creates best- revenue generating opportunities. The shopping
centers cumulate wide range of different types of stores that result in attracting large base of
customers with various needs. Adoption of the fingerprint payment would be of great benefit
for FingerPal especially at the early stage of launching on the market. The competition
between the merchants is intensive, so there is possibility that they are most likely to adopt
new alternative payment system to gain competitive advantage. The benefits of FingerPal
system would reduce the queue times, offer convenient way of payment and lower the fees
per transaction. The introduction of the fingerprint recognition biometrics in high standard,
popular shopping centers could start the new, modern trend in payment methods.
3.6 Promotion
For adoption of the fingerprint recognition payment by the end-users it is necessary to
publicize the benefits that they can gain by utilizing FingerPal system such as time
effectiveness, cost effectiveness, convenience in payment, security enhancement.
The marketing campaigns should reduce customer fear of giving away their personal data
highlighting that there are not actual hand graphics stored, but only templates and the law
enforcement systems are not compatible with FingerPal system, so the data can not be used
law authorities.
Masters in eCommerce 2009 – Dublin City University
29
Chapter 3 Market Research
Advertising through the promotion channels for example homepages of the wellestablished retail brands in order to gain customer trust and effectively build the brand
awareness. We will also utilize industry media and public relations to well-establish FingerPal
brand. The end-user impressions will enhance the product review in publications and direct
mail to target groups. Few brands in each retail subsection will be approached at the beginning
starting from most popular shopping centers.
We also assume the demonstration of the prototype to retail brands and also at the trade
shows to show working product and the same increase trust and increase brand awareness
and also gain wider customer base.
FingerPal will achieve the sales goals cooperating with biometrics devices providers. We
might also utilize two ways promotion that can be beneficial for both sides and might help to
attract customers from different sectors than firstly assumed.
3.7 Pricing
The interchange fees should be lower for the first biometrics payment adopters to
encourage FingerPal system implementation. The spillover effect will occur when more and
more customers will sign for the service. Once value of the FingerPal product increases after
gaining the critical mass market we will raise interchange fees for the late adopters.
With biometrics, the ability of financial institutions to provide more value to their
customers, while complying with regulations, can provide them with a competitive advantage.
3.8 PEST Analysis
Political/legal
FingerPal has to take into consideration political and legal issues that are related to their
services. Due to the fact that the company will make use and control personal data, certain
legislative issues have to be met. In the fingerpal database we will store fingerpirnt images
togehter with the personal information such as the name, adress or bank account number of a
given person. Thus, the system has to provide high level of security and fraud prevention.The
company has to comply with certain privacy and data protection regulations. These include
Data Protection Acts, in this case with Irish law Data Protection Act 1998 amended by Data
Protection Act 2003. Moreover, the company has to comply with the regulations contained in
Eprivacy Regulations 2003 (S.I.535) that cover the data protection for, among others, Internet
use. European directive covers all the aspects related to biometric data protection. (For
details, see appendix 4).
Masters in eCommerce 2009 – Dublin City University
30
Chapter 3 Market Research
Economic factors
The current economic situation may be infavourable for FingerPal. Almost every industry faces
problems at the moment, thus, retailers may be reluctant to implement new systems in their
stores. The biometric market experienced a drop of 10 % in revenues, as of year 2008
Nevertheless, according to Loni Prinsloo, one of the biometric companies, Ideco, is
reported to experience increase in business despite of economic downturn12. Apparently,
there are concerns related to the criminal activities that may increase due to the economic
situation. Consequently, the employers have become concerned about potential fraud. Thus,
the company finds customers who appreciate utilizing biometric technologies in their
organizations.
What is more, as stated by Matia Grossi in Frost & Sullivan Report the adoption of biometric is
expected to increase almost three times between the years 2008 and 2012 13. In particular, the
importance of Biometric technologies is growing in the fields of government security,
passports, identification of new-comers in airports, or preventing the theft of identity. The
biometric solutions are becoming more and more prevalent in many areas of the market,
including retail, educational, financial or healthcare sector. The more popular biometrics
include iris scanning, hand shape recognition, vein scanning of palm, retina scanning, face
recognition.
According to the research, the economic slowdown opens new possibilities for the European
biometric market. The biometric systems offer more secure options for identification of
individuals, such as unique features. Thus, the identity measures are more secure and meet
the security concerns in a more effective way than the standard solutions. As stated in the
report, the number of transaction fraud is growing, which, consequently, triggers the need for
a more advanced and precise identification. What is more, the biometric sector in Europe is
being supported by government, banks and other commercial activities. There is an increase in
the production of biometric solutions for financial, retail, educational and healthcare fields of
the market. What is more, given the statistics related to the contiuous growth in credit card
transactions14, FingerPal may have similar opportunities with a new payment system.
12
Prinsloo R. , Biometric systems firm experiences surge in business despite economic slowdown. 2009
13
Frost & Sullivan: Advances in Biometrics Remedy the Need for Increased Security
March 2009, Newswire.
14
See Appendix 6 for details
Masters in eCommerce 2009 – Dublin City University
31
Chapter 3 Market Research
Sociocultural factors
The sociocultural factors include the adoption rate of the customers. The number of enrolled
customers and the volume of transactions will determine the success of the company. Thus, it
is an important aspect to break the barrier of social acceptance and prejudices towards the
new method of payment. Customers may be reluctant to new way of processing transactions
as they were to plastic cards. Thus, it is necessary for the company to promote the brand as a
secure way of payment and attract as many users as possible. The attitudes to new products
vary. In particular, depending on the age, the users may be more or less willing to use
Fingerpal’s services.
Technological Factors
The maturity of technology and development funds are crucial for the success of FingerPal.
Thus, in the first years the company has to make substantial investments in the development
of the platform and outpacing the potential competition. The technology solutions offered by
our company will provide better quality and standards of point-of-sale transactions. The
technology can provide benefits for both customers and merchants. Merchants may benefit
from implementing our technology thanks to faster transactions processing, greater customer
experience and convenience. The merchants who will utilize Fingerpal will be perceived as
more innovative and up-to-date in the eyes of the customers.
3.9 Overview of end users
The end users of FigerPal are crucial for the success of the company. Due to the fact that
FingerPal’s success requires a high volume of transactions, our business is highly dependant on
the end users of the system. We reckon that it is complicated to fully define the potential enduser of FingerPal, due to the fact that it is a scalable product and anyone can become its user.
Nevertheless, there are certain criteria that, in our opinion, which can determine the end users
of FingerPal. First of all, our targeted end-users will be located in Ireland. As the business will
grow, we plan to expand internationally. Moreover, one of the characteristics of FingerPal’s
technology is the fact that it is very innovative. This will influence the first potential users of
the system. Thus, it can be said that the end users will be young, more open to novel
technological solutions.
Another aspect crucial when defining the end users is the social acceptance. The success
of our company is highly dependant on overcoming the problems with negative attitudes
towards providing biometric information by individuals and the security of the system.
However, according to statistics from 2002, the fingerprint based system could be successfully
implemented on the market. The research showed that the potential users may come from the
groups using digital methods of payment instead of cash. The research in the existing methods
of payment identifies several key factors that influenced the success of these methods. The
Masters in eCommerce 2009 – Dublin City University
32
Chapter 3 Market Research
customers choose methods of payments influenced by their cost, convenience, security and
privacy. According to questionnaires related to method of payments utilizing biometric
systems, the users who already used plastic cards were observed to show an interest in
fingerprint-based method of payment. In contrast, the users who prefer to pay by cash were
not willing to become the users of a bometric or other electronic method of payment. The
customers who prefered cash stated that the benefit of this method of payment is a better
overview of spendings. Moreover, the research states that 72% of respondents considered
fingerprint-based payment will be popular in the future, whereas only 17 % said they cannot
see a good prospect for this system. Finally, according to the research, most respondents
claimed that security is the crucial point in such a system, followed by data protection,
diffusion of the system and accuracy. On the other hand, the respondents pointed that the
advantages of using the system would be convenience, ease-of-use, speed, tokenlessness,
practicality.15
According to statistics, biometrics market does not resemble the typical path of disruptive
innovations adoption. In contrast, the end users adopt biometric technologies over a longer
period of time. The development of biometric technology is incremental and there are
improvements of such technologies to provide advanced capabilities. The researchers claim
that the adoption of biometric technologies will resemble the pace of growth of ATMs which
obtained almost 70% of adoption over a period of 20 years16. The biometric market has been
developing for the last 10 years. At the moment , the technical advancements in biometric
technology, lowering prices of biometric scanner-enabled devices and more positve social
attitudes suggest a strong market expansion.
Currently, the technology adoption is reaching the point to gain early majority of users.
This provides a great opportunity for FingerPal as it is predicted that biometric market will
evolve and gain more users in the coming years 17.
15
Mayer M., Bridgeman N., Muller L., A Case study on digiPROOF, a Fingerprint Based Payment System.
NACCQ Conference 2006.
16
Acuity Market Intelligence. Current State of Biometric Market.
17
C. Maxine Most, The Current Biometrics Marketplace, Acuity Market Intelligence, Digital Money
Forum, March 31, 2009, London.
Masters in eCommerce 2009 – Dublin City University
33
Chapter 3 Market Research
3.9.1 End-users: Survey analysis
In order to measure the social acceptance, interest and opinion about fingerprint-based
transaction method, we conducted a survey among random respondents. The survey was send
by email to 60 respondents in Ireland, Poland and Spain and distributed and collected as a
document to 20 people in Ireland. The purpose of the analysis of the data collected was to
determine the current state of social attitude towards biometric method of payment.
Survey results18:
About 68 % described the product as good, 56% said it appears to be of a high quality.
There was a tendency that respondents liked the convenience, innovativeness and practicality
of the product whereas they liked the least the possibility of others getting access to their
biometric information and using it in an undesirable way. Other negative attitudes included
accuracy of the system, data protection, speed of performance and lack of willingness to
register with another method of payment (as the exisitng ones are enough). Respondents
considered security the most important aspect of the system, followed by accuracy and speed
on performance. Almost 70% of respondents heard about the term biometrics before, whereas
only 15 percent have a fingerprint scanner build in their laptop. 65% of respondents said they
are somewhat willing to provide their biometric information whereas only 24% said they are
not willing at all. 73% see the potential of biometric technologies in financial transactions. The
opinions were not heavily influenced by male or female respondents. However, the age was
significant, most respondents at the age of 20-29 were more positive about the technology,
whereas most negative opinions came from the group over 40 years old.
18
See Appendix 2 and 3 for details
Masters in eCommerce 2009 – Dublin City University
34
Chapter 3 Market Research
3.9.2 Feedback from the customers
We conducted several questionnaires and interviews with potential customers of
FingerPal, including Spar, Tesco, Centra, Londis, Dunnes Stores shops managers. Most of the
feedback was positive, with 80% of managers interviewed willing to implement such systems
in their stores.
In additon, we contacted several banks who may be potential partners. The responses
were postive, with most of the banks stating that they see the potenital in biometric
transactions and willing to pursue agreements with FingerPal in the future. The banks and
merchants were asked to evaluate the potential of FingerPal. They were also asked to indicate
the negative and success factors and their opinion with regard to overcoming the existing and
strong competition from plastic cards, checque and cash payment methods.
Masters in eCommerce 2009 – Dublin City University
35
Chapter 4 Competitive Review
Chapter 4 Competitive Review
4.1 Industry Forces
Supplier Power: There is a high power of supplier. FingerPal provides the software, database
and maintanence of customer information. However, our company is currently not able to
manufacture the equippment, thus, relies highly on the facilitators and their requirements.
Thus, it is neccessary to rely on the suppliers of fingerprint biometric hardware for sale
transactions. There is a large number of suppliers of biometric devices, thus, in that case their
power is low as FingerPal may choose the best possible price and technology that will fulfil
company’s
requirements. Nevertheless, there is threat that the suppliers may become
potential competitiors.
FingerPal will also exert influence on suppliers as the more successful the company is,
the greater the benefits for suppliers. Suppliers power is also high due to the fact that
FingerPal is dependant on other facilitators, including banks.
Buyer Power: There is a high power of buyers. The primary customers are retail merchants
who will have to accept the system and implement it in their stores. The second group that
FingerPal highly relies on are end users. They will exert a strong influence, due to the company’s
dependance on volume of transactions. Thus, their power is high as the more users of FingerPal,
the more attractive systems will be for merchants. Nevertheless, as at the moment there are no
direct competitors of FingerPal on the market, once the system is implemented in stores it
makes it expensive to replace it with a different one. Thus, high switching costs will provide the
advantage of retaining the customers.
Competitive Rivalry: The power of competition is low as there are no direct competitiors.
At the moment, there is no company providing a similar services as FingerPal.
However, there is a risk that the biometric companies who manufacture fingerprint scanning
devices may become the competitors and offer equally attractive prodcuts or services.
solutions. The potential competitiors may utilize existing software that recognizes fingerpritns
and supply it to other companies.
Threat of New Entry: The power of new entrants is very high as there are numerous
companies who develop bimoteric technologies, have access to hardware and neccessery
software. There is a possibility that the biometrics in retail become increasingly popular
and that biometrics solutions providers may invest in this sector. However, FingerPal
would create lock-in barrier by being the first provider of such solutions on the market. The
main task will be to retain customers and provide high satisfaction at a competitive price. What
is more, there are economies of scale as biometric technologies may be developed and
Masters in eCommerce 2009 – Dublin City University
36
Chapter 4 Competitive Review
37
implemented in almost every place where point-of-sale
point sale transactions take place.
place Thus, new
entrants may quickly enter the market and weaken FingerPal’s position.
position. In order to preserve the
position, FingerPal will aim to protect the technology and service by IP rights.
rights.
The Power of New
Entrants
economies of scale
specialist knowledge
exisitng technologies - low
time and cost of entry
the power of buyer
competitivve rivalry
The power of suppliers
large number of potenital
customers
no exisitng competitiors
large number of suppliers
competiive advantage of
being first mover
low swithich costs of
suppliers
hgih influence of
customers
low swithich cost
threat of substiution
high threat of subtituions
suppliers may become
competitiors
Figure 1 Industry Forces
4.2 Competitors Analysis
At the moment, there are several indirect competitors of FingerPal on the market. It can
be observed that there is an increasing prevalence of firms who develop biometric technologies
for various purposes. Currently,
Currently there are about 71 companies directly or indirectly involved in
biometric technologie s 19. These companies deal with various functions that can be fulfilled by a
fingerprint scanner, inlcuding check cashing, point-of-sale
point sale transactions, online shopping,
employee monitoring.. Fingerpal’s aim is to establish cooperation and partnerships with one of
the companies who provide biometric scanners for palms and fingerprints. We feel that one of
the strenghts of FingerPal is the fact that there are no competitors on the Irish market
marke who
provide the same solutions as ours.
19
Based on www.biometric.org
Masters in eCommerce 2009 – Dublin City University
Chapter 4 Competitive Review
4.2.1 Competitive Advantage
We reckon that FingerPal has a competitive advantage for several reasons. First of all, at the
moment there is no similar service offered by any other company. Thus, FingerPal will be the
first mover on the market and has the advantage of gaining customers first. Thus, we will have
the opportunity to create a strong brand and retain customers, even if the competition will
appear on the market. A strong brand will also make it hard for the potential competitors to
enter the market.
First of all, we analyzed our direct competition whose products and technology solutions serve
similar purposes or have similar features to our offering. FingerPal’s competitors can be divided
into direct and indirect competition20.
4.2.2 Competitors and their products
Biometric Software and Hardware Manufacturers - Potential
Partners/Competitors
This companies are regarded as potential partners or competitors. Given the fact that these
companies develop both hardware and software for fingerprint transactions, there is a threat
that they will pursue similar to Fingerpal’s business activity.
Dermalog - A company founded in Germany in 1984 which develops hardware and software
for identification purposes. The company claims to have the largest number of patents in the
field of biometry. The company offers a wide range of products, including hardware and
software for various industries. FingerPal considers Dermalog to be a potential partner.
Nevertheless, there is a threat that Dermalog will enter the market as a competitor. One of
Dermalog’s products, is a terminal for fingerprint-based transactions.
Direct Competitors
Kimaldi Electronics - A company based in Spain with headquarters in Portuagal and
Mexico, specializes in developing products for identification of people. The organization
manufactures fingerprint readers and terminals, radio frequency readers, access control
devices, card readers, printers and other devices related to identification. Kimaldi is the
supplier of other manufacturers of card readers, figerprint sensors, ID management devices
such as Uniform Industrial corporation, Nigen Co., Evolis Card printers, MagiCard and other.
We consider Kimaldi one of the most threatening competitors, due to the fact that the
company offers digital fingerprint payment for restaurants. This products helps catering
institutions to manage payment services. In brief, the user registers with the service and then
20
See Appendix 1 for details
Masters in eCommerce 2009 – Dublin City University
38
Chapter 4 Competitive Review
customers places their finger on a scanner which automatically displays the menu and users
options. Customers can choose to pay by cash, ticket or a plastic card. The reader is connected
with point-of-sale computer. The amount is either automatically charged from customer’s
bank account or by the waiter, depending on the payment choice.
Indirect Competitors
We consider that our company may also face indirect competiton, namely, from wellestablished and professional plastic card companies who provide online transactions and
opportunity to pay by plastic card in any sales points.These include major plastic card
companies, such as:
•
VISA Ltd. – Founded in 1970 in the USA, Visa is one of the largest player in the field of
credit and debit card processing. Since it was established Visa managed to gain
acceptance towards electronic methods of payment. In 2006, Visa reached 44% of the
plastic card market share and 48% of the debit card market share in the USA.21 Visa
provides payment systems for merchants, large financial institutions, governemtns and
consumers. In 2008 Visa generated US$ 6.263 billion of revenue.22 Visa issues debit,
credit and prepaid cards. I also operated an automated teller machine network and
EFTPOS point-of-sale network. The business model is based on interchange fees and
interests rates coming from transactions processed through Visa’s network. Visa’s
products include Visa Buxx, Visa Debit, Visa Electron.
•
MasterCard – Established in 1966 in the USA, Mastecard is the second largest player in
the field of plastic card payments. Mastercard is reported to hold 22% of the US debit
card market share in 200923. Their revenues for 2008 were estimated at US $5
billion.24Mastercard processes payments between the banks, merchants and
customers. There are about 25000 financial institutions which issues Mastercard cards.
4.3 Intellectual Property
We would like to protect the IP rights of components of the company. We are in the
process of identifying our IP and defining the scope of ideas and invention we can lay claim to.
This wil reduce the risk of out potential competitiors entering the market with similar
solutions. IP rights will block the new entrants and secure our position on the market. At the
moment, we searched for similar patents in Espacenent database. There are two US
companies who have their patents approved in 2007 for using biometrics in financial
transactions. Nevertheless, they are no longer in operation. We contacted Tomkins who is a
21
22
23
24
How Visa operates, Forbes, February 25, 2008 .
Security Exchange Commission, http://idea.sec.gov/Archives
Hugh Son,m MasterCard Said to Lose Users After JPMorgan Shift, May 2009
http://en.wikipedia.org/wiki/MasterCard
Masters in eCommerce 2009 – Dublin City University
39
Chapter 4 Competitive Review
specialist in patenting and IP protection. The company would assess our product idea and the
potential to file for a patent. They will also provide us with the information related to the
current patents and overcoming this issue.
Masters in eCommerce 2009 – Dublin City University
40
Chapter 5 - Technology
Chapter 5 - Technology
In the following chapter we will proceed to describe in detail the technical solution
purposed as well as its future projections based on how it will be deployed in the market and
the security threads identified and properly mitigated.
5.1 Technical Solution
As described in previous chapters, we intend to present a revolutionary system to provide
users the ability to perform biometric payments in their everyday life. Such an easy and secure
system, will allow consumers to identify themselves and make purchases in the most common
transaction points.
Recent studies show that the non-stopping news about data thefts, credit card fraud and
other information security threads reduce substantially customer trust, ending in a reduced
use of such technologies. We think that by offering users a secure and easy system of
fingerprint scan authentication will help users to rebuild their confidence in safe transactions
and to boost e-business.
The system would work as a set of fingerprint scanners located in the endpoints, linked to
a centralized server which would perform the authentication process and the transactions.
Therefore FingerPal will work as an intermediate entity between credit card companies and
customers so that they can use their biometric data to carry out electronic transactions.
5.2 Technical overview and analysis
Fingerprint scanners have been considered quite an exotic and bizarre technology over
the last decades, but real thing is that such a technology can help to achieve high-level security
and protect data using high-profile biometrics.
A fingerprint from [binario.net.ve]
A fingerprint is like a built-in easily accessible identity card which indentifies uniquely each
individual. They are tiny ridges of skin located on humans’ fingers and mainly they make it
easier for the hands to grip things.
These ridges are determined based on both genetic and environmental factors. As we
know, the genetic code in DNA determines the general features on the way skin should be
Masters in eCommerce 2009 – Dublin City University
41
Chapter 5 - Technology
formed, but real thing is that the final result depends on a set of random events. These factors
can include the exact position of the fetus in the womb and the characteristics of the amniotic
fluid. Therefore, in addition to all genetic factors involving the way fingers will be formed there
is also countless environmental factors which determine the final shape. Thus, fingerprints are
a unique identifier for a person, and although two fingerprints may look the same, we can use
an advance piece of software to pick out significant differences.
The main aim of a fingerprint scanner is to collect a print sample and store it for future use
or to collect a fingerprint in order to mach it against other samples stored into a database.
There are two methods to capture someone’s fingerprint: Optical Scanning (OS) and
Capacitance Scanning (CS).
5.2.1 Optical Scanner
The internals of an optical fingerprint scanner are based on a Charge Coupled Device
(CDD), which is an array of light-sensitive diodes which generate an electrical signal when
exposed to light. Each diode, also known as photosite, records a pixel, which is the minimum
unit to represent the light in one spot. Once all the data has been captured we need an analogto-digital converter so that we can transfer all the information gathered into a digital
representation of the image. The scanner typically generates an inverted image, which means
that the darker areas represent more reflected light while lighter areas represent less reflected
light.
From www.tradetosuccess.com
Once the fingerprint has been captured and before it is matched against the fingerprint
repository, the scanner makes sure that the image captured is a clear one. In order to
determine if it is a valid image it checks the average pixel brightness and darkness and discards
the image in case it is too bright or too dark. The device may also adjust the exposure time in
order to capture more or less light in the next attempt. Once the brightness test is successful
the scanner checks the image definition by tracing lines perpendicular to the ridges and
looking for alternate sections of dark and light segments.
Masters in eCommerce 2009 – Dublin City University
42
Chapter 5 - Technology
5.2.2 Capacitance Scanner
Like optical scanners, capacitance scanners come up with an image representation of the
ridges and valleys of human fingerprints. They differ in the method used to generate such
images, while one uses a light source to detect variations on the skin, the other one uses
electrical current.
from www.superwarehouse.com
The above figure shows how a capacitive sensor works. It is formed by semiconductor
chips containing an array of cells. Each one of these cells contains two conductor plates,
covered by an insulating film.
From www.authentec.com
This sensor in connected to an integrator, which is an electrical circuit built around an
inverting amplifier. This amplifier is a semiconductor formed by a number of transistors,
resistors and capacitors, and basically alters one current into another current. The alteration
value comes from two inputs, the inverting terminal and the non-inverting terminal. The noninverting terminal is connected to ground while the inverting terminal is connected to a
sample voltage and a feedback loop. The feedback loop contents the two conductor plates. In
order to store current charge, the two conductor plates form a capacitor.
Masters in eCommerce 2009 – Dublin City University
43
Chapter 5 - Technology
When the user places the finger on the surface, it works like a third capacitor separated by
the insulating layers. When the finger is placed on the surface there will be some zones in
contact with the skin (ridges) and some air pockets (valleys). This way, the capacitor in a cell
under a ridge will have more charge than another one placed under a valley. To perform the
fingerprint scan, all cells are reset. Once the finger is placed on the device and the circuit is
opened, all the cells and the capacitors charge up depending on the contact with the skin. This
way, a finger ridge will result in a different voltage output than a finger valley.
Once the whole surface has been scanned and the voltage stored in the capacitors the
scanner processes every cell to determine if it was a ridge or a valley. The scanner can picture
a whole image of the fingerprint by combining the voltages of all the cells in a similar way as an
optical scanner does.
The main advantage of CS versus OS is that it requires a real fingerprint shape rather than
a light-based pattern which makes the impression of a fingerprint. Also, these types of devices
tend to be smaller and lighter than optical scanners as they don’t require a CCD unit.
5.2.3 Matching
When two images need to be compared, we need to extract specific features so that they
can be matched using a reasonable processing power. Matching by picture overlay isn’t a
reasonable approach despite what most people believe, when scanning a fingerprint we will
never get the exact sample every time, there will be differences. Therefore, we need to extract
certain features from the fingerprint that doesn’t rely solely on the image shape. These
features are known as minutiae.
from www.pagesperso-orange.fr
As we can see in the figure above the process consist on identifying certain anomalies or
distinctive features on the ridge lines of the fingerprint. The minutiae are of the following
types:
Masters in eCommerce 2009 – Dublin City University
44
Chapter 5 - Technology
from www.gisdevelopment.net
The matching process basically consists on measuring and locating the different minutiae
both in the sample and the stored image and look for coincident points. Typically the scanner
will compute the relative positions of the minutiae and draw straight lines between them.
Then, if will compare the shape of those lines between the sample and the stored fingerprint.
This process will never match all the minutiae and shapes from both fingerprints, finding only a
sufficient number will be enough to get a match. The exact number of coincident minutiae
required to get a match depend on the implementation of each scanner.
5.2.4 Bottom line
Biometric data is much more difficult to fake than credit cards. Also, a fingerprint pattern
is much more difficult to guess than a credit card number or a PIN. Biometric data cannot be
misplaced or forgotten, like credit cards or passwords. Optical scanners cannot always
distinguish between a picture of a finger and a finger itself, and capacitive scanners can be
fooled with a mold of a person’s finger. However, these issues can be overcome by adding
extra security measures like pulse, heart and heat sensors.
Another way to enhance security is to combine biometrics with conventional means of
identification, such as passwords or PINs. Fingerprint scanners and biometric systems are
excellent methods for identification and authentication, and in the near future they will
become a common device in our everyday life, just like credit cards and passwords are
nowadays.
Masters in eCommerce 2009 – Dublin City University
45
Chapter 5 - Technology
46
5.3 Technology roadmap
Biometrics and Credit Cards - The beginning
Debit Cards are introduced into the market
RSA encryption algorithm presented for
encryption in multi-user envirenment
FBI fingerprint archives have grown up to
200 million samples
The Automated Fingerprint Identification
System (AFIS) is adopted by the FBI
FBI has 100 million fingerprints samples in
manually maintained archives
First working ATM installed in New York
1945
1950
1955
1960
1965
First American Express and Bank of America
(later Visa) Credit Cards issued
1970
1975
1980
1985
The International Association for
Identification founds world's first certification
program for fingerprint experts
First Credit Card issued by Diner's Club
National Society of Fingerprint Officers is
founded in UK by the Fingerprint Boureau
The concept of "virtual money" based on
small card computers first appears
Masters in eCommerce 2009 – Dublin City University
1990
Chapter 5 - Technology
47
Biometrics and Credit Cards - Curent trends
Online banking becomes popular
Credit Card fraud affects 22 million people
arround the world
Credit Card fraud cost businesses US 9
Billion
Paper-based payments represented 60%
of transactions
Paper-based payments represented 81%
of transactions
1990
1992
1994
Identity theft rises 21% in 2008
1996
1998
2000
2002
Biometrics are used in ATM's for cusmers
authentication
FBI's most wanted hacker Kevin Mitnick is
arrested in February of 1995
2004
2008
INTERPOL's AFIS repository exceeds
50,000 sets fingerprints for important
international criminal records from 184
member countries.
Biometrics used for Customer Relationship
Management
Masters in eCommerce 2009 – Dublin City University
2006
The largest AFIS repository in America is
operated by the Department of Homeland
Security's US Visit Program, containing
over 100 million persons' fingerprints
Chapter 5 - Technology
5.4 Infrastructure
In the following section we will describe the infrastructure needed to support a fingerprint
based payment system.
5.4.1 Point of Sale
FingerPal will provide the Points of Sale with electronic devices to carry
out fingerprint-based electronic transactions. These devices are very similar to current credit card
terminals, but instead of having a magnetic reader, they will have a fingerprint reader.
Such devices will consist on fingerprint readers provided with a modem and a printer. In order
to enhance security, the fingerprint reader will also include other biometric sensors, like heart beat
and human temperature detection. Users will introduce their account identifier and place their
finger on the biometric reader. The device will then record the fingerprint. We will use user’s email
as unique and account identifier. The device will send the identifier to the database to get the
fingerprint sample stored for this user. Afterwards, the device will match the two samples.
Performing the matching process at the Point of Sale we will reduce drastically the overload of
the main servers. Once the device recognizes the fingerprint as a valid one it will send to the server
the whole transaction batch so the payment can be carried out. If during the scanning process
something went wrong the device will ask for a new scan, the device will allow only 3 scanning per
transactions. Before sending the user’s identifier to the server to get the potential biometric match,
the scanner will check that the sample recorded is suitable to be matched. The information
interchanged with the server will be encoded and transmitted over a secure gateway.
To enhance security, the email will be hashed and then encrypted together with the transaction
information and sent over the phone line. The server will receive a new request and will perform a
search into the in real time. When the server receives confirmation from the endpoint to place the
transaction, it will subtract the amount from the customer’s credit card using the financial details
provided.
If no errors where prompted from the banking side, the server will acknowledge the operation
to the endpoint so both parties (merchant and customer) have confirmation of the transaction. In
case something fails during the process the terminal will notify the parties the reason and the
transaction will be automatically cancelled.
We will allow certain degree of disparity between the minutiae of the fingerprint to retrieve a
match. This measure is to overcome the issue that we will never get the same instance of a
fingerprint twice, we must allow certain disparity. Once a candidate fingerprint has been found we
Masters in eCommerce 2009 – Dublin City University
48
Chapter 5 - Technology
will check if the associated PIN number to that account is the same as the PIN provided. If we get a
match we will charge the customer’s account with the corresponding amount of money and then we
will acknowledge the transaction to the merchant via the FingerPal terminal.
5.4.2 Server side
In order to cope with demand, FingerPal will
provide high reliability servers to manage all the transactions in real time. When the server receives
a request, it decrypts the information and performs a search through the repository in the database.
We will allow certain degree of disparity between the minutiae of the fingerprint to retrieve a
match. This measure is to overcome the issue that we will never get the same instance of a
fingerprint twice, we must allow certain disparity. Once the endpoint clears the transaction means
that the biometric reading matched the stored sample. Then, the system will charge the customer’s
account with the corresponding amount of money and then it will acknowledge the transaction to
the merchant via the FingerPal terminal.
To improve running time, we will maintain a centralized relational database system. The
technologies associated to the server side are deeply explained in following sections.
5.4.3 Web Service
We will provide users the ability to sign up to our service via Web. Users
will be able to connect with FingerPal trough a Web portal and easily enrol to our service. User will
type in our URL and go to the sign-up section, after filling in their personal information they will
receive an e-mail confirmation with the detail of the new account. In order to use our service, users
will need to provide with a valid credit card. To prevent fraud all new accounts will be initially set as
“limited”, meaning that FingerPal needs to check if the credit card information provided is correct. It
also means that the company needs to authenticate the users; otherwise we would leave the door
open to credit card fraud and identity theft. At this point, users are able to login to our website and
manage their account.
Masters in eCommerce 2009 – Dublin City University
49
Chapter 5 - Technology
The next step is to unlock the account in order to be able to use the service. To prevent identity
theft and credit card fraud we will use a very simple method. At the moment of registration, users
will be given a 4 digit number generated at random by the server. However, to be able to use
FingerPal, users will have to introduce in their limited account an 8 digits number.
How do users get the remaining 4 digits? At the moment of registration, the server will
automatically generate 2 random numbers 4 digits each, and will only give one of them to the user,
keeping the second one secret at this point. Within 24 hours FingerPal will charge the user’s credit
card provided with the symbolic amount of 1 euro, the remaining 4 digits will be included as part of
the statement of that transaction. This way, the other 4 digits number can be checked by the user
via their internet banking service or simply going to their bank and asking for a receipt of recent
transactions.
By doing this, we will ensure that for that particular account, the fingerprint and the credit card
linked to it belong to the same person. Once the user has the complete 8 digits registration number,
they can proceed to login to their online FingerPal account and unlock their account. After logging in,
user may introduce the registration number and server will check that the value provided matches
the value stored in memory. Then, if the values match, the account’s status will automatically be
changed. However, if the information provided turns out to be wrong, there will be only a reduced
number of attempts (5) to provide the correct one. The process is explained in following sections
using diagrams to facilitate understanding.
Masters in eCommerce 2009 – Dublin City University
50
Chapter 5 - Technology
5.5 Process description
In the following section we will describe the data flows that will take place in the main processes
of the system. The following representation follow a set of standards such as red globes for initial
and final states, blue boxes for actions and green rhombus for choices. Next, we will proceed to
describe the interaction of data between client machines and server machines during the enrolment
and the transaction process.
5.5.1 Enrol a customer in a Point of Sale
This process will take place when a customer
proceeds to enrol into the system through a Point of
sale. First step is to provide to the merchant with their
credit card and personal details so the merchant can
check and submit all the necessary information to the
server. In case the merchant detects a fraud attempt
should abort the process and notify the authorities.
Usually the customer will provide means to
authenticate himself to the merchant such as driving
license, passport or ID national card.
Once the identity of the customer has been
proved correct and checked against their credit card
information, merchant will submit all the information
to the server and the account will be created. When
the information is submitted to the server, the
machine will check that the biometric data provided is
not already in the database, as it will be used as
unique identifier for the user. In case the system finds
another instance of the biometric data into the
system, the enrolment process will be aborted.
If the information was successfully inserted we
will notify the merchant and the customer and the
system will wait for confirmation to activate the
account. The biometric information will be re-read and
sent back to the server for comparison and for
matching refine. The account has been successfully
created.
Masters in eCommerce 2009 – Dublin City University
51
Chapter 5 - Technology
5.5.2 Enrol a merchant into the system
This operation will be carried out for system administrators only. The data flow is very similar to
a customer enrolment in a Point of Sale, only this time the information is matched and proved
correct by a FingerPal’s operative.
The process starts when the merchant provides
the operative with their financial information. The
operative will carefully examine the identity and the
authenticity of the information provided before
authorizing the creation of the new account. Once
the operative has checked that the information
provided is legitimate, they will send the data to the
server for further checking.
The server will check that the merchant’s
biometric data is not already into the system so it
can be used as merchant’s unique identifier. If the
biometric data results to be already into the
database, the enrolment process will have to be
denied for this user.
If everything turned out correct the account is
created and the merchant is added to the system.
The server waits for authorisation to activate the
account and merchant’s biometric information is reread and transmitted back to the server.
At this point the merchant’s account has been
successfully created.
Masters in eCommerce 2009 – Dublin City University
52
Chapter 5 - Technology
5.5.3 Enrol a customer using the online service
This process turns out to be a little bit more complex than other enrolment processes as we
need to provide the system with means to prove customer’s identity online.
Masters in eCommerce 2009 – Dublin City University
53
Chapter 5 - Technology
The process starts in a very similar way to the previous ones, with the customer providing their
personal and financial details and submitting it to the server. This time, user will use an online form
to fill in all the necessary information to successfully create a FingerPal’s account.
Once the online form has been filled, the online application will ask for a biometric reading of
the finger, so that the biometrics can be uploaded to the server together with the personal details.
When the information reaches the server, the biometric reading will be matched against the
repository to check for duplicities. In case the server finds an instance of the biometric data the join
will be denied and the user notified. If no other biometric instance of the customer is found, the
system will create a new limited account with all the information provided.
As described above and in order to avoid fraud we will force users to prove their identity by
accessing their financial information. We will assume that online banking is secure and that nobody
can access the customer’s bank account, as this is out of FingerPal’s boundaries. When the server
creates the new account, it will generate an 8 digits number and store it into the customer’s
account. Once the account has been created the system will wait for customer final confirmation
and will re-read the biometrics for a final scan and comparison. Once this information is submitted
to the server the user will receive 4 registration digits. The system will charge 1 euro to the credit
card provided and provide the bank with the remaining 4 digits necessary to unlock the account.
In order to be able to unlock FingerPal’s account customer will have to access their online
banking service or check with their bank the remaining 4 digits.
Customer will log in online to their account and click on “unlock my account” section,
immediately the application will ask for the 8 digits. Once the 8 digits number has been introduced
the application will check that the number introduced is the same as the one generated by the
server at the moment of registration. If the numbers don’t match, customer will be informed that
the number introduced is incorrect and they will also be informed of the remaining attempts to
unlock the account. Customers will have initially 5 attempts to introduce the correct number, being
decreased by one every time they introduce the wrong number. If they use up all the attempts the
account will be voided and the enrolment denied.
Once the user manages to get the 8 digits correctly, the account will be successfully unlocked
and customer will be welcomed to use the service.
Masters in eCommerce 2009 – Dublin City University
54
Chapter 5 - Technology
5.5.4 Perform a transaction
Masters in eCommerce 2009 – Dublin City University
55
Chapter 5 - Technology
The transaction process will start when the merchant introduces the amount of the transaction.
Then, customers will insert their e-mail address and provide a biometric reading of their fingerprint.
This information, together with merchant’s information, will be sent to the server to search for
potential matches. The server will retrieve from the central database customer’s information and
will send the biometric sample stored back to the Point of Sale terminal for further checking. The
biometric reading provided by the customer will then be checked against the sample stored into the
database to prove customer’s identity. The biometric matching will be carried out in the scanner
device, today these devices provide the ability of matching fingerprints in real time and this way we
don’t overload the system with unnecessary operations.
If the two samples match, the transaction is authorized and all the information is sent to the
server. The server receives then the transaction, consumer and merchant information and proceeds
to carry out the operation. Next step is to confirm that the transaction can be made using
consumer’s financial details provided (Credit Card), once the server has received confirmation that
the transaction was cleared and the payment made a conformation is sent to the terminal to notify
both consumer and vendor. The device will print two recipes, one for the vendor and another one
for the consumer as confirmation of the transaction.
The transaction can be rejected in 3 stages of the process. First, if the e-mail address introduced
doesn’t retrieve any matches, the server will deny the transaction and send cancellation notification
to both merchant and consumer. Second, in case the provided biometric doesn’t match the
fingerprint recovered from the consumer’s account in the database the scanner will notify both
parties that the transaction couldn’t be performed. Third, if the eCommerce server doesn’t authorize
the consumer to perform the transaction for any reason (out of credit, credit card blocked...) we will
cancel the transaction and inform both parties.
If the operation is successfully carried out, the transaction’s amount is subtracted from the
customer’s available credit and stored into merchant’s batch for further collection.
Masters in eCommerce 2009 – Dublin City University
56
Chapter 5 - Technology
5.6 Technologies
In this section we will give an overall description of the necessary technologies to implement
such a system as FingerPal. We will go over more detail on the server side technologies when we
describe the systems architecture in the following sections.
5.6.1 Client side
Referring to the customers, they don’t need any special software or hardware to run the
system. Customers will be able to enrol to our service online, so a standard web browser would be
sufficient. However, FingerPal strongly recommends that the customer’s machine used to
create/manage their account, meets the security standards required to perform safe transactions
over the Net. These measures gather up-to-date Antivirus, Firewall, and Web Browser.
5.6.2 Server side
There will be two important features to cover on the server side. First, the web page and the
online enrolling process. Second, the online fingerprint payment service. We will have dedicated
web servers which will offer high availability and reliability for our online service. Also, we will
allocate dedicated servers to manage the fingerprint-based transactions in real time. As we will
describe in the following sections we won’t go into much detail
In this point of the infrastructure, security will become a key factor as all the servers will be
holding high-sensitive personal information. Our initial approach to the necessary technologies on
the server side will comprise Open Source solutions. Open source is an approach to the design,
development and distribution of software, offering practical accessibility to software’s source code.
The term gained popularity thanks to the rise of the Internet, which provided access to diverse
production models, communication paths and interactive communities.
Mainly these solutions will consist on open source operating systems throughout all the servers
(Linux), Apache Tomcat to manage the Java Servlets in the application server, Squid to implement
the transparent proxy server, Apache in the web server and MySQL in the Database server. This way,
we will install. In the application server we will install Tomcat
5.6.3 Point of Sale
Points of Sale will be equipped with the FingerPal terminals. Regarding the necessary software
for those machines will be a simple interface to be able to enrol new customers and process the
transactions. The software in the endpoints will also provide the necessary security measures that
performing electronic transactions require and will act also as the network application to send the
data over the phone.
These devices will also be provided with means to perform real-time biometric matching. We
will recommend use capacitance scanners instead of optical scanners as they turned out to be more
precise and reliable for fingerprint matching. The software installed on the device will be able also to
Masters in eCommerce 2009 – Dublin City University
57
Chapter 5 - Technology
manage other biometric readings such as heart beat sensor and human temperature detector. These
extra biometric readings will be embodied to improve security measured.
5.7 Security
Our main goal by implementing FingerPal is to enhance security in electronic transactions. It is
well known that credit card fraud and identity theft costs billions to the ecommerce sector. Recent
studies show that biometric readings are the most reliable system to prevent identity theft and
fraud. With the current system a credit card can be easily lost or stolen and there is a lack of means
to prevent fraud once the card has been stolen.
FingerPal not only reduces the risk of losing our payment means, it also improves the
authentication process by adding biometric parameters. By blocking access to the service we also
provide higher confidentiality and integrity of data. Another main advantage is that the technology
non-invasive. Usually people are reluctant to use retina scanners or other means which imply a
higher contact or exposure.
The specific security measures adopted are explained in every section. We have focused on
adopting measures to counter identity theft and increase security in the authentication process. The
best example is the process presented to prevent an attacker to supplant a credit card owner by
providing their biometrics. We have proven that this is not possible assuming the attacker cannot
access banking information.
Our objective is to protect the privacy and build customer’s confidence. In order for a customer
to be able to log in and access FingerPal online service, the consumer will be required to enter
sensitive/confidential information and register their details, such as name, credit card details, etc.
FingerPal will use Verisign technology over Secure Socket Layer (SSL) to protect of the online
transactions.
Using Verisign technologies we ensure high security as it is the leading SSL Certification
Authority. To achieve that, the Certification Authority issues a public key (used to encrypt
information) and a private key (used to decrypt information). Therefore, when a user accesses
FingerPal Online the client and the server interchange session keys and agree the encryption
protocol using an SSL handshake. In case the information doesn’t match or the certificate has
expired the browser shows an error message.
These techniques allow customers to begin a secure session that guarantees privacy, integrity,
and non-repudiation.
Masters in eCommerce 2009 – Dublin City University
58
Chapter 5 - Technology
5.8 System Architecture
In this section we will describe the overall architecture of the system so we can have a clearer
idea of the parts implicated in the process as well as the infrastructure needed to support such a
system.
Electronic transactions will be carried out in the Point of Sale and the information will be
transmitted securely over the phone. Customers will be able to use the terminals in the Points of
Sale to enrol to the system. Users will also be able to create and manage their account details via
Web using secure connections. The transactions will be processed with the bank through a secure
gateway.
In the diagram above, there is a representation of the parts involved in the system and an
overall description of the infrastructure required. Fingerprint scanners located at the Points of Sale
will be used as terminals to transmit the biometric readings to the server for matching and also to
Masters in eCommerce 2009 – Dublin City University
59
Chapter 5 - Technology
transmit information on the current transaction. The communication with the server will take place
over the phone and will connect through secure gateways with the application server. The
application server plays a very important role in the system’s architecture, as it will isolate the
database server and, therefore, the sensitive information from possible attacks. Once the
application server has confirmed the identity of the customer performing the transaction, it will
forward the operation to the e-commerce server to connect with the customer’s bank and confirm
the transaction. When the e-commerce server receives confirmation of the bank to perform the
transaction, it forwards the information to the application server and this one sends confirmation to
the Point of Sale so that both merchant and customer are informed of the successful transaction.
As we described in previous sections, FingerPal intends to install open source-based
technologies all throughout the machines on the server side. The predominant operating system in
all servers will be Linux, now we will describe thoroughly the technologies in each and every part
involved in the system.
5.8.1 Application server
The application server will hold the business logic for the operation of the system,
so everything will have to go through this server. This will isolate the database and
will provide a DMZ (demilitarized zone) to securely hold the user data. This server
will then interact with the Web server for the online requests and with the Point of Sales for the
electronic transactions.
This server will operate under Apache-Tomcat software. It is a Servlet container developed by
the Apache Software Foundation (ASF) which implements the Java Servlet and the Java Server Pages
(JSP) specifications from Sun Microsystems. Therefore, it provides a pure Java HTTP Web server for
Java code to run and includes tools for configuration and management. It is sometimes confused
with the Apache Web server, but actually the last one is a C implementation of an HTTP Web server.
This will allow us to generate code to control the logic for the operation of the system using Java
technologies.
5.8.2 Web server
The Web server will host the web page and provide the necessary means to
manage the accounts via web. This server will also be connected with the
database through the application server. Users will connect to the Web server and after
interchanging season keys they will open a secure connection over the HTTPS protocol to access
their accounts. We will never allow sending sensitive information over a non-encrypted or nonsecure channel.
This part of the system will be implemented using an Apache HTTP Server; this is a Web server
notable for playing a key role in the initial grown of the WWW. It is the main alternative to the Sun
Java System Web Server. Commonly machines using Apache HTTP run over Linux OS, despite has
win32 distributions and have shown to perform really well. This way, it is distributed also for UNIX,
Masters in eCommerce 2009 – Dublin City University
60
Chapter 5 - Technology
GNU, Solaris, Novell, NetWare, MacOS, MS Windows, and many more. In 2009 it has been accounted
to surpass the 100 million web site milestone. It is free and open source software.
5.8.3 Database server
This server will hold user’s information and will be under the FingerPal’s DMZ.
It will contain the most sensitive information so access to this server will be
allowed only through the Application server. It is the core of the system as all
the transactions have to be validated against the information contained in
FingerPal’s database. We believe that the idea of performing the live fingerprint matching in the
endpoints will reduce significantly the workload of the server. Therefore, the Database server will
implement the database and will provide the tools to manage and access the data.
To achieve the desired operation, MySQL (My Structured Query Language) will be deployed in
FingerPal’s database servers. It is a relational database management system which has more than
6M installations. Basically, the program runs as a server providing multi-user access to a number of
databases. The source code is under the GNU General Public License and also under several
proprietary agreements. If is suitable for free software projects which require a full featured
database management system, but it is also used in big WWW projects such as Google or Facebook.
5.8.4 Networks and Internets
Intrusive or invasive attacks will be blocked by firewalls and proxies and even though an
attacker manages to pass through they would never access the real data as it would be secured by
the application server. We will install routers and firewalls to block possible intrusions, as well as a
transparent Proxy server.
To implement the Proxy server we will suggest Squid as a proxy server and
web cache daemon. We believe this is a powerful method to speed up the
web server and to control the dataflow from and to the Internet. It is also
an interesting system to add lockups to the shared network resources and aid security by filtering
traffic. It is mainly used for HTTP and FTP, but it also includes support for other protocols such as
TLS, SSL and HTTPS. Squid is primarily designed to run on UNIX systems but it also runs on MS
Windows-based systems. It is released under the GNU General Public License and it is free software.
5.8.5 Ecommerce server
We will have a dedicated server to perform the electronic transactions and also to provide
confirmation of the electronic payment. This server will receive the customer’s credit card
information from the application server once customer’s biometric data has been confirmed. Then,
the details of the transaction will be sent to the bank and the server will wait for confirmation of the
payment. If any errors occurred, the server would report to the application server and the last one
would forward the information to the terminal in the Point of Sale.
Masters in eCommerce 2009 – Dublin City University
61
Chapter 6 - Technical Solution
Chapter 6 - Technical Solution
In this section we will introduce the prototype developed. Our main goal with the prototype is
provide readers a clearer idea of what we intend to do and how FingerPal will work.
6.1 Prototype
The prototype presented covers the online part. We have set up a first prototype of FingerPal’s
corporate website where users can find information about the company, services offered,
promotions, and also manage their account details.
Masters in eCommerce 2009 – Dublin City University
62
Chapter 6 - Technical Solution
6.2 Description
The structure of the website is a standard corporate template; the upper part shows the
company’s logotype, the search engine and the navigation bar. The website’s body has been split
into two parts; on the right side we show the login panel and some relevant links for the user while
the wider left part we will show promotional offers, marketing campaigns and relevant news.
The structure of the Home page is as shown above. We will show relevant marketing
information within the body as well as provide space for advertising. The structure of the other
sections is the same as the main page, the information displayed varies though.
The Consumer’s page will show information relevant to consumers. They can use this section to
login but mainly consumer users will be redirected to this section when they log in from the main
page. After logging in, this section will show their personal information, options to manage the
account and recent transactions.
The Vendor’s page will work similarly to the consumer’s one. Vendors will log in from the main
page and redirected to this section to display full information of their account. If not logged in, this
page will show offers and information relevant for vendors.
The Products & Services section will show detailed information about what does FingerPal have
to offer.
The Support page will show information about FingerPal’s benefits, technology, rates and
frequently asked questions.
In the last section, About us, we will display information about the company itself, how to
contact, terms and conditions and privacy policy. This intends to fulfil the requirements exposed in
the eCommerce Directive 2002 for regulating the eCommerce within the European Union.
We have used a public CSS template to develop our website. After generating the HTML
documents, we focused on the back-end programming. We installed Tomcat 5.5 in our machine
together with MySQL 5. Our idea is to use Java Servlets to implement the server side and access the
database.
Our main aim has been facilitate access to user’s accounts from the web page. This way, users
will be able to view their profiles, change personal information, and access their recent transactions.
For that to happen, we have implemented scripts to generate users and have a real repository in our
database.
Masters in eCommerce 2009 – Dublin City University
63
Chapter 6 - Technical Solution
6.3 Database model
This is the description of the database implemented. There are 4 tables initially, but the
database can be scalable to a more complex system. There are attributes in the tables which can be
generalized to tables such as addresses, countries, credit card providers. However, the scope of our
prototype is not that wide.
Therefore, we have inserted 4 tables (Consumer, Vendor, Bank, and Transaction) and 4
relations. The attributes which describe each table are displayed in the figure above. Vendors and
consumers are associated with banks. We will also keep a record of all the transactions and link
them with the source and destination.
This database will allow us to manage the online application. Users will be able to log in and
manage their accounts. They will be also able to view recent transactions and access to the full
historical. We will also keep banking and financial information.
Masters in eCommerce 2009 – Dublin City University
64
Chapter 6 - Technical Solution
6.4 Technologies used
Cascade Style Sheet
Cascading Style Sheets is a style sheet language used to describe the
presentation of a document written in a markup language. Commonly, we use
CSS to style HTML and XHTML pages but it can also be used with any type of XML
file. The main feature is to enable the separation between content and
presentation. This separation includes colors, fonts and layout. CSS improves accessibility and
flexibility when specifying the presentation characteristics. This way, it allows multiple pages to
share formatting and reduce complexity and redundancy.
CSS specifies a priority scheme to determine which style rules apply if more than on rule
matches against a particular element. The Cascading Style Sheet specifications are maintained by the
W3C (World Wide Web Consortium).
HTML
Hypertext Markup Language is the main language for describing web pages. It
allows creating structured documents by denoting structural semantics for text
such as headings, paragraphs, lists, html images, and many more. It allows
images and objects to be embedded and used to create interactive forms.
HTML is not a language itself; it is a markup language, which is a set of markup tags. These markup
tags are used by HTML to describe web pages. These tags are surrounded by angle brackets like
<html> and normally come in pairs like <b> and </b>. The basic structures for HTML markup are
elements. Elements have two basic properties: attributes and content. These elements affect the
behavior of Web browsers and CSSs to define the appearance and layout of text and other material.
It is encouraged to use CSS in addition to HTML for explicit presentational specification.
MySQL 5
As mentioned in previous sections, MySQL is a relational database management system which
has more than 6M installations. Basically, the program runs as a server providing multi-user access
to a number of databases. The source code is under the GNU General Public License and also under
several proprietary agreements. If is suitable for free software projects which require a full featured
database management system, but it is also used in big WWW projects such as Google or Facebook.
Apache Tomcat 5.5
Apache Tomcat 5.5 is an open source software implementation of the Java Servlet and Java
Server Pages technologies.
Masters in eCommerce 2009 – Dublin City University
65
Chapter 6 - Technical Solution
6.5 Testing
The following guideline has been used to check the proper performance of the application:
6.5.1 Functionality
6.5.1.1 Links
Objective is to check for all the links in the website.
All Internal Links
All External Links
All mail to links
Check for orphan Pages
Check for Broken Links
6.5.1.2 Forms
Test for the integrity of submission of all forms.
All Field Level Checks
All Field Level Validations.
Functionality of Create, Modify, Delete & View.
Handling of Wrong inputs (Both client & Server)
Default Values if any
Optional versus Mandatory fields.
6.5.1.3 Cookies
Check for the cookies that has to be enabled and how it has to be expired.
6.5.1.4 Web Indexing
Depending on how the site is designed using Meta tags, frames, HTML syntax, dynamically
created pages, passwords or different languages, our site will be searchable in different ways.
Meta Tags
Frames
HTML syntax.
Masters in eCommerce 2009 – Dublin City University
66
Chapter 6 - Technical Solution
6.5.1.5 Database
Two types of errors that may occur in Web applications:
Data Integrity: Missing or wrong data in table.
Output Error: Errors in writing, editing or reading operations in the tables.
The issue is to test the functionality of the database, not the content and the focus here is
therefore on output errors. Verify that queries, writing, retrieving or editing in the database is
performed in a correct way.
6.5.2 Usability
6.5.2.1 Navigation
Navigation describes the way users navigate within a page, between different user interface
controls (buttons, boxes, lists, windows etc.), or between pages via e.g. links.
Application navigation is proper through tab
Navigation through Mouse
Main features accessible from the main/home page.
Any hot keys, control keys to access menus.
6.5.2.2 Content
Correctness is whether the information is truthful or contains misinformation. The accuracy of
the information is whether it is without grammatical or spelling errors. Remove irrelevant
information from your site. This may otherwise cause misunderstandings or confusion.
Spellings and Grammars
Updated information
General Appearance
Page appearance
Colour, font and size
Frames
Consistent design
Masters in eCommerce 2009 – Dublin City University
67
Chapter 6 - Technical Solution
6.5.3 Server Side Interfaces:
6.5.3.1 Server Interface
Verify that communication is done correctly, Web server-application server, application
server-database server and vice versa.
Compatibility of server software, hardware, network connections.
Database compatibility (SQL, Oracle etc.)
6.5.3.2 External Interface (if any)
6.5.4 Client Side Compatibility:
6.5.4.1 Platform
Check for the compatibility of
Windows (95, 98, 2000, NT)
Unix (different sets)
Macintosh (If applicable)
Linux
Solaris (If applicable)
6.5.4.2 Browsers
Check for the various combinations:
Internet Explorer (3.X 4.X, 5.X)
Mozilla Firefox (3.X 4.X 5.X)
Netscape Navigator (3.X, 4.X, 6.X)
Browser settings (security settings, graphics, Java etc.)
Frames and Cascade Style sheets
HTML specifications.
Graphics:
Loading of images, graphics, etc.,
Masters in eCommerce 2009 – Dublin City University
68
Chapter 6 - Technical Solution
6.5.4.3 Printing
Despite the paperless society the web was to introduce, printing is done more than ever. Verify
that pages are printable with considerations on:
Text and image alignment
Colours of text, foreground and background
Scalability to fit paper size
Tables and borders
6.5.5 Performance
6.5.5.1 Connection speed
Try with Connection speed: 14.4, 28.8, 33.6, 56.6, ISDN, cable, DSL, T1, T3
Time-out
6.5.5.2 Load
Check/Measure the following:
What is the estimated number of users per time period and how will it be divided over
the period?
Will there be peak loads and how will the system react?
Can your site handle a large amount of users requesting a certain page?
Large amount of data from users.
6.5.5.3 Stress
Stress testing is done in order to actually break a site or a certain feature to determine how the
system reacts. Stress tests are designed to push and test system limitations and determine whether
the system recovers gracefully from crashes. Hackers often stress systems by providing loads of
wrong in-data until it crash and then gain access to it during start-up.
Typical areas to test are forms, logins or other information transaction components.
Performance of memory, CPU, file handling etc.
Error in software, hardware, memory errors (leakage, overwrite or pointers)
Masters in eCommerce 2009 – Dublin City University
69
Chapter 6 - Technical Solution
6.5.5.4 Continuous use
Is the application or certain features going to be used only during certain periods of
time or will it be used continuously 24 hours a day 7 days a week?
Will downtime be allowed or is that out of the question?
Verify that the application is able to meet the requirements and does not run out of
memory or disk space.
6.5.6 Security
6.5.6.1
Valid and Invalid Login
6.5.6.2
Limit defined for the number of tries.
6.5.6.3
Can it be bypassed by typing URL to a page inside directly in the browser?
6.5.6.4
Verify Log files are maintained to store the information for traceability.
6.5.6.5
Verify encryption is done correctly if SSL is used (If applicable)
6.5.6.6
No access to edit scripts on the server without authorization.25
25
For more information on that Checklist visit:
http://geekswithblogs.net/ppothuraju/archive/2004/12/22/18319.aspx
Masters in eCommerce 2009 – Dublin City University
70
Chapter 7 Financial Projections
Chapter 7 Financial Projections
7.1 Funding
The sources of funding for FingerPal will come from Enterprise Ireland program for High
Potential Start-ups. Enterprise Ireland is fostering high-tech, innovative ideas to build next
generation companies. The institution provides financial resources to help develop products,
services and processes and support the process of entering the market. Enterprise Ireland
determines the funding based on the potential level of exports and job creation. For start-ups at an
early stage EI provides funding for:
•
Completing R&D development
•
Expansion of Beta Model
•
Support in obtaining a patent for a new technology
Enterprise Ireland invests in the company by becoming its stakeholder (acquires up to 10% of
shares). The funding come in a form of grant, usually on a 50/50 basis 26.
IP Property Fund
Enterprise Ireland provides funds to help protect the Intellectual Property Rights. There are
three sections of funding:
Stage of Protection:
1 – up to €7,000 to support initial patent protection
2 – up to €20,000 for renewal of patent
3 – support for later stages of development.
There are several main expenses involved in starting-up the FingerPal company:
1. Expenditure related to IP protection – expenses to cover filing all patents.
2. R&D development – expenses related to software development.
3. Expenses for hardware – computers, servers.
4. Expenses for renting an office in Dublin.
26
www.enterprise-ireland.com
Masters in eCommerce 2009 – Dublin City University
71
Chapter 7 Financial Projections
72
5. Expenses for advertising and promotion.
We estimated our predictable expenses for the first three years. The net profit after the first
year of operations will be negative. Nevertheless, we aim to collect funds to cover start-up expenses
and initial operational costs. We plan to raise the capital from the partnership with Enterprise
Ireland. The capital will cover expenses related to patent completion and expenses in the first year
of operations. Half of the required capital will come from EI whereas the rest of capital will either
come from bank loans or additional private investment. According to our estimations, in year two
the company will reach a positive net profit.
In the first months of year one the company will be working on R&D to develop the technology.
Thus, there will be no revenue. Nevertheless, the company will raise the initial funding of EUR
80,000 from EI and bank loan.
7.2 Sales Explanation
As mentioned earlier, FingerPal aims to set competitive interchange fees that will be beneficial
for both, the merchants and the banks. Our team calculated the optimal interchange fee and
estimated the potential revenue from POS transactions. The estimation was based on the
assessement of potential revenues for merchants, banks and FingerPal and competitive advantage
with regard to exisitng plastic card interchange fees.
The current interchange fees for plastic card retail transactions vary from 0.8% to 3.0%.
FingerPal will offer a flat rate of 0.7% from each transaction. Around 0.3% will be divided up
between merchants’ acquirer and customers’ bank. FingerPal will charge 0.4 % from each
transaction.
Our assumptions are based on the number and value of card payments in Ireland in 2007.
Card payments with cards issued in Ireland (except cards with an e-money function)
(millions; total for the period)
300
250
200
150
100
50
Year
0
Number of Transactions
2003
2004
2005
2006
2007
142
151
176
205
263
Based on ECB Payment Statistics November 2008
Masters in eCommerce 2009 – Dublin City University
Chapter 7 Financial Projections
73
Value of card payments with cards issued in the country
(except cards with an e-money function) (EURO billions; total for the period)
25
20
15
10
5
Year
0
2003
2004
2005
2006
2007
12
14
16
19
24
Value of Transactions
Based on ECB Payment Statistics November 2008
7.3 Calculations
Given the number of transactions and the value of transactions in 2007, we calculated:
the average value of card transactions:
Eur 24,000,000,000/263,000,000= Eur 91.3
number of monthly transactions in 2007:
263,000,000/12=21916666.7
Providing that FingerPal will reach 0.1% of total transactions in Ireland:
number of monthly transactions by FingerPal: 21916666.7*0.001= 21916.666
Revenue from interchange fee: Eur 91.3*0.004= Eur 0.364
Year 1
monthly revenue
Eur 0.364*21916.666=EUR 7977.666424
Year 2
Growth strategy is to reach 0.2% of total number of transactions.
number of transactions in year 2:
21916666.7*0.002=43833.332
monthly revenue:
Masters in eCommerce 2009 – Dublin City University
Chapter 7 Financial Projections
Eur0.364*43833.332=Eur15955.3328
Year 3
Growth strategy is to reach 0.3% of total transactions
number of transactions in year 3:
21916666.7*0.003=65749.998
monthly revenue:
Eur 0.364*65749.998 =Eur 23932.99993
The above are predictions for a low number of transactions and negative scenario, FingerPal
aims to acquire more users month after month.
7.4 Expenses
•
Wages
Each employee (3 executives) will earn 24 000 annually. In year 3 we plan to raise the
wages and employ more personnel.
•
Equipment/Office Furniture/Supply
Equipment costs will include the cost of computers, servers, domain fee, software
development costs.
•
Phone/Internet Bills
The costs of bill for each executive will be 30 euro a month which gives eur 90.In
addition the Internet bill cost, which will be approximately eur 30.
•
Legal Fees
These fees will involve filing the patents and other contracts and agreements fees.
•
Rent
We will first rent a small office at the cost of eur400. In year 3 FingerPal will move in to a
bigger office.
•
Advertising and Promotion
We decided to allocate around eur 1000 for the first year on promotions and
advertising.
Masters in eCommerce 2009 – Dublin City University
74
Chapter 7 Financial Projections
75
7.5 Loss & Profit Projection
Three Year Profit Projection
FingerPal
year 1
Sales
%
year 2
%
€71,793.00 100.00%
€ 191,460.00
100.00%
year 3
%
€ 287,184.00 100.00%
Operating
€ 112,640.00
156.90%
€ 81,140.00
42.38%
€ 150,500.00
52.41%
Gross Profit
VAT 21%
-€ 39,820.00
8362.00
-55.47%
11.65%
€ 110,320.00
€ 23,167.00
57.62%
12.10%
€ 136,684.00
€ 28,703.00
47.59%
9.99%
Net Profit After Tax -€ 48,182.00
Masters in eCommerce 2009 – Dublin City University
€ 87,153.00
€ 107,981.00
Chapter 7 Financial Projections
76
7.6 Cash Flow
Twelve-month cash flow
Oct 09
Nov 09
FingerPal
De c 09
Jan 10
2009/2010
Fe b 10
M ar 10
Apr 10
M ay 10
Jun 10
Jul 10
Aug 10
Se p 10
Oct 10
Cas h on Hand (beginning of
month)
80,000
40,180
33,560
26,940
20,320
21,677
23,034
24,391
25,748
27,105
28,462
29,819
31,176
EI Funds
40,000
0
0
0
0
0
0
0
0
0
0
0
0
Bank loan
40,000
0
0
0
0
0
0
0
0
0
0
0
0
INCOME FROM
TRANSACTIONS
Sales
TOTAL Sale s
Total Cas h Available
(bef ore cash out)
0
0
0
0
7,977
7,977
7,977
7,977
7,977
7,977
7,977
7,977
7,977
0
0
0
0
7,977
7,977
7,977
7,977
7,977
7,977
7,977
7,977
7,977
80,000
40,180
33,560
26,940
28,297
29,654
31,011
32,368
33,725
35,082
36,439
37,796
39,153
EXPENSES
400
400
400
400
400
400
400
400
400
400
400
400
400
Legal Fees
10,000
0
0
0
0
0
0
0
0
0
0
0
0
Computers & Servers
20,000
0
0
0
0
0
0
0
0
0
0
0
0
Offi ce Suppl i es and
Furni ture
1,500
0
0
0
0
0
0
0
0
0
0
0
0
Adverti si ng & Promoti on
1,000
0
0
0
0
0
0
0
0
0
0
0
0
El ectri ci ty
100
100
100
100
100
100
100
100
100
100
100
100
100
Tel ephone/Internet
120
120
120
120
120
120
120
120
120
120
120
120
120
Insurance
700
0
0
0
0
0
0
0
0
0
0
0
0
6,000
6,000
6,000
6,000
6,000
6,000
6,000
6,000
6,000
6,000
6,000
6,000
6,000
SUBTOTAL
39,820
6,620
6,620
6,620
6,620
6,620
6,620
6,620
6,620
6,620
6,620
6,620
6,620
TOTAL EXPENSES
39,820
6,620
6,620
6,620
6,620
6,620
6,620
6,620
6,620
6,620
6,620
6,620
6,620
Cas h Pos ition (end of
month)
40,180
33,560
26,940
20,320
21,677
23,034
24,391
25,748
27,105
28,462
29,819
31,176
32,533
Rent
Sal ari es
Masters in eCommerce 2009 – Dublin City University
Chapter 7 Financial Projections
Twelve-month cash flow
Nov 10
Dec 10
77
FingerPal
Jan 11
2010/2011
Feb 11
Mar 11
Apr 11
M ay 11
Jun 11
Jul 11
Aug 11
Sep 11
Oct 11
Nov 11
Cash on Hand (beginning of
month)
32,533
40,168
49,503
58,838
68,173
77,508
86,843
96,178
105,513
114,848
124,183
133,518
142,853
EI Funds
40,000
0
0
0
0
0
0
0
0
0
0
0
0
Bank loan
40,000
0
0
0
0
0
0
0
0
0
0
0
0
15,955
15,955
15,955
15,955
15,955
15,955
15,955
15,955
15,955
15,955
15,955
15,955
15,955
TOTAL Sales
15,955
15,955
15,955
15,955
15,955
15,955
15,955
15,955
15,955
15,955
15,955
15,955
15,955
Total Cash Available (bef ore
cash out)
48,488
56,123
65,458
74,793
84,128
93,463
102,798
112,133
121,468
130,803
140,138
149,473
158,808
400
400
400
400
400
400
400
400
400
400
400
400
400
Legal Fees
0
0
0
0
0
0
0
0
0
0
0
0
0
Computers & Servers
0
0
0
0
0
0
0
0
0
0
0
0
0
Office Supplies and Furniture
0
0
0
0
0
0
0
0
0
0
0
0
0
1,000
0
0
0
0
0
0
0
0
0
0
0
0
Electricity
100
100
100
100
100
100
100
100
100
100
100
100
100
Telephone/Internet
120
120
120
120
120
120
120
120
120
120
120
120
120
Insurance
700
0
0
0
0
0
0
0
0
0
0
0
0
Salaries
6,000
6,000
6,000
6,000
6,000
6,000
6,000
6,000
6,000
6,000
6,000
6,000
6,000
SUBTOTAL
8,320
6,620
6,620
6,620
6,620
6,620
6,620
6,620
6,620
6,620
6,620
6,620
6,620
INCOME FROM
TRANSACTIONS
Sales
EXPENSES
Rent
Advertising & Promotion
TOTAL EXPENSES
Cash Pos ition (end of month)
8,320
6,620
6,620
6,620
6,620
6,620
6,620
6,620
6,620
6,620
6,620
6,620
6,620
40,168
49,503
58,838
68,173
77,508
86,843
96,178
105,513
114,848
124,183
133,518
142,853
152,188
Masters in eCommerce 2009 – Dublin City University
Chapter 7 Financial Projections
Twelve-month cash flow
Dec 11
Cash on Hand (beginning of
month)
Jan 12
78
FingerPal
Fe b 12
2011/2012
Mar 12
Apr 12
M ay 12
Jun 12
Jul 12
Aug 12
Se p 12
Oct 12
Nov 12
De c 12
152,188
148,200
155,912
163,624
171,336
179,048
186,760
194,472
202,184
209,896
217,608
225,320
233,032
23,932
23,932
23,932
23,932
23,932
23,932
23,932
23,932
23,932
23,932
23,932
23,932
23,932
23,932
23,932
23,932
23,932
23,932
23,932
23,932
23,932
23,932
23,932
23,932
23,932
23,932
176,120
172,132
179,844
187,556
195,268
202,980
210,692
218,404
226,116
233,828
241,540
249,252
256,964
1,000
1,000
1,000
1,000
1,000
1,000
1,000
1,000
1,000
1,000
1,000
1,000
1,000
INCOME FROM
TRANSACTIONS
Sales
TOTAL Sales
Total Cash Available (bef ore
cash out)
EXPENSES
Rent
Legal Fees
Computers & Servers
0
0
0
0
0
0
0
0
0
0
0
0
0
10,000
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1,000
0
0
0
0
0
0
0
0
0
0
0
0
Electri city
100
100
100
100
100
100
100
100
100
100
100
100
100
Telephone/Internet
120
120
120
120
120
120
120
120
120
120
120
120
120
Insurance
700
0
0
0
0
0
0
0
0
0
0
0
0
Office Suppli es and Furniture
Advertising & Promotion
Sal aries
15,000
15,000
15,000
15,000
15,000
15,000
15,000
15,000
15,000
15,000
15,000
15,000
15,000
SUBTOTAL
27,920
16,220
16,220
16,220
16,220
16,220
16,220
16,220
16,220
16,220
16,220
16,220
16,220
TOTAL EXPENSES
Cash Position (end of month)
27,920
16,220
16,220
16,220
16,220
16,220
16,220
16,220
16,220
16,220
16,220
16,220
16,220
148,200
155,912
163,624
171,336
179,048
186,760
194,472
202,184
209,896
217,608
225,320
233,032
240,744
Masters in eCommerce 2009 – Dublin City University
Chapter 8 Management Team
79
Chapter 8 Management Team
Chief Executive Officer,
Chief Financial Officer
Olga Bzdawka
Chief Information Officer,
Director of Marketing and
Sales
Zaneta Babko
B A in Linguistics and
Accounting,
MSc in eCommerce (B)
Olga has over three years of experience in
Finance and Business. She was employed in a
mobile phone company on a managerial
position, which provided her with insights
into running a big organisation. Her
management skills, accounting and finance
knowledge were utilized in making strategic
business
decisions related to FingerPal
success.
MA in International
Relations,
MSc in eCommerce (B)
Zaneta has a vast experience in International
Relations, Foreign Trade, Journalism and
Communications. She was employed in a
Radio Eska in Poland where she was
responsible for Marketing and Advertising.
Thus, she is an expert of FingerPal’s
communications services, marketing and
sales. Her great analytical thinking skills
were utilized in analyzing the market trends.
Chief Technology Officer
Francisco Canovas
BSc in Information Technology,
MSc in Software Engineering,
MSc in eCommerce (Technical)
Francisco is an expert in Information Technology. He concluded a
Computer Engineering degree in Spain. Moreover, he attended a 1-year internship in Sweden
where he worked on a Computer Engineering Thesis. He also pursued a student exchange
project in London. He has an extensive knowledge in many fields of IT, including
programming languages, artificial intelligence, databases, language processors, data
structures, computer graphics, networking and security. Francisco utilized his vast skills and
knowledge in developing the prototype of FingerPal system.
Masters in eCommerce 2009 – Dublin City University
Appendixes
80
Appendixes
Appendix 1 Competitive Analysis
Table 1:
FACTOR
Competitor A
Competitor B
Competitor C
Products
Kimaldi Electronics
VISA
MasterCard
Price
Not found
Interchange fees for transactions
range from 0.8% to 2.3 %
Interchange fees for
transactions range from 0.8%
to 2.3 %
Quality
high
high
high
•
•
•
•
Strengths
•
27
28
Biometric
technology
specialist
Wide range of
products and
applications
Cooperates with
large biometrics
manufacturers
•
•
•
Well-established and
dominant player in
payment processing
on the market
Manages payments
across various
financial instituions,
businesses and
consumers
Obtained international
dominance
Overcame the barriers
of social acceptance
towards payments by
plastic cards
In 2006, Visa reached
44% of the plastic
card market share and
48% of the debit card
market share in the
US.27[
"How Visa operates", in Forbes, February 25, 2008
Hugh Son ,MasterCard Said to Lose Users After JPMorgan Shift , May 2009
Masters in eCommerce 2009 – Dublin City University
•
•
•
•
Internationally
known, wellfounded company
Mastercard is
reported to hold
22% of the US
debit card market
share28
The second largest
plastic card
payments player
Obtained
international
markets
Appendixes
Table 1:
FACTOR
Competitor A
•
•
•
Weaknesses
•
•
29
Provides
fingerprint
authentication
only for catering
area
The system is
designed for
small locations
The system is
closed and
connects only
with a local
POS computer
Lack of
posibility of
payments in any
POS
Lack of
provision
whether the
software is
capable of
handling a large
number of
fingerprints
Competitor B
•
•
•
•
81
Competitor C
•
High interchnage rates
The need of carrying a
plastic card
Fraud and security
risks
High level of online
fraud
•
•
•
High interchnage
rates
The need of
carrying a plastic
card
Fraud and security
risks
High level of online
fraud
in the UK in 2004 the cost of plastic card fraud reached almost
£500 million29
Reliability
high
high
high
Stability
Founded in 1998,
exeprienced
And well-established
Stable, well-established with high
recognition on the market
Well-founded and recognized
on the market
Expertise
High level of expertise in
processing biometric
information and users
authentication
Extensive and deep knowledge
of managing financial
transactions
Extensive and deep
knowledge of managing
financial transactions
Company
Reputation
Good reputation, large
number of partners
High reputation, 2100 financial
instituions cooperated in 2008
with VISA
There are about 25000
financial institutions which
issues Mastercard cards
Location
Barcelona, Spain
Mexico
Portugal
San Francisco, the USA
New York, the USA
Advertising
website
TV, radio, print ads, online
advertising, sports sponsorships
TV, radio, print ads, online
advertising, sports
sponsorships
Plastic fraud loss on UK-issued cards 2004/2005. Cardwatch.org.uk. retrieved 7 July, 2006
Masters in eCommerce 2009 – Dublin City University
Appendixes
82
Appendix 2 Survey
FingerPal
Biometrics in Financial Transactions
Name of Institution
E-mail
Phone
Agent Name
Market Research Survey
Dublin
10/07/2009
This survey is to measure the interest of banks in biometric payments processing. To help us, please
complete this survey and return it to us at your convenience. We will appreciate your opinions and
thoughts regarding the above mentioned system.
Thank you!
Description:
Biometrics is a discipline that makes use of the unique features of every individual. These features are
either physical or behavioral and include fingerprint, iris, DNA, vein, retina, voice, walk, palm
geometry and typing patterns recognition. The biometric industry is growing rapidly and is currently
deployed in many areas of everyday life. This survey is to measure the acceptance of fingerprint
recognition in point-of-sale transactions. A fingerprint would be a new method of payment in addition
to plastic cards, cash and cheque. A customer would simply swipe their finger through a terminal,
enter a security code and money from their account would be transferred directly to the merchant.
ID
1
Question
What is your overall perception of the product
described above?
Selection
Poor
Average
Good
Masters in eCommerce 2009 – Dublin City University
Comments/Response
Appendixes
83
Excellent
2
What do you like most about this product?
3
What do you like least about the product?
4
How would you rate the quality of
this product?
Low
Average
High
5
How important are these features as being a
part of this product?
•
•
•
•
6
Not Important
Security
Accuracy
Speed of Performance
Convenience
Neutral
Important
Very Important
Security
__
Please rate the importance of each feature
from one to four.
Accuracy
__
Speed of
Performance __
Convenience __
7
Have you heard about the term biometrics before?
Familiar with the
concept
I heard
something about it
I hadn't heard
about it
8
Biometric information of individuals (fingerprints) is
kept in a highly secure database. Would you be
willing to provide your fingerprint image to be
maintained in such a database?
Very willing
Somewhat willing
Not willing at all
Masters in eCommerce 2009 – Dublin City University
Appendixes
9
Have you ever encountered biometric technology in
any of the following areas?
Door Access
Clock-in/clockout
Airports
Financial
transactions – cash
checking
None
10
Do you have a fingerprint scanner build in your laptop
(or external peripheral)?
Yes
No
11
Do you reckon that fingerprint biometrics would be
successful in financial transactions?
Yes
No
Yes, it sounds
specific enough to
work
12
Are you:
Male
Female
13
What is your age range?
10-19
20-29
30-39
40-49
over 50
14
In what country do you live?
Masters in eCommerce 2009 – Dublin City University
84
Appendixes
85
Appendix 3 Survey Results
1. What is your overall perception of the product described above?
Good
Average
Excellent
Poor
2. What do you like most about this product? Most common answers:
- “It is convenient”
- “I like its innovativeness”
- “It is practical, I don’t have to carry cash”
- “I can lose a plastic card but I can’t lose my finger”
3. What do you like least about the product? Most common answers:
- “may not be secure”
- “Someone may copy my fingerprint and use my money”
- “data protection issues”
- “it may not be accurate”
- “hackers can access biometric
biome
information”
-“I
“I don’t need another payment method”
-“It
“It is too dangerous to use a fingerprint in financial transactions”
4. How would you rate
te the quality of this product?
High
Poor
Good
0
10
20
30
40
Masters in eCommerce 2009 – Dublin City University
50
60
Appendixes
86
5. How important are these features as being a part of this product?
•
•
•
•
Security
Accuracy
Speed of Performance
Convenience
neutral
important
very important
not important
0
10
20
30
40
50
60
70
80
90
100
70
80
90
6. Please rate the importance of each feature from one to four?
speed of performance
convenience
security
accuracy
0
10
20
30
40
50
60
7. Have you heard about the term biometrics before?
Familiar with the concept 20%
I heard something about it 69%
I hadn't heard about it 10%
8. Biometric information of individuals (fingerprints) is kept in a highly secure database. Would
you be willing to provide your fingerprint image to be maintained in such a database?
Masters in eCommerce 2009 – Dublin City University
Appendixes
87
Not willing at all
Somewhat willing
Very willing
0
10
20
30
40
50
60
70
9. Have you ever encountered biometric technology in any of the following areas?
Access Control 27%
Clock-in/clock-out 44%
Airports 16%
Financial transactions – cash checking 3%
None 10%
10. Do you have a fingerprint scanner build in your laptop (or external peripheral)?
15% yes 85% no
11. Do you reckon that fingerprint biometrics would be successful in financial transactions?
yes, it sounds specific enough to work
no
yes
0
10
20
Masters in eCommerce 2009 – Dublin City University
30
40
50
60
70
Appendixes
Appendix 4 Legislation on Biometrical Information,European Directive
30:
• biometrical information must be collected for specified, explicit and legitimate purposes and not
further processed in a way incompatible with those purposes
• before processing any biometrical information the supervisory body has to be notified of the
purposes of the processing
• biometrics should be collected and processed fairly and lawfully; the processing of biometrical
data
• revealing racial or ethnic origin, political opinions, religious or philosophical beliefs,
trade-union membership and the processing of data concerning health of sex life
should be prohibited as a rule
• the collection and processing must be adequate, relevant and not excessive in relation to the
declared purposes (art. 6°1c);
• biometrical images have to be accurate and, where necessary, kept up to date or erased
• biometrical data may not be disclosed to third persons if this doesn't follow out of the declared
purpose (art.
• The biometrical data subject has a right to know about the processing and the use of the
processed biometrics 6°1b); b.
• (all biometrical data subjects are endowed with a right of access to the biometrical data and to
obtain rectification, erasure or blocking of data when the processing violates the provisions (e.g.
incomplete or inaccurate nature of the data). In some cases these rights are restricted to
safeguard national security, defence, public security, prevention and criminal investigation,
economic or financial interests of states, rights and freedoms of others (art. 13); art. 18); c.
• every biometrical data subject has a right not to be subject to a decision which is based solely on
automated processing of data intended to evaluate certain personal aspects relating to him,
such as his performance at work, credit-worthiness, reliability, conduct, etc (art. 15); (art.
8);
• there has to be a responsible controller to ensure data protection rights and duties.
30
Based on Paul de Hert “Biometrics: legal issues and implications”, Background paper for the Institute of
Prospective Technological, Studies, DG JRC – Sevilla, European Commission accessed at:
Masters in eCommerce 2009 – Dublin City University
88
Appendixes
Appendix 5 Potential Partners: Irish Merchant Banks (Acquirers)
AIB -Ireland, UK, Europe, US and Asia
Bank of Ireland -Ireland, UK and Europe
RaboDirect - online bank
Permanent tsb -Ireland and UK
Ulster Bank - Ireland
Anglo Irish Bank -Ireland, UK and Europe
ACCBank -Ireland and Rabobank Worldwide
National Irish Bank
IIB Bank -Ireland and KBC Worldwide
Bank of Scotland Ireland
Irish Nationwide -Ireland, UK
Masters in eCommerce 2009 – Dublin City University
89
Appendixes
Appendix 6 Historical Adoption Rates of Credit/Debit Cards
Debit Plastic card Transaction volume Growth 2000-2006
2000
Credit/Debit ard Groth in Purchases 1987 - 2008
Masters in eCommerce 2009 – Dublin City University
90
Appendixes
Appendix 7 Merchant’s Terminal
Biometric Accesss Corporation
Secure Touch Modular (STAm) with various applications such as
payrol check cashing, creidt/debit card transaction processing,
paharmacy controlled substance tracking, pharmacy physical access
control, time&attendance.
Web: www.biometricaccess.com
Email: [email protected]
Masters in eCommerce 2009 – Dublin City University
91
SPECIFICATIONS (From Company’s
Website)
Display: High contrast, backlit LCD with 128 x 64
graphics, 8 lines x 21 characters text and a soft
function key display line
Keypad: 20 keys, including 4 screen-addressable
function keys
External Ports: 1 10/100 Ethernet port, 2 USB 2.0
host ports, 1 USB 2.0 On the Go port (host or device
mode) and 3 RS232 serial ports
MagCard Reader: Tracks 1, 2, 3 standard, high
coercivity, bi-directional
External Slots: 2 SD Card Slots for memory and
peripheral expansion
Internal Slot: SD Card Slot for memory expansion
Processor: Blackfin DSP, 600 MOPS, 1200 MMACS
Memory: 32 Mbytes SDRAM, 8 Mbytes non-volatile
Flash
Security: DES, 3DES, DUKPT secure encryption
controller with intrusion detection
Power: AC: 100 - 240 V, 47 - 63 Hz / DC: 12 V, 2.1 A
(base terminal) or 12 V, 5 A (terminal with printer)
Environmental: 2° to 40° C (35° to 104° F) operating
temperature range / 10% to 85% relative humidity,
non-condensing
Physical: Dimensions: 8.8 in x 6.3 in x 1.9 in / 22.4 cm
x 16.0 cm x 4.8 cm / Weight: 1 lb 10 oz / 0.68 kg
Reliability: Keypad - 500,000 keystrokes / MagCard
Reader - 400,000 reads / MTBF - 100,000 hours (all
calculated)
Barcode Scanner
Document Scanner
Finger Imager Camera
Modem (alternative to Ethernet)
Reads standard 1D & 2D barcodes (RSS,
PDF417, microPDF, MaxiCode, Data Matrix, QR
Code, UCC, UPC/EAN, Postals, Aztec)
accommodation of 2¼ in. wide by 85 ft. long
Optical imager offering 700 DPI, 8-bit gray
Biometric ID verification and digital signature
for transaction authorization, electronic
payment and cashier logon
OCR scanner up to 600 DPI, 24-bit color for
MICR lines and text (scan field is 4 in. wide by
variable length)
Appendixes
Appendix 8 Individuals Contacted
Tesco - Communications Manager:
Seamus Banim,
Tel. 00 353 1 2152938,
email: [email protected]
Spar - Manager William Christie
Manager
Tel 01224 691589
SupreQuinn – ManagerLorcon O Hanlon
Tel. 01 4964270
email: [email protected]
SUPERVALU INC - Public Affairs Manager
Natalie Danaher,
tel. 952-828-4356
email: [email protected]
AIB - BBLS Executive Niamh O'Neill
Phone: +353 1 6670233
email: niamh.m.o'[email protected]
Ulster Bank - Head of Corporate Banking
Eddie Cullen,
Tel: + 353 1 608 4111.
email: eddie.cullen@ulsterenquiries
Masters in eCommerce 2009 – Dublin City University
93
References
References
List of references consulted apart from the ones already specified in the footnotes. These
references were consulted mainly to achieve background required to develop the project,
either for technology development or market research.
[1] De Hert Paul, Biometrics: legal issues and implications, Background paper for the
Institute of Prospective Technological, Studies, DG JRC – Sevilla, European Commission
Available at:
http://cybersecurity.jrc.ec.europa.eu/docs/LIBE%20Biometrics%20March%2005/LegalI
mplications_Paul_de_Hert.
[2] The Biometrics Advantage, Bioscrypt Inc. Nov 2007. Available at:
http://www.browderelectronics.com/biometric_advantage_wp.pdfECB Payment
Statistics, November 2008, Number of card transactions in Ireland. Availavble at:
http://sdw.ecb.europa.eu/reports.do?node=1000001156
[3] Biometrics Review: 2008/2009 Biometric Technology Today January 2009 Biometrics–
Ending the Identity Crisis, Retailspeak Magazine, October 13, 2004, available at:
http://www.microsoft.com/industry/retail/businessvalue/rsbiometricsarticle.mspx
[4] Accesses via DCU Library, Science Direct database ECB Payment Statistics November
2008, Value of card transactions in Ireland. Available at:
http://sdw.ecb.europa.eu/reports.do?node=1000001157pdf
[5] Enterprise Ireland supports for High Potential Start-Ups – LIT. Available at:
www.lit.ie/EAC/EnterpriseIreland.pps
[6] Financial success for biometrics? Biometric Technology Today, April 2005. Accesses via
DCU Library, Science Direct database.
[7] Frost and Sullivan Report (Preview), Development of a Bi-Modal Biometrics Business
Solutions for Physical Access Control, March 2007. Available at:
http://www.itrportal.com/absolutenm/templates/articlebiometrics.aspx?articleid=5608&zoneid=50
[8] Frost & Sullivan: Advances in Biometrics Remedy the Need for Increased Security
(Preview). NewsWire. LONDON, March 19 2009. Available at:
http://news.prnewswire.com/DisplayReleaseContent.aspx?ACCT=ind_focus.story&STO
RY=/www/story/03-19-2009/0004991263
[9] Frost & Sullivan, Strong Growth for Biometrics in Financial Institutions Expected
Globally, May-30-08. Press release: Findbiometrics, Global identity management.
Available at: http://www.findbiometrics.com/interviews/i/6455/
[10] Frost and Sullivan, Development of a Bi-Modal Biometrics Business Solutions for
Physical Access Control, March 2007. Availabe at:
http://www.simpletechnology.com/newslettertemplate/SimplySecureaug/bioscrypt_b
i-modal_biometrics_whitepaper.pdf
Masters in eCommerce 2009 – Dublin City University
94
References
[11] Global Biometric Industry to Witness Remarkable Growth, PRLog Free Press Release
Nov 02, 2007. Available at: http://www.prlog.org/10036466-global-biometric-industryto-witness-remarkable-growth.html
[12] Global Biometric Forecast to 2012, September 2008. Available at:
http://www.bharatbook.com/Market-Research-Reports/Global-Biometric-Forecast-to2012.html
[12] How Visa operates, Forbes, February 25, 2008 Available at:
http://www.forbes.com/feeds/afx/2008/02/25/afx4694434.html
[13] Jung Marcia Y. Biometric Market and Industry Overview International Biometric
Group. 8.12.2005. Available at:
http://www.wcoomd.org/files/2.%20Event%20files/PDFs/Biometrics/17-Jung.pdf
[14] Mayer M., Bridgeman N., Muller L., A Case study on digiPROOF, a Fingerprint Based
Payment System. NACCQ Conference 2006. Available at:
bitweb.tekotago.ac.nz/staticdata/papers06/.../197.pdf
[15] Most M., The Current Biometrics Marketplace. Acuity Market Intelligence, Digital
Money Forum, March 31, 2009, London. Available at:
www.digitalmoneyforum.com/.../Maxine_Most.pdf
[16] Patrick S. Andrew, Fingerprint Concerns: Performance, Usability, and Acceptance of
Fingerprint Biometric Systems, National Research Council of Canada, July 2, 2008.
Available at: http://www.andrewpatrick.ca/essays/fingerprint-concerns-performanceusability-and-acceptance-of-fingerprint-biometric-systems
[17] Plastic fraud loss on UK-issued cards 2004/2005. Cardwatch.org.uk. Retrieved 7 July,
2006.
[18] Prinsloo R. , Biometric systems firm experiences surge in business despite economic
slowdown. MiningWeekly May, 2009. Available at:
http://www.miningweekly.com/article/company-experiencing-growth-despite-globaleconomic-downturn[19] Retail in Ireland, in Global Oneness, August 10, 2006. Available at:
http://www.experiencefestival.com/stillorgan
[20] SearchSecurity.com 08/22/2006, available at:
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1211831,00.html
[21] Son Hugh, MasterCard Said to Lose Users After JPMorgan Shift , May 2009
http://www.bloomberg.com/apps/news?pid=20601087&sid=aOb_UtZIhyMc
[22] Wagley John, Vein Recognition Use Grows, January 2008. Available at:
http://www.securitymanagement.com/article/vein-recognition-use-grows
Masters in eCommerce 2009 – Dublin City University
95
References
List of websites also consulted:
[23] Visa Inc. Available at: www.visa.com
[24] Master Card Inc. Available at: www.mastercard.com
[25] Interchange fees. Available at: www.interchangefees.com
[26] Biometric Org. Available at: www.biometric.org
[27] Biometric Access. Available at: www.biometricaccess.com
[28] Enterprise Ireland. Available at: www.enterprise-ireland.com
Masters in eCommerce 2009 – Dublin City University
96