Smart card basics – A short guide (2018)


Smart card

Want to know more about smart card?

Then you're in the right place.

In this dossier, inspired from a document entitled "What's so smart about smart cards" from The Smart Card Alliance and Gemalto, you'll discover key facts about smart cards.

  • What is a smart card?
  • Smart card markets, size and value
  •  A short history of smart cards
  • What are the features and benefits of smart cards?
  • Smart card use cases
  • Key role of standards
  • What is a multiple application card?
  • What is the cost of a smart card?

Let's dive right in.

What is a smart card?

Smart cards – in the form of credit cards and SIM cards - are the most common form of IT processing power on the planet. Similar in size to today's plastic payment card, the smart card has a microprocessor or memory chip embedded in it that, when coupled with a smart card reader, has the processing power to serve many different applications.

In the last three decades these tools, more than any other technology, have quietly taken us all into a virtual world.

Smart credit cards mediate daily transactions worth trillions of dollars while SIM cards facilitate billions of conversations which bind together our social and economic worlds.

As an access-control device, smart cards make personal and business data available only to the appropriate users.

As a national eID card, residence permit or electronic passport, smart card technology offers stronger identification and authentication tools for the benefits of both authorities and citizens.

10 billion smart cards to be shipped in 2018

According to Eurosmart, smart card markets will exceed 10 billion units in 2018. The overall growth trend is close to 3% for 2018.

  1. Telecom (SIM cards) accounts for 55% of the total market,
  2. Payment and banking cards for 31%
  3. Government (eIDs and e-passports) and healthcare for 5%
  4. Device manufacturers for 4%: mobile phones, tablets, navigation devices and other connected devices including an embedded secure element without SIM application,
  5. Others for 5%: cards issued by operators, for transport, toll or car park services; cards for pay-TV; physical and logical access cards.

According to Markets and Markets recent research report, the smart card market value is expected to reach $21.57 billion by 2023. Currently, smart cards and card readers account for more than 75% of the market. The related market for software comprises management system software and databases. Consulting, support, and maintenance services are also key.

Asia Pacific is expected to take the largest share of the market as reported by the same study.

Prominent players in these markets are Gemalto, Giesecke & Devrient and IDEMIA (formerly Oberthur Technologies and Morpho) to name a few.

Smart card: a (very) short history

By 1977, three commercial manufacturers Bull CP8, SGS Thomson and Schlumberger started developing smart card products. In March 1979, Michel Hugon from Bull CP8 was the first to design and develop a micro-processor-based card combining a processor and local memory.

  • 1979: first developments for the banking sector
  • 1995: first SIM cards
  • 1999: first national eID card (Finland)
  • 1999: first smart cards for transport
  • 2001: The Department of Defense first issued Military CAC credentials for physical access control and secure logical authentication
  • 2005: first ICAO-compliant electronic passport (Norway)

Smart card technology

About smart cards and Green IT technologies

Smart card technology is an exemplary Green IT tool. It is a very familiar portable object with a rather long life-cycle (3 to 10 years) and an extreme low carbon footprint (equivalent to just 1 km by car per card manufactured).

In addition, it has a low electric consumption (only seconds and when in use) and can be available en masse at a very reasonable cost per unit.

Smart card sizes and major standards

The ISO/IEC 7810 ID-1 standard defines in particular the usual size of a "credit card" for ID cards. It is used for driver licenses in many countries. Payment cards commonly use the ISO/IEC 7810 ID-1 format as well. The ID-1 size is 85.60 × 53.98 mm ( 3 3⁄8 in × 2 1⁄8 in) and rounded corners with a radius of 2.88–3.48 mm.

ISO/IEC 7816 is an international standard related to electronic identification cards with contacts, especially smart cards, managed jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

ISO/IEC 14443 defines the standard for contactless cards.

What are the features of a smart card?

Smart cards provide ways to securely identify and authenticate the holder and third parties who want to gain access to the card. A PIN code or biometric data can be used for authentication.

They also provide a way to securely store data on the card and protect communications with encryption.

Smart cards provide a portable, easy to use form factor.

What are the benefits of a smart card?

Smart cards contain unique features that bring many benefits to both consumers and issuing organizations.

Smart cards provide data portability, security and convenience.

As they include a tamper-resistant microprocessor, they have interesting processing power to protect the information, encrypt and execute instructions from specific programs. Here's where smart cards have a huge advantage over mag-stripe cards.

Smart cards actually offer more security and confidentiality than other financial information or transaction storage vehicles, making it a perfect solution for e-commerce transactions.

A smart card is a safe place to store valuable information such as private keys, account numbers, passwords, or personal information.

It's also a secure place to perform processes that one doesn't want exposed to the world, for example, performing a public key or private key encryption.

Smart cards have computational or processing power to provide greater security, allowing verification of the cardholder. Entering a PIN is one method of verification, biometrics is another.

The benefit of the smart card is that you can verify the PIN or fingerprint securely, off-line.

Smart card technology

Memory vs microprocessor

Smart cards come in two varieties: memory and microprocessor.

Memory cards simply store data and can be viewed as a small USB memory stick with optional security. A microprocessor card, on the other hand, can add, delete and manipulate information in its memory on the card.

Similar to a miniature computer, a microprocessor card has an input/output port operating system and hard disk with built-in security features.

Contact vs contactless

Smart cards have two different types of interfaces: contact and contactless. Contact smart cards are inserted into a smart card reader, making physical contact with the reader.

However, contactless smart cards have an antenna embedded inside the card that enables communication with the reader without physical contact. The standard for contactless smart card communications is ISO/IEC 14443 and allows for communications up to 10 cm (3.9 in).

A combi card combines the two features with a very high level of security.

How are smart cards used?

Smart cards help businesses evolve and expand their products and services in a changing global marketplace. The scope of uses for a smart card has expanded each year to include applications in a variety of markets and disciplines.

In recent years, the information age has introduced an array of security and privacy issues that have called for advanced smart card security applications.

Information Technology

Businesses, the government and healthcare organizations continue to move towards storing and releasing information via networks, Intranets, extranets and the Internet. These organizations are turning to smart cards to make this information readily available to those who need it, while at the same time protecting the privacy of individuals and keeping their informational assets safe from hacking and other unwanted intrusions.

In this area, smart cards enable:

  • Secure logon and authentication of users to PCs and networks
  • Secure B2B and B2C e-commerce
  • Storage of digital certificates, credentials and passwords
  • Encryption of sensitive data.

Mobile Telecommunications

Subscribers using the Global System for Mobile communications (GSM) standard for mobile phones use smart card technology. The smart card is inserted or integrated into the mobile handset. The card stores personal subscriber information and preferences that can be PIN code protected and transported from phone to phone. The SIM cards enable:
  • Secure subscriber authentication
  • Roaming across networks
  • Secure mobile value added services

    Wireless providers benefit from reduced fraud thanks to the security offered by smart cards. With the advent of mobile services such as mobile commerce, web browsing, and information services, wireless providers rely on smart cards to act as the security mechanism to protect those services.

Commercial Applications

Smart cards also provide benefits for a host of commercial applications in both B2B and B2C environments. The smart card's portability and ability to be updated make it a technology well suited for connecting the virtual and physical worlds, as well as multi-partner card programs.

The cards store information, money, and/or applications that can be used for:
  • Banking/payment
  • Loyalty and promotions
  • Access control
  • Identification
  • Ticketing
  • Parking and toll collection

The EMV standard had a powerful impact on smart payments woldwide. No matter which payment method is used, EMV affords the added security of credit cards remaining in the possession of the cardholder throughout the entire transaction. With EMV, the computer chip inside the bankcard is an active part of the transaction; unlike the magstripe, which is passive.

All major U.S. payment brands have announced roadmaps for the move from magnetic stripe cards to the global standard for payments, chip-based EMV credit cards.

Multiple applications can be stored on the card, enabling partnering on card programs and providing added convenience to the card reader.

Smart card for health

Electronic IDs and health cards

An electronic ID (e-ID) card fulfills various roles: it acts as a traditional means of identification, as a travel document, and finally, as a passkey to citizen's personal data.

Many international regulations and standards have been established on e-ID, most of which are applied by States.

The public has become accustomed to smart cards through their use in the banking system, and as a result their reliability is no longer questioned. National ID cards are now also being used as a means of accessing an array of services that were previously difficult to synchronize.

The e-ID card can be used for identification, but also for authentication and electronic signature. Thus, this system enables several previously complex information paths to be simplified.

It can be used as:

  • A representation of sovereign authority, certifying that the holder is in a legitimate legal position with respect to his or her national jurisdiction.
  • A means for citizens to access services and exercise their rights and duties with respect to the public authorities.
  • A genuine seal of authenticity that the citizen can use to authenticate his or her actions regardless of the exchange formats and media used, since the data used to ensure security and trust also guarantee the legal validity of any transactions certified in this way.
Smart health care cards also act as a major components of an IT system by identifying the holder and his/her affiliation to an organization, and by verifying his/her rights. Unlike paper documents, which can easily be forged, they are tamper-proof devices difficult to forge or unlawfully manipulate.

Electronic passports

Migration to electronic passport has been in progress since 2005. Over 1 billion e-passports are now in circulation and more than 150 states have started issuing this new type of travel document at mid 2018.

The electronic passport integrates smart card technology with a microprocessor which stores a digital version of the ID photo as well as all of the ID data found on the first page of the paper passport.

Electronic passport

Is my passport an electronic passport? Yes, the symbol printed at the bottom of the front page indicates that the US passport contains an microprocessor.  They were first issued in 2006

The ICAO (International Civil Agency Organization) 9303 standards have been key for the international deployment of biometric identification and electronic storage of data in so-called machine readable travel documents (MRTDs).

Why are other countries ahead of the U.S. in applying smart card technology?

Card issuers in different countries are building their business case to justify the issuance of smart cards for different reasons. In the U.S., American Express launched the first wide-scale rollout of smart cards in 1999 with Blue from American Express, a credit card with a smart chip that offers extra security when shopping online. 

New markets, or markets that are evolving for other reasons, will further help make smart cards widespread in North America. 

Two examples are the network computing and cellular telephone industries that use smart cards to authenticate users in new systems that demand the utmost in security.

Why are interoperability and standards crucial to widespread adoption of smart cards?

Even though there are hundreds of smart card pilots in existence around the world, users may not take a card from one country or scheme and use it in another.

An industry-wide trend toward interoperability and open platforms is now emerging, enabling the development of cards and applications that will work together in open environments.

To do this, the industry must examine the business and technical issues surrounding the need for standardized interfaces between cards, terminals and slots, which is the key to securing dramatic growth for the industry.

The International Organization for Standardization (ISO) has developed standards for smart cards. These standards were developed for use by multiple industries.

Individual industries are now developing proprietary versions of these ISO standards to support their own specific smart card applications. There are numerous standards developed by members of the Forum, and others, to support and promote smart card standards.

What is a multiple application card?

A multiple application card is a smart card that can support different types of applications on the card itself thereby reducing the number of cards in the wallet. For example, the chip on Blue from American Express currently offers two applications: extra security when shopping online using a PC smart card reader and online wallet, and a ticketing application that verifies a Cardmember's ticket order. Blue uses a multiple application operating system and American Express plans to add other applications to the card's smart chip.

Added value with multiple applications

Meanwhile, Visa's multiple application card strategy is based on providing applications that add value to Visa's core credit and debit payment products. A key component to Visa's multi-application offering is the flexible Open Platform technology. In addition to providing added application security through the use of 'firewalls' on the chip, the Open Platform allows for downloading new applications to the chip, without having to reissue the card.

Another multi-application program was conducted at Florida State University where 40,000 smart cards were deployed, which featured students' personal identification, dormitory security, banking, and a wide range of stored value functions for the purpose of food, payphone, photocopying, transportation and vending services.

What is the cost of an average smart card?

Trying to respond to this question is like asking the cost of a car without defining whether it is a used VW or a new Rolls Royce. The price of a smart card depends upon its capacity.

Why is reloadability important to the development of the smart card vis-a-vis disposable cards?

There are markets for both disposable and reloadable cards.

Disposable cards work well for an event and as a collectible card.

If the card is a multiple application card supporting, for example, debit and/or credit and stored value, the customer would not want to throw this type of card away. It would be more appropriate if the stored value application is reloadable. This process is sometimes called "post-issuance".

The Smart Card Alliance

The Smart Card Forum represents a very diverse group of industries and government groups, many of whom have seemingly competitive interests. Is it possible that such a diverse group can work together productively?

Today, even competing entities agree that where new technologies are concerned, industry-wide efforts are required to build workable infrastructures and to develop compatible, interoperable, multi-use systems. This cannot be accomplished, on any meaningful scale, by individual players acting in their own interests. To date, the Forum has been highly successful in fostering communications across industries and the public sector and in encouraging various trials that demonstrate the viability of smart card-based payment and information systems.

Now it's your turn

What do you think?

If you've something to say on smart cards, a question to ask, or have simply found this article useful, please leave a comment in the box below. We'd also welcome any suggestions on how it could be improved, or proposals for future articles.

We look forward to hearing from you.