The smart card industry has been able to develop on a massive scale over a period of 20 years thanks to standards. In 2012, 7 billion devices using this technology were sold worldwide. Gemalto, the global leader in this industry, has contributed considerably to this effort.
GSM standards, which originated in Europe, have enabled the implementation of an effective mobile infrastructure. Part of the success of GSM technology stemmed from the separation between the connected device, the telephone, and the component which manages identity and security, the SIM card.
In the banking sector, the implementation of EMV (Europay, Mastercard, Visa) standards, based on smart card technology integrating anti-fraud features such as the obligatory entry of a confidential code, enabled the massive reduction of fraud, which was 20 times higher in the 1970s. The adoption of the EMV standard has just been confirmed in China and the USA.
In the field of digital identity, the recommendations of the ICAO (International Civil Aviation Organization), implemented following the September 11 attacks, have led to the use of secure microchips in passports by over 100 countries as of mid-2013. Governments quickly noted how simple electronic passports were to deploy, leading a number of countries to adopt other electronic documents – driving licenses and identity cards with microchips, polling cards, healthcare documents, etc. – in order to reduce costs and levels of fraud.
The internet was developed in the USA without standardization frameworks in the historic sense (ISO, CEN, etc.), but through the creation of industrial forums such as the W3C (World Wide Web Consortium).
At present, initiatives to make the web and online transactions more secure, and in particular strong authentication and digital signatures, are not yet standardized. Gemalto proposes that these initiatives be brought together, thus contributing to the development of an open and inter-operable general European signature and authentication standard.
The creation of an EU-wide eIDAS standard to protect transactions over the internet is essential for the implementation of interoperability within the digital single market. Europe has an important role to play and has three assets: its industrial leaders are leading lights in the field of innovation around the world; several European countries have already deployed similar e-Service models (Sweden, Belgium, Portugal, Germany, etc.); and the very size of the Union allows for the emergence of de-facto standards.
Furthermore, security levels must be the same throughout the
EU and benefit from the best practices of the most advanced
Member States in this key area of Cyber Security.
Although all references to the relevant standards (CEN and ETSI) could be integrated into the body of the eIDAS Regulation, or in its Appendix II, the best way to achieve this and ensure true standardization would be to go through the new ‘comitology’, by associating relevant stakeholders to the adoption of delegated and – preferably implementing acts. Gemalto has the know-how (R&D resources, experts), which is unique in Europe, needed to move these efforts to make the internet more secure forwards, and enable Europe to take up a position as global leader on the matter.