The following pages are taken from a document entitled
What's so smart about smart cards which was produced by The Smart Card Forum (now part of
The Smart Card Alliance) and Gemalto.
"We hope that you find this short overview on the smart card world educational and informative. Since the Smart Card Forum was founded in 1993, the application of smart card systems within North America has expanded and now, at the verge of the new millennium, we see exciting possibilities for these systems. The Internet has created enormous opportunities while it has also created privacy and security challenges. We see smart card systems enabling privacy and security in this virtual world and as a linchpin in creating increased high-assurance business to business commerce. We expect you will find this brochure informative and hope you will take advantage of the varied Smart Card Forum educational programs, workgroups, conferences, and research materials in enabling privacy and security in your businesses."
What is a smart card?
The smart card is one of the latest additions to the world of information technology. Similar in size to today's plastic payment card, the smart card has a microprocessor or memory chip embedded in it that, when coupled with a reader, has the processing power to serve many different applications. As an access-control device, smart cards make personal and business data available only to the appropriate users. Another application provides users with the ability to make a purchase or exchange value. Smart cards provide data portability, security and convenience.
Memory vs microprocessor
Smart cards come in two varieties: memory and microprocessor. Memory cards simply store data and can be viewed as a small floppy disk with optional security. A microprocessor card, on the other hand, can add, delete and manipulate information in its memory on the card. Similar to a miniature computer, a microprocessor card has an input/output port operating system and hard disk with built-in security features.
Contact vs contactless
Smart cards have two different types of interfaces: contact and contactless. Contact smart cards are inserted into a smart card reader, making physical contact with the reader. However, contactless smart cards have an antenna embedded inside the card that enables communication with the reader without physical contact. A combi card combines the two features with a very high level of security.
How are smart cards used?
Smart cards help businesses evolve and expand their products and services in a changing global marketplace. The scope of uses for a smart card has expanded each year to include applications in a variety of markets and disciplines. In recent years, the information age has introduced an array of security and privacy issues that have called for advanced smart card security applications.
Businesses, the government and healthcare organizations continue to move towards storing and releasing information via networks, Intranets, extranets and the Internet. These organizations are turning to smart cards to make this information readily available to those who need it, while at the same time protecting the privacy of individuals and keeping their informational assets safe from hacking and other unwanted intrusions. In this capacity, smart cards enable:
- Secure logon and authentication of users to PCs and networks
- Secure B2B and B2C e-commerce
- Storage of digital certificates, credentials and passwords
- Encryption of sensitive data
People using the Global System for Mobile communications (GSM) standard for mobile phones use smart card technology. The smart card is inserted or integrated into the mobile handset. The card stores personal subscriber information and preferences that can be PIN code protected and transported from phone to phone. The smart cards enable:
- Secure subscriber authentication
- Roaming across networks
- Secure mobile value added services
Wireless providers benefit from reduced fraud thanks to the security offered by smart cards. With the advent of mobile services such as mobile commerce, web browsing, and information services, wireless providers rely on smart cards to act as the security mechanism to protect those services. As a result, smart cards are beginning to move beyond GSM to secure mobile services for other wireless standards as well.
Smart cards also provide benefits for a host of commercial applications in both B2B and B2C environments. The smart card's portability and ability to be updated make it a technology well suited for connecting the virtual and physical worlds, as well as multi-partner card programs. The cards store information, money, and/or applications that can be used for:
- Loyalty and promotions
- Access control
- Stored value
- Parking and toll collection
Multiple applications can be stored on the card, enabling partnering on card programs and providing added convenience to the card reader.
Why are other countries ahead of the U.S. in applying smart card technology?
Card issuers in different countries are building their business case to justify the issuance of smart cards for different reasons. Here in the U.S., American Express launched the first wide-scale rollout of smart cards in 1999 with Blue from American Express, a credit card with a smart chip that offers extra security when shopping online. New markets, or markets that are evolving for other reasons, will further help make smart cards widespread in North America. Two examples are the network computing and cellular telephone industries that use smart cards to authenticate users in new systems that demand the utmost in security.
Why are interoperability and enforced standards crucial to widespread adoption of smart cards?
Even though there are hundreds of smart card pilots in existence around the world, users may not take a card from one country or scheme and use it in another. An industry-wide trend toward interoperability and open platforms is now emerging, enabling the development of cards and applications that will work together in open environments. To do this, the industry must examine the business and technical issues surrounding the need for standardized interfaces between cards, terminals and slots, which is the key to securing dramatic growth for the industry. The International Organization for Standardization (ISO) has developed standards for smart cards. These standards were developed for use by multiple industries. Individual industries are now developing proprietary versions of these ISO standards to support their own specific smart card applications. There are numerous standards developed by members of the Forum, and others, to support and promote smart card standards.
What are the major benefits that smart cards offer consumers?
Smart cards contain unique features that bring many benefits to both consumers and issuing organizations:
- chip is tamper-resistant.
information stored on the card can be PIN code and/or read-write protected
- capable of performing encryption
- each smart card has its own, unique serial number .
- capable of processing, not just storing information.
Smart cards can communicate with computing devices through a smart card reader
- information and applications on a card can be updated without having to issue new cards
- chip is tamper-resistant.
Smart cards provide a portable, easy to use form factor that many are familiar with using
What is a multiple application card?
A multiple application card is a smart card that can support different types of applications on the card itself thereby reducing the number of cards in the wallet. For example, the chip on Blue from American Express currently offers two applications: extra security when shopping online using a PC smart card reader and online wallet, and a ticketing application that verifies a Cardmember's ticket order. Blue uses a multiple application operating system and American Express plans to add other applications to the card's smart chip.
Added value with multiple applications
Meanwhile, Visa's multiple application card strategy is based on providing applications that add value to Visa's core credit and debit payment products. A key component to Visa's multi-application offering is the flexible Open Platform technology. In addition to providing added application security through the use of 'firewalls' on the chip, the Open Platform allows for downloading new applications to the chip, without having to reissue the card.
Another multi-application program was conducted at Florida State University where 40,000 smart cards were deployed, which featured students' personal identification, dormitory security, banking, and a wide range of stored value functions for the purpose of food, payphone, photocopying, transportation and vending services.
How is a smart card different from the magnetic stripe card that I carry in my wallet?
A smart card carries more information than can be accommodated on a magnetic stripe card. It can make a decision, as it has relatively powerful processing capabilities that allow it to do more than a magnetic stripe card (e.g., data encryption).
What is the cost of an average smart card?
Trying to respond to this question is like asking the cost of a car without defining whether it is a used VW or a new Rolls Royce. The price of a smart card depends upon its capacity.
Why is reloadability important to the development of the smart card vis-a-vis disposable cards?
There are markets for both disposable and reloadable cards. Disposable cards work well for an event and as a collectible card. If the card is a multiple application card supporting, for example, debit and/or credit and stored value, the customer would not want to throw this type of card away. It would be more appropriate if the stored value application is reloadable.
A standalone reloadable card (as opposed to a standalone disposable card) is very attractive to some customers. This customer would tend to be someone who uses their stored value on a frequent basis perhaps for public transportation, corporate cafeteria etc. and wants to be able to reload the card on a periodic basis rather than have to buy a new card each time.
How secure and confidential are smart cards?
Smart cards actually offer more security and confidentiality than other financial information or transaction storage vehicles, making it a perfect solution for e-commerce transactions. A smart card is a safe place to store valuable information such as private keys, account numbers, passwords, or personal information. It's also a secure place to perform processes that one doesn't want exposed to the world, for example, performing a public key or private key encryption. Smart cards have computational or processing power to provide greater security, allowing verification of the cardholder. Entering a PIN is one method of verification, biometrics is another. The benefit of the smart card is that you can verify the PIN or fingerprint securely, off-line.
The Smart Card Alliance
The Smart Card Forum represents a very diverse group of industries and government groups, many of whom have seemingly competitive interests. Is it possible that such a diverse group can work together productively?
Today, even competing entities agree that where new technologies are concerned, industry-wide efforts are required to build workable infrastructures and to develop compatible, interoperable, multi-use systems. This cannot be accomplished, on any meaningful scale, by individual players acting in their own interests. To date, the Forum has been highly successful in fostering communications across industries and the public sector and in encouraging various trials that demonstrate the viability of smart card-based payment and information systems. Moreover, membership in the Forum now exceeds one hundred and sixty organizations – a strong reflection of the value industry and government entities feel the Form provides.