We need to define a method of payment between buyers and sellers in an economic domain. By separating these two economic functions, we can provide for total security in the flow of digital money.

This paper presents a dual control system for digital money based on smart cards for consumers and merchants, each with its own unique characteristics.

Consumer Card:

A consumer card allows its owner to purchase goods and services on the free market with privacy and security. It is a smart card in the form of a personal calculator the size of a credit card, powered by a solar cell.

Such credit card calculators have been used in the past. A smart card version should cost of less than $10. - in today's y2k funds. Below is an example of a credit card calculator once used as a give-away promotional vehicle.

To perform a transaction, the consumer will pre-activate the card by keying in his/her PIN number directly on the card keypad, and then pressing the <pin> key. The card then activates by displaying a flashing green LED. It can then be used to perform a purchase. Pre-enabling the card for 60 seconds will allow the consumer faster access to vending machines, tollbooths, pay phones and assorted checkout devices. A card can be interfaced directly by copper contacts to the POS device, or via an RF holder, where it can be used wireless.

The receiving POS device decodes the card, using the secret encryption algorithm that is in use for the domain. The algorithm itself is stored on the receiving merchant card, varies often for security purposes, and is written in Java. The transaction takes place off line; no phone or other connection to a network is required to perform it.

The cardholder may inquire the card itself for the remaining balance, by enabling the card with the PIN number, and pressing the <balance> key. The card itself may be used as a simple cash calculator, with the usual arithmetic keys.

If the consumer is forced to enter his/her PIN number under threat, he/she may elect to key in the security PIN code, i.e., the PIN code in reverse order, which will activate the card in the normal fashion, indicated by a flashing green LED. However, a fraud indicator will be set on the card that will flag the transaction as fraudulent to the receiving station. In such a case, the card may be confiscated or a photo of the cardholder taken for later prosecution. If the security mode is done discretely, the entire system will be protected from theft because the system will not be obvious in it’s reaction, but will covertly register the transaction as a card theft.

The consumer cards are pre-loaded with funds from their owner's bank accounts, directly on his/her PC, at ATMs, or at the domain bank's teller windows. It simply involves the allocation of reserve debit funds from his/her account directly onto the consumer card. To perform this transaction, the PIN number must be entered and the card pre-activated by the consumer. The PIN number, along with the data itself, are then used in an encryption algorithm, providing for total personal funds security. The PIN number is the private key on the PKI RSA encryption pair.

The personal funds may be pre-loaded from credit card accounts, savings accounts, money market accounts or any other account that is defined to the domain. A personal funds limit may be imposed at the discretion of the domain, such as $500. - per consumer card per day.

The funds are held in reserve by the domain banking institution that holds them, until they are cross-posted to the merchant account by a counter transaction from a consumer. In other words, all merchant transactions are matched to consumer's reserve funds, and a cross account ACH funds transfer is made in the domains of both at posting time.

A transaction is not posted to the merchant's account until it has been matched with reserve funds held from the consumer's account, and all security and error checks have been performed by the domain financial system. In this way, an additional level of security is reached, in that the funds on the consumer's card are authenticated against his account register. This method will prevent fraudulent consumer cards from being created by hackers.

Consumer reserve funds may not be used for any other purpose. If a consumer wishes to reverse the funds allocation, he must contact the domain bank and request a reversal, which must be done on-line or directly at the teller window. Reversals are treated exactly as a purchase, using the domain bank's own reversal cards to perform the transaction. Reversals are posted at the proof run at night, and only become available at the opening of the next banking day.

If a transaction can not be matched to available hold funds from the consumer card account, a serious funds forgery has been attempted. It is then incumbent on the domain system to notify the authorities of this situation, and to send an update notice to the domain's black list website. The black list website can be downloaded onto POS devices on a daily basis. Personal funds forgery should be considered a felony, and possession of a blacklisted card would be sufficient proof of such a crime.

Merchant card:

A Merchant card is simply a repository for the sales done by the Merchant during the day. It has a monetary value only until it is processed by the central domain system.

It is a blank credit card size smart card with information identifying the issuing domain. It has no keypad or LED display, and uses no external PIN number.

Merchant cards may not be used to perform transactions, since they are not physically able to do so. They have only an internal Merchant Id Number (MIN) encoded by the issuing domain system. The cards may hold hundreds or perhaps thousands of Consumer transactions, in the form of a transaction register or log. The MIN number is used as a private key in the PKI RSA encryption to protect the card’s data.

Each transaction on a merchant card will contain the consumer's encoded account number, which can only be obtained from a consumer card with an activated PIN. The transaction time stamp, POS identification, and monetary value would be some of the obvious items stored on the merchant card transaction log. Other marketing or demographic information may prove useful to the domain system.

Merchant cards are normally attached to POS cash registers and other such equipment. A standard RS-232 interfaces to the merchant card recorder would be sufficient to encode the information.

At day’s end, all POS Merchant cards are removed from the registers and they are either physically sent to the domain bank, or their contents are transmitted to the domain financial system electronically, using standard SSL TCP/IP protocols.

Merchant cards can also be used in the back end of Internet e-commerce sites, where the account information is obtained from a transaction pad at the consumers own PC, and transmitted via SSL TCP/IP to the website.

As the system develops consumer acceptance, hand held POS systems and a large variety of vending machine systems would surely develop. Low cost hand held devices that can interface between a consumer and a seller will emerge. Such devices would be used in taxicabs, to tips for services, and so on.

When the information on the merchant cards reaches the domain system, the funds are transferred from each of the consumer's accounts recorded on the card's log to the merchant's own account.

It is at this nightly posting run that the funds are actually allocated. A final audit of the transaction is done, to determine the authenticity of the encoded PIN/account number combination, and to validate the availability of reserve funds in the consumer's domain account. The funds are then credited to the merchant's account, and debited to the consumer's account in the time-honored way.

All such transfers are recorded both in the consumer's account statement, with all of the pertinent information recorded at the time of purchase, and also in the merchant's account statement. A complete personal record of all transactions is then available to both consumers and merchants.

Summary

The reason the world is what it is today is because cash in the form of bills is in circulation. If we ever want to finally break the root of most crime and corruption that are the result of the cash economy, we must be bold enough to convert our currencies to totally digital means of payment. PIN protected cards are not stolen. Corruption requires a cash loophole.

This smart card cash transfer method is probably the simplest and most effective way to achieve this in the short term. We may all disagree on the methods to be used, but the need to do something is obvious. Not to do anything about the bills in circulation is to resign ourselves to the crime and corruption that they breed.

If we agree to go along this road, we will see that the future does indeed hold a lot of promise for every human being, not only for those fortunate enough to have been well born in rich nations.

This system is a corner stone of a future domain, the domain of Zion. May guide our paths in this direction, if it His Holy Will!

Atlanta,
March 21, 2000